We should expand the functionality of the build_x509_skeleton function (and the various wrappers of it) to allow non-self-signed certificates to be created.
This should only require:
- Make
build_x509_skeleton take two common_name_as_string parameters, one for the subject of the certificate and one for the signer (see the build_tbs_certificate function for where those two uses occur).
xtt_x509_from_ecdsap256_keypair can remain the same, but renaming it and its parameters might make things clearer (e.g. the public key and the private key aren't necessarily linked). Or perhaps keeping (with just one common name input, to be used for self-signed certs) it but making a clone, that's renamed and has differently-named parameters.
- A similar renaming/cloning for the
tool
We should expand the functionality of the
build_x509_skeletonfunction (and the various wrappers of it) to allow non-self-signed certificates to be created.This should only require:
build_x509_skeletontake two common_name_as_string parameters, one for the subject of the certificate and one for the signer (see thebuild_tbs_certificatefunction for where those two uses occur).xtt_x509_from_ecdsap256_keypaircan remain the same, but renaming it and its parameters might make things clearer (e.g. the public key and the private key aren't necessarily linked). Or perhaps keeping (with just one common name input, to be used for self-signed certs) it but making a clone, that's renamed and has differently-named parameters.tool