Support for serverkeygen and additional path segments#21
Merged
vkhoroz merged 4 commits intofoundriesio:mainfrom Feb 26, 2026
Merged
Support for serverkeygen and additional path segments#21vkhoroz merged 4 commits intofoundriesio:mainfrom
vkhoroz merged 4 commits intofoundriesio:mainfrom
Conversation
orangepizza
force-pushed
the
features
branch
from
8a61708 to
ba3fb39
Compare
vkhoroz
reviewed
Feb 19, 2026
Member
vkhoroz
left a comment
vkhoroz
left a comment
There was a problem hiding this comment.
@doanac I doubt this is something we want to accept.
We might consider making it easier for 3PP developers to extend the estserver via import and composition.
But I wouldn't accept all optional RFC 7030 featurettes just for the sake of completeness.
WDYT?
doanac
reviewed
Feb 19, 2026
Member
doanac
left a comment
doanac
left a comment
There was a problem hiding this comment.
I made a couple of comments already but I'd say to rework this PR to:
- rebase on the latest main
- introduce a new flag to say whether or not the server should expose optional resources
- add the
/serverkeygenoptional resource
it had missing a / in path building so it always errored out before Signed-off-by: Seo Suchan <tjtncks@gmail.com>
orangepizza
force-pushed
the
features
branch
from
ba3fb39 to
f43411f
Compare
doanac
reviewed
Feb 19, 2026
doanac
reviewed
Feb 19, 2026
vkhoroz
reviewed
Feb 19, 2026
they aren't used by x509.createcertificate add test for cert key match with csr requested Signed-off-by: Seo Suchan <tjtncks@gmail.com>
orangepizza
force-pushed
the
features
branch
from
f43411f to
7692f78
Compare
orangepizza
force-pushed
the
features
branch
2 times, most recently
from
ded09d9 to
69a1727
Compare
vkhoroz
reviewed
Feb 20, 2026
vkhoroz
reviewed
Feb 20, 2026
vkhoroz
reviewed
Feb 20, 2026
vkhoroz
reviewed
Feb 20, 2026
Member
vkhoroz
left a comment
vkhoroz
left a comment
There was a problem hiding this comment.
This looks good now, I think.
Only need to solve that single functional comment about CSR attributes, and a couple of stylish improvements.
Thanks, @orangepizza .
orangepizza
force-pushed
the
features
branch
from
69a1727 to
e89aace
Compare
vkhoroz
reviewed
Feb 23, 2026
orangepizza
force-pushed
the
features
branch
from
e89aace to
a51f743
Compare
for entropy limited clients that can't trust local random server will create same type of key with CA don't support out of band key encryption Signed-off-by: Seo Suchan <tjtncks@gmail.com>
orangepizza
force-pushed
the
features
branch
from
a51f743 to
f2a9860
Compare
vkhoroz
reviewed
Feb 24, 2026
Member
vkhoroz
left a comment
vkhoroz
left a comment
There was a problem hiding this comment.
@doanac I think this one is good to go.
Once the typos in that comment are corrected, and you have no objections, I will merge.
Thanks @orangepizza
vkhoroz
approved these changes
Feb 24, 2026
Co-authored-by: vkhoroz <vkhoroz@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
shouldn't two saparate PR's but I already stack commits so
implement 4.3 serverkeygen and 3.2.2 addiional path segment (it's tecially a must for server to support but not usre what acually use it)
fixed logic bug on one of http test too