Damian Jarek

Unfortunately, the ssl stream in Beast doesn't seem to have an API that exposes the underlying SSL socket. As a sidenote: I'm no longer working on this library, due to...

- Go std lib seems to be relying on OCSP stapling, no additional validation seems to be performed: https://golang.org/src/net/http/transport.go?s=20650:20692#L1258 - cURL: relies on the OpenSSL store and additional user-provided CRLs:...

No, OpenSSL doesn't have code do that on either Windows or MacOS. Botan has the code to use the Apple native cert store, but it loads the certificates via a...

Chromium uses an indirect approach for certificate revocation checking: https://dev.chromium.org/Home/chromium-security/crlsets (Once a day, a CRX file is downloaded which contains a list of revoked certificates, collected by a crawler). The...

In terms of testing, Chromium maintains its own cert store, which it uses, in a testing environment to populate a native certificate verification context. The problem is that populating this...

Looks like in some specific circumstances, it's possible to import CAs into the Windows keystore and avoid the popup: https://ci.appveyor.com/project/djarek/certify/builds/22963708/job/t71spirx2d6tfsji#L221 This might allow using the test database of certs that...

Testing is tricky, requires "mocking" out the cert store (which doesn't test all the cases), or a high level test that adds certs to the system store (even trickier). Windows:...

@amnuwan That's the wrong flag, `-S` does the following: > Stop after the stage of compilation proper; do not assemble. The output is in the form of an assembler code...

Some things that may help: - don't use polymorphic executor (the default) on I/O objects, prefer the exact type (usually `io_context::executor_type`) - try to use the same buffer type in...

After forking the PRNG has to be reseeded.