func NamesFromCSR(csr *x509.CertificateRequest) names
NamesFromCSR deduplicates and lower-cases the Subject Common Name and Subject Alternative Names from the CSR. If the CSR contains a CN, then it preserves it and guarantees that the SANs also include it. If the CSR does not contain a CN, then it also attempts to promote a SAN to the CN (if any is short enough to fit).
func VerifyCSR(ctx context.Context, csr *x509.CertificateRequest, maxNames int, keyPolicy *goodkey.KeyPolicy, pa core.PolicyAuthority) error
VerifyCSR checks the validity of a x509.CertificateRequest. Before doing checks it normalizes the CSR which lowers the case of DNS names and subject CN, and hoist a DNS name into the CN if it is empty.