Merge branch 'default-ed-curve' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-default-ed-curve

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

ChangeLog

@@ -1,6 +1,7 @@
 Easy-RSA 3 ChangeLog
 
 3.1.2 (TBD)
+   * Make default Edwards curve ED25519 (#828)
    * Allow --fix-offset to create post-dated certificates (#804)
    * Introduce command 'set-pass' (#756)
    * Introduce global option '--nopass|--no-pass' (#752)

easyrsa3/easyrsa

@@ -4182,18 +4182,19 @@ verify_algo_params() {
 
 		# Create the required ecparams file
 		easyrsa_openssl ecparam -name "$EASYRSA_CURVE" \
-			-out "$EASYRSA_ALGO_PARAMS" 1>/dev/null || die "\
+			-out "$EASYRSA_ALGO_PARAMS" \
-Failed to generate ecparam file (permissions?) when writing to:
+			1>/dev/null || die "\
-$EASYRSA_ALGO_PARAMS"
+Failed to generate ecparam file (permissions?) at:
+* $EASYRSA_ALGO_PARAMS"
 	;;
 	ed)
 		# Verify Edwards curve
 		easyrsa_openssl genpkey -algorithm "$EASYRSA_CURVE" \
-			> /dev/null || \
+			> /dev/null || die "\
-				die "Edwards Curve $EASYRSA_CURVE not found."
+Edwards Curve $EASYRSA_CURVE not found."
 	;;
 	*) die "\
-Alg '$EASYRSA_ALGO' is invalid: must be 'rsa', 'ec' or 'ed'"
+Alg '$EASYRSA_ALGO' is invalid: Must be 'rsa', 'ec' or 'ed'"
 	esac
 } # => verify_algo_params()
 
@@ -4372,9 +4373,21 @@ Sourcing the vars file and building certificates will probably fail ..'
 	set_var EASYRSA_REQ_EMAIL		me@example.net
 	set_var EASYRSA_REQ_OU			"My Organizational Unit"
 	set_var EASYRSA_ALGO			rsa
-	set_var EASYRSA_KEY_SIZE		2048
+
-	set_var EASYRSA_CURVE			secp384r1
+	case "$EASYRSA_ALGO" in
-	set_var EASYRSA_EC_DIR			"$EASYRSA_PKI/ecparams"
+	rsa)
+		set_var EASYRSA_KEY_SIZE	2048
+	;;
+	ec)
+		set_var EASYRSA_CURVE		secp384r1
+		set_var EASYRSA_EC_DIR		"$EASYRSA_PKI/ecparams"
+	;;
+	ed)
+		set_var EASYRSA_CURVE		ed25519
+	;;
+	*) die "Unknown algorithm '$EASYRSA_ALGO'"
+	esac
+
 	set_var EASYRSA_CA_EXPIRE		3650
 	set_var EASYRSA_CERT_EXPIRE		825 # new default of 36 months
 	set_var EASYRSA_CERT_RENEW		90