Confusing variable naming in certbot/acme (private_key/privkey)

[RS-Credentive]

While following along with the code in the crypto_util modules in acme and certbot, I was very confused by the references to the private key as the "Key to include in the CSR", since the public key is the one included in the CSR.

The reference to the private key continues until this call in acme.crypt_util

certbot/acme/acme/crypto_util.py

Line 272 in 873f979

csr.set_pubkey(private_key)

Since it appears that the public key is the one being used, is it appropriate to refer to it as a public_key/pubkey rather than a private_key/privkey?

Will you accept a PR to change the variable name for purposes of clarity?

[osirisinferi]

The set_pubkey() method of the crypto.X509Req class accepts the OpenSSL.crypto.PKey class as argument. And that PKey can be a public key or key pair. When a key pair (private key) is used, it will extract the public key from the private key.

Notice how the private_key variable is really a private key, as it's being loaded from crypto.load_privatekey() and is also used by the csr.sign() method, which obviously requires a private key.

Thus the variable name is actually quite correct and personally I don't find it really confusing in the preamble of generate_csr() to be honest, as everybody knows it's the public part of the key pair/private key that gets embedded in the CSR.