Stefan Eissing
Stefan Eissing
After updating to current boulder, my ocsp stapling tests fail. Reason being that the openssl client fails with `Verification error: unable to get local issuer certificate`. I am giving the...
- based on wolfSSL (commit fa979230050dde47f6ac084c6f3b232a5e729eb5) - based on ngtcp2 PR https://github.com/ngtcp2/ngtcp2/pull/505 - configure adapted to build against ngtcp2 wolfssl crypto lib - quic code added for creation of WOLFSSL*...
- adding support for HTTP/3 test cases via a nghttpx server that is build with ngtcp2 and nghttp3. - test2500 is the first test case, performing a simple GET. -...
# Description In test with ngtcp2 example client using openssl, session resumption against a QUIC wolfssl server failed. The error was tracked down to wolfSSL believing EaryData needs to be...
I added a test in ```mod_md``` for domain names longer than 63 octets. I see different behaviour between pebble and boulder. This is not an issue per se, I can...
A python based server/broken implementation can be found at https://github.com/noahkw/acmetk. It would be interesting to test interop. Especially the broker functionality opens new possibilities in internal networks, if I understand...
Allow the user to configure a file as primary source for an ACME account key. As in ``` MDAccountKey ``` which can be set globally or per MD. On startup,...
[as specified in the RFC](https://tools.ietf.org/html/rfc8555#section-7.3.5). Add a configuration directive like `MDAccountKeyRefresh |off` with default `off` (current behaviour). This is effective for ACMEv2 certificate authorities only and ignored otherwise. When checking...
```ServerName``` and ```ServerAlias``` names may carry port numbers, as in ```greenbytes.de:443``` and ```mod_md``` needs to strip those silently when matching MDs against vhosts.
…, an error was logged when "SSLProxyEngine" was only configured in the location/proxy section and not the overall server. The connection continued to work, the error log was in error....