X509v3 extensions from certificate not transferred to CSR

[nicopal]

Hi,

After creating a certificate with several X509v3 extensions (e.g. X509v3 Extended Key Usage: TLS Web Client Authentication), I create a certificate signing request using e.g. certificate.serialize_request_der()

However, the certificate signing request does not contain the extensions. This is in line with an earlier issue in OpenSSL, where extensions from the certificate were not transferred to the CSR and vice versa. This appears to have been fixed by now: https://github.com/openssl/openssl/issues/10458

Do you plan to add a feature to copy X509v3 extensions from the certificate into the CSR?

Thanks.