Due to rcgen using ring rng when signing the certificate and the lack of an API to seed the rng, we are not able to properly generate deterministic certificates utilizing ring. Originally, exposing the api to generate the certificate by the end-user so they could eventually pass that same certificate back internally was the idea to get around this, however this may not be a preferred option long term since this requires the node to store the certificate and keypair generated.
This PR introduce a change to use simple_x509 to generate the certificate instead of rcgen, which would allow us to use the ecdsa keypair to sign the certificate instead, which would allow us to produce a deterministic certificate.
Due to
rcgenusingringrng when signing the certificate and the lack of an API to seed the rng, we are not able to properly generate deterministic certificates utilizingring. Originally, exposing the api to generate the certificate by the end-user so they could eventually pass that same certificate back internally was the idea to get around this, however this may not be a preferred option long term since this requires the node to store the certificate and keypair generated.This PR introduce a change to use
simple_x509to generate the certificate instead ofrcgen, which would allow us to use the ecdsa keypair to sign the certificate instead, which would allow us to produce a deterministic certificate.Relates to https://github.com/libp2p/rust-libp2p/issues/3049
Note: