I have a fairly creative ssl setup on my webserver:
I’m writing down how I sign certificates in this context so I can use this to
look up the procedure instead of spending hours in DuckDuckGo. This is more of
a tutorial than elegant prose.
For crypto code it's important that it's time-invariant, otherwise it is
vulnerable to timing attacks. I've had to build this time-invariant equality
test from scratch, because I couldn't find something on Google. I hope it's
useful to someone else.