Caddy version: v2.2.0 h1:sMUFqTbVIRlmA8NkFnNt9l7s0e+0gw+7GPIrhty905A=

I am trying to pass pem-encoded client certificate to proxied service via a X-SSL-Cert header, like so:

sub.example.com {
    reverse_proxy 127.0.0.1:8000 {
        header_up X-SSL-Cert {http.request.tls.client.certificate_pem}
    }

    tls {
        client_auth {
            mode require
        }
    }
}

Hi,
From url "https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_chain_cert_store.html " I only found set function for chain_store. Will openssl add a get chain_store function? Or why didn't add the get function?

Right now in different places in the SE codebase there are references to /opt and then as well to /usr.

All SE code should reference one place only. Could someone please create a PR that fixes this.

This PR should also take PR #454 into consideration (no conflicts)

Is your feature request related to a problem? Please describe.
At cert-manager 1.0, there is ServiceMonitor to scrape certs metrics, but there is no alert(s) on certs renew failures to cluster operator.

Describe the solution you'd like
PrometheusRule object with alerting rules about expiring certs. Plus, ability to extend/override default rules via helm values.

/kind feature

There's little information about what keys and values are in the output, what it means and how they are related to the screen output. In general that needs to be added. (special topics see #1675, #1674)

Problem:

A common pattern is:

GUARD(s2n_stuffer_skip_write(stuffer, bytes_to_write));
uint8_t* ptr = suffer->blob.data + stuffer->write_cursor - bytes_to_write;

which could be simplified.

Solution:

*ptr could be an *out parameter to s2n_stuffer_skip_write

• Does this change what S2N sends over the wire? No.
• Does this change any public APIs? No.

Description

• Type: Bug
• Priority: Minor

Bug

There are multiple warnings raised in the process of building armcc in all.sh, but the test script does not treat them as errors.
Examples:

"ecp.c", line 175: Warning:  #188-D: enumerated type mixed with another type
      const mbedtls_md_type_t md_type = mbedtls_md_list()[0];
                                        ^
"psa_crypt

What would you like to be added

Add support for a DynamoDB storage backend. Although MySQL is available, it would require to run a RDS Instance for it. Extra costs, backup considerations, etc. Even with Aurora Serverless.

DynamoDB is just there, scales as needed with OnDemand pricing and has fine backup capabilities.

Why this is needed

We plan to run step-ca in AWS ECS on Farga