J.C. Jones
J.C. Jones
The flag `REQUIRE_USER_VERIFICATION` can be passed in by callers, which cannot be satisfied by U2F devices. As such, `REQUIRE_USER_VERIFICATION` should not permit any U2F devices to complete the operation. Additionally,...
[catch_unwind](https://doc.rust-lang.org/std/panic/fn.catch_unwind.html) might be good in the C API in release builds to avoid crashing the library caller.
`RUSTFLAGS="-Z sanitizer=thread" rustup run nightly cargo test` ``` running 4 tests test u2fprotocol::tests::test_init_device ... ok test u2fprotocol::tests::test_ping_device ... ok test u2fprotocol::tests::test_sendapdu ... ok ================== WARNING: ThreadSanitizer: data race (pid=35046) Write...
Right now, tokens that you don't touch continue blinking until the timeout completes, while the one you do touch stops blinking immediately. They should all stop.
We need to port the specification fix from https://github.com/letsencrypt/boulder/pull/5916 to Pebble. Specifically, that the certificate presented during the "acme-tls/1" handshake has "a subjectAltName extension containing the dNSName being validated and...
It'd be great to be able to exercise the AppID extension in the tests here, too.
There's an uncommon but painful issue where nameserver replication hasn't completed yet, because maybe the nameservers mirror as a scheduled task and it hasn't run yet. We usually see that...
When we create a new payment credential using your roaming credential, it's implied that the browser stores the credential `displayName` and `icon` so that when it's presented as an authentication...
The code for admin-revoker to find registrations by email during a `clear-email` operation is too naive: https://github.com/letsencrypt/boulder/blob/14a8378dd0dcf82e222aa3bccde47cc8f5ff1bc6/cmd/admin-revoker/main.go#L435-L444 We need to account for people adding `+` and `.` and such. We...