Merge branch 'InsaneScientist-fix-ed25519'
When Edwards curves are currently specified, they will be used for the
signature algorithm, but the actual public/private keypair will fall
back to defaults (RSA2048), which is likely not what the user intends.
This commit modifies the code so that requesting Edwards curves will
result in their use for the Public Key Algorithm (new behavior) in
addition to the Signature Algorithm (current behavior)
Examples of fixed and current (broken) behavior given below. Note the
Public Key Algorithm in the middle of the certificate and the message
from openssl of the private key type that's being generated
==> This still doesn't appear to fix the issue when generating
certificates on macOS with LibreSSL. I haven't looked too far into
this, though.
Address OpenSSL in #350, needs more attention.
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
This commit is contained in:
Eric F Crist
commit
fc608b0f2d
@ -794,7 +794,9 @@ $EASYRSA_EXTRA_EXTS"
|
||||
[ $EASYRSA_BATCH ] && opts="$opts -batch"
|
||||
# shellcheck disable=2086,2148
|
||||
algo_opts=""
|
||||
if [ "ed" != $EASYRSA_ALGO ];then
|
||||
if [ "ed" = "$EASYRSA_ALGO" ]; then
|
||||
algo_opts=" -newkey $EASYRSA_CURVE "
|
||||
else
|
||||
algo_opts=" -newkey $EASYRSA_ALGO:$EASYRSA_ALGO_PARAMS "
|
||||
fi
|
||||
easyrsa_openssl req -utf8 -new $algo_opts \
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user