Roland Bracewell Shoemaker
Roland Bracewell Shoemaker
The golang `x/crypto/ocsp` library doesn't support the nonce extension and using a request/response nonce prevents offline signing as each response needs to be signed with the individual request nonce in...
This is an extremely powerful feature, which seems extremely easy to misuse if you aren't really sure what you're doing, and seems likely to be of value to a very...
@jsha rightly points out that you can't really change the env of a running proc. Better to do this as a HTTP endpoint under /debug or something.
Trying to put an end to the bike shedding, re-using `go mod verify` here seems like the simplest choice. The name of the command makes sense for what we're doing,...
> crypto/subtle.WithDataIndependentTiming was released in Go 1.25. This would be a change in its semantics. However, it's unlikely to affect existing code, and if it does, the worst case is...
Discussed with @dr2chase, submitting to get in for RC1.
crypto/ APIs look correct to me.
Is this certificate produced or used by some widely used software? The crypto/x509 package explicitly implements a restricted set of X.509 features, necessary for supporting publicly trusted certificates. (per the...
Ah okay, so the main use case here (at least for you) is to essentially extract the parsed NSS list but without the need to fetch it yourself, and/or manage...
We now have implemented constraint parsing in x509roots, meaning the bundle now contains roots that should not be blindly trusted. Additionally roots are no longer stored as one giant byte...