Use same algorithm for signature as pub/priv keys

When Edwards curves are currently specified, they will be used for the signature algorithm, but the actual public/private keypair will fall back to defaults (RSA2048), which is likely not what the user intends. This commit modifies the code so that requesting Edwards curves will result in their use for the Public Key Algorithm (new behavior) in addition to the Signature Algorithm (current behavior) Examples of fixed and current (broken) behavior given below. Note the Public Key Algorithm in the middle of the certificate and the message from openssl of the private key type that's being generated: Merge branch 'fix-ed25519' of https://github.com/InsaneScientist/easy-rsa into InsaneScientist-fix-ed25519
2020-04-14 20:19:38 -05:00 · 2020-04-14 20:19:38 -05:00 · 8eeb0d2628
commit 8eeb0d2628
parent 0fdd390c11 04fe65de17
1 changed files with 3 additions and 1 deletions
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@ -794,7 +794,9 @@ $EASYRSA_EXTRA_EXTS"
 	[ $EASYRSA_BATCH ] && opts="$opts -batch"
 	# shellcheck disable=2086,2148
 	algo_opts=""
-	if [ "ed" != $EASYRSA_ALGO ];then
+	if [ "ed" = "$EASYRSA_ALGO" ]; then
+		algo_opts=" -newkey $EASYRSA_CURVE "
+	else
 		algo_opts=" -newkey $EASYRSA_ALGO:$EASYRSA_ALGO_PARAMS "
 	fi
 	easyrsa_openssl req -utf8 -new $algo_opts \