The changes introduced come after the issue/feature requrest https://github.com/globalsign/est/issues/30 has been opened.
They allow us to enroll a CSR that includes the TLS-unique value as recommended by the RFC 7030
Because each http client instantiation results in a new TLS-unique, one way of including it would be to make EST requests from the same http client.
Because the standard crypto/x509 Go package does not handle the challenge password attribute (OID) the way an EST/CA server expects it, the CSR creation had to be wrapped.
The changes introduced come after the issue/feature requrest https://github.com/globalsign/est/issues/30 has been opened. They allow us to enroll a CSR that includes the TLS-unique value as recommended by the RFC 7030