mholt

// checkPasswordPwned checks if the password is "pwned" according
// to the API offered by https://haveibeenpwned.com/. (The password
// is not sent to their servers to do the check.)
//
// This function returns the number of times the password appears in
// their data set. A password is pwned, or compromised, if the return
// value is greater than 0.
//
// API Docs: https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange
//

mholt

#!/bin/bash
FILES=$(find . -name "*.go" -not -path "./vendor/*" -type f)
 
for f in $FILES
do
	echo "processing: $f"
ed -s $f << EOF
0a
// Copyright YEAR YOU
//

mholt

Caddy 2 HTTP handlers come in two flavors: middleware and responders.

• Middleware are in the middle of a request chain; i.e. they have a next handler to invoke.
• Responders are content origins, at the end of a request chain; i.e. there is no next handler. Any handlers defined after it would not be invoked.

Caveat: Sometimes a handler's role is ambiguous. For example, a caching handler would be middleware on a cache miss (it needs to invoke the upstream handlers for a response, then cache it), but on a cache hit it would be a responder, since no further handlers would be invoked (it would simply write the response).

mholt

// Handler that calls generate
func ok(w http.ResponseWriter, r *http.Request) {
	// res := make([]int64, 0, 100000)
	var res [100000]int64
	fibonacci.Generate(&res)
	// fmt.Println(suc)
	// fmt.Printf("%T", res)
	// fmt.Println(res[50])

	fmt.Fprintf(w, "OK")

mholt

CT For Server (Developers)

Intro

Similar to my advice regarding OCSP Stapling for servers/server developers, based on questions I've received about "CT best practices," I wanted to write something similar for those writing server software. That is, this isn't targeted at server operators, but for those writing software like Apache, nginx, Caddy, etc.

At the most basic level, the deployment of Certificate Transparency to date has largely tried to focus the burden on CAs, rather than on server developers. If the CA is doing everything right,

mholt

package interfaces

import (
	"bufio"
	"crypto/elliptic"
	"crypto/tls"
	"database/sql/driver"
	"debug/dwarf"
	"encoding/xml"
	"fmt"

mholt

Date: Mon, 5 Oct 2015 16:34:03 -0700

Apache caches an OCSP response for one hour by default. Unfortunately, once the hour is up, the response is purged from the cache, and Apache doesn't attempt to retrieve a new one until the next TLS handshake takes place. That means that if there's a problem contacting the OCSP responder at that moment, Apache is left without an OCSP response to staple. Furthermore, it caches the non-response for 10 minutes (by default), so for the next 10 minutes, no OCSP response will be stapled to your

mholt

// Copyright 2021 Matthew Holt and The Caddy Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,

mholt

package main

import (
	"log"
	"os"
	"strings"

	gq "github.com/PuerkitoBio/goquery"
)

mholt

// Functions from Go's strings package usable as template actions
// with text/template.
//
// This approach assumes you have some context type as a receiver,
// but if you just need the functions check out the FuncMap variant
// below.
// 
// Commented functions are not deemed useful in template actions.
// Haven't actually used this, but this is one possible way of doing it.
// Another option is to fill a FuncMap with most of the strings package.