-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for writing certificate signing requests #5
Conversation
@djc thanks for this PR. It's definitely in scope. I've wanted to add this feature eventually myself. It's really cool to have CSR generation because now maybe acme-client could switch to rcgen. As for testing I think openssl can be used for it. I suggest creating a |
Added a test as per your suggestion. |
(This does introduce the slight naming oddity that a |
Yeah I think the API details are out of scope for the PR. |
Also I think at least some versions of ACME require support for custom extensions, which doesn't add yet. But ACME is the motivating use case for me as well, so I can look at supporting that next. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR!
Thanks for the quick review! |
@djc if you want a new release, just ask. |
Will do. I don't think it's needed just yet. |
Do you know if the acme-client maintainer is amenable to replacing openssl with a ring-based stack? |
@djc I haven't had any communication with them if that's what you wonder about. I only thought it'd be a nice project. |
The project seems a bit dead. I'm talking to the maintainer of an alternative here: breard-r/acmed#2. |
Oh yeah it kinda is. Getting acmed to use rcgen sounds like a good idea, too. |
Hey, would you be interested in merging something like this? Seems like a feature that mostly fits, at least, although it maybe widens the scope a bit.
On the other hand, I'm not sure how best to test this for now (although I suppose the openssl library exposes API to actually handle CSRs). So far this is based on just comparing openssl-generated CSRs with the JS ASN.1 thingy you point to in your README.