Add support for writing certificate signing requests #5
Conversation
|
@djc thanks for this PR. It's definitely in scope. I've wanted to add this feature eventually myself. It's really cool to have CSR generation because now maybe acme-client could switch to rcgen. As for testing I think openssl can be used for it. I suggest creating a |
|
Added a test as per your suggestion. |
|
(This does introduce the slight naming oddity that a |
Yeah I think the API details are out of scope for the PR. |
|
Also I think at least some versions of ACME require support for custom extensions, which doesn't add yet. But ACME is the motivating use case for me as well, so I can look at supporting that next. |
|
Thanks for the quick review! |
|
@djc if you want a new release, just ask. |
|
Will do. I don't think it's needed just yet. |
|
Do you know if the acme-client maintainer is amenable to replacing openssl with a ring-based stack? |
|
@djc I haven't had any communication with them if that's what you wonder about. I only thought it'd be a nice project. |
|
The project seems a bit dead. I'm talking to the maintainer of an alternative here: breard-r/acmed#2. |
|
Oh yeah it kinda is. Getting acmed to use rcgen sounds like a good idea, too. |
Hey, would you be interested in merging something like this? Seems like a feature that mostly fits, at least, although it maybe widens the scope a bit.
On the other hand, I'm not sure how best to test this for now (although I suppose the openssl library exposes API to actually handle CSRs). So far this is based on just comparing openssl-generated CSRs with the JS ASN.1 thingy you point to in your README.