Caddy version: v2.2.0 h1:sMUFqTbVIRlmA8NkFnNt9l7s0e+0gw+7GPIrhty905A=

I am trying to pass pem-encoded client certificate to proxied service via a X-SSL-Cert header, like so:

sub.example.com {
    reverse_proxy 127.0.0.1:8000 {
        header_up X-SSL-Cert {http.request.tls.client.certificate_pem}
    }

    tls {
        client_auth {
            mode require
        }
    }
}

As OpenSSL does not support asynchronous read/write duplex, sometimes, the asynchronous read/write logic needs to be changed to consecutive processing. An interface for viewing the job status in internal objects maybe helpful for this.

ASYNC_JOB *SSL_get_job(const SSL *s)
{
    return s->job;
}

Right now in different places in the SE codebase there are references to /opt and then as well to /usr.

All SE code should reference one place only. Could someone please create a PR that fixes this.

This PR should also take PR #454 into consideration (no conflicts)

Is your feature request related to a problem? Please describe.
At cert-manager 1.0, there is ServiceMonitor to scrape certs metrics, but there is no alert(s) on certs renew failures to cluster operator.

Describe the solution you'd like
PrometheusRule object with alerting rules about expiring certs. Plus, ability to extend/override default rules via helm values.

/kind feature

There's little information about what keys and values are in the output, what it means and how they are related to the screen output. In general that needs to be added. (special topics see #1675, #1674)

Problem:

A common pattern is:

GUARD(s2n_stuffer_skip_write(stuffer, bytes_to_write));
uint8_t* ptr = suffer->blob.data + stuffer->write_cursor - bytes_to_write;

which could be simplified.

Solution:

*ptr could be an *out parameter to s2n_stuffer_skip_write

• Does this change what S2N sends over the wire? No.
• Does this change any public APIs? No.

gcc has several function attributes that allow the built-in warnings to catch more problems.
For example, if you have your own malloc function, you can tell gcc that it allocates memory and the size comes from the 1st argument:

attribute((alloc_size(1))) void* my_malloc(size_t size);

For your own calloc function, the syntax is slight different:

attribute((alloc_size(1,2))) void*

What would you like to be added

Add support for a DynamoDB storage backend. Although MySQL is available, it would require to run a RDS Instance for it. Extra costs, backup considerations, etc. Even with Aurora Serverless.

DynamoDB is just there, scales as needed with OnDemand pricing and has fine backup capabilities.

Why this is needed

We plan to run step-ca in AWS ECS on Farga