From: Lukas Schauer <lukas@schauer.dev>
Date: Sun, 31 Oct 2021 21:36:40 +0000 (+0100)
Subject: Exit with error if somebody is trying to use EC account keys with ACME v1
X-Git-Tag: v0.7.1~14
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=08477170e91da4665ed8362f20295922ca99a59b;p=thirdparty%2Fdehydrated.git

Exit with error if somebody is trying to use EC account keys with ACME v1
---

diff --git a/dehydrated b/dehydrated
index 3cbae35..83ad404 100755
--- a/dehydrated
+++ b/dehydrated
@@ -613,6 +613,9 @@ init_system() {
       generated="true"
       local tmp_account_key
       tmp_account_key="$(_mktemp)"
+      if [[ ${API} -eq 1 && ! "${ACCOUNT_KEY_ALGO}" = "rsa" ]]; then
+        _exiterr "ACME API version 1 does not support EC account keys"
+      fi
       case "${ACCOUNT_KEY_ALGO}" in
         rsa) _openssl genrsa -out "${tmp_account_key}" "${ACCOUNT_KEYSIZE}";;
         prime256v1|secp384r1|secp521r1) _openssl ecparam -genkey -name "${ACCOUNT_KEY_ALGO}" -out "${tmp_account_key}" -noout;;