heiko/cert-proxy
1
0
Fork 0
Code Issues 5 Pull requests Releases 6 Activity Actions

Replace openssl dependency in CA scripts with native Go implementation #18

New issue
Open
opened 2026-04-29 17:08:21 +02:00 by heiko · 0 comments
heiko commented 2026-04-29 17:08:21 +02:00
Owner
Copy link

The CA scripts in CA/ (mkca, mkssl-pem) shell out to openssl for:

  • Generating RSA keys
  • Creating CSRs
  • Signing certificates (self-signed CA and issued certs)
  • Revoking certificates and generating CRLs

Since we already removed the openssl dependency from the server (PKCS12 bundling is now pure Go via software.sslmate.com/src/go-pkcs12), the CA scripts are the last remaining consumer of the openssl
binary.

Rewriting CA management as a Go tool would:

  • Remove the external openssl dependency entirely
  • Make cross-compilation simpler (single static binary)
  • Allow better integration with the rest of the cert-proxy codebase
The CA scripts in CA/ (mkca, mkssl-pem) shell out to openssl for: - Generating RSA keys - Creating CSRs - Signing certificates (self-signed CA and issued certs) - Revoking certificates and generating CRLs Since we already removed the openssl dependency from the server (PKCS12 bundling is now pure Go via software.sslmate.com/src/go-pkcs12), the CA scripts are the last remaining consumer of the openssl binary. Rewriting CA management as a Go tool would: - Remove the external openssl dependency entirely - Make cross-compilation simpler (single static binary) - Allow better integration with the rest of the cert-proxy codebase
heiko self-assigned this 2026-04-29 17:08:21 +02:00
Sign in to join this conversation.
master
Branches Tags
Clear current reference
master
debian/bullseye
debian/sid
debian/buster
Clear current reference
v1.19.0
v1.18.3-0.20260430111455-ee25acfa3a4f
v1.18.3-0.20260430095055-71602abfde05
v1.18.3-0.20260429214741-438e284e58b6
v1.18.3-0.20260429195939-584f77bb4bf7
v1.18.3-0.20260429151056-d6246f587aca
v1.18.3-0.20260429150350-eeb96147f3c1
v1.18.2
1.18.1
1.18.0
1.17
debian/1.17-0
debian/1.17_RC0-1
1.17-RC0
1.16-RC1
debian/1.16-RC0-0
1.16-RC0
debian/1.15.3-2
debian/1.15.3-1
1.15.3
1.15.2
debian/1.15.1-2
debian/1.15.1-1
1.15.1
1.15
debian/1.14.1-2
debian/1.14.1-1
1.14.1
1.14
debian/1.13-1
1.13
debian/1.12-2
1.12
1.11
debian/1.10.2-2
debian/1.10.2-1
1.10.2
debian/1.10.1-1
1.10.1
1.10
debian/1.9-2
debian/1.9-1
1.9
debian/1.8-3
debian/1.8-2
debian/1.8-1
1.8
debian/1.7.1-1
1.7.1
debian/1.7-1
1.7
debian/1.6-1
1.6
debian/1.5-4
debian/1.5-3
debian/1.5-2
debian/1.5-1
1.5
1.4
1.3.1
debian/1.3-4
debian/1.3-3
debian/1.3-2
debian/1.3-1
debian/1.3-0
1.3
1.2
1.1
1.0
0.5
0.4
0.3
0.2
0.1
Labels
Clear labels   
bug
Something is not working

  
duplicate
This issue or pull request already exists

  
enhancement
New feature

  
help wanted
Need some help

  
invalid
Something is wrong

  
question
More information is needed

  
security
Security vulnerability or hardening

  
wontfix
This won't be fixed

No labels
bug
duplicate
enhancement
help wanted
invalid
question
security
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
heiko
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
heiko/cert-proxy#18
No description provided.