FS-5719 --resolve

diff --git a/scripts/gentls_cert.in b/scripts/gentls_cert.in
index 49b3940d5d0da3d9fe4c31e4c2a6853c9d06775c..f2e4cd5a99d5792ba0b5a367adf995fa1179f23a 100644 (file)
--- a/scripts/gentls_cert.in
+++ b/scripts/gentls_cert.in
@@ -87,8 +87,9 @@ setup_ca() {
                "${CONFDIR}/CA/config.tpl" \
                        > "${TMPFILE}.cfg" || exit 1
 
+       openssl ecparam -name secp160r2 -out CA_CURVE.pem
        openssl req -out "${CONFDIR}/CA/cacert.pem" \
-               -new -x509 -keyout "${CONFDIR}/CA/cakey.pem" \
+               -new -x509 -keyout "${CONFDIR}/CA/cakey.pem" -newkey ec:CA_CURVE.pem \
                -config "${TMPFILE}.cfg" -nodes -days ${DAYS} -sha1 >/dev/null || exit 1
        cat "${CONFDIR}/CA/cacert.pem" > "${CONFDIR}/cafile.pem"
        cp $TMPFILE.cfg /tmp/ssl.cfg
@@ -130,7 +131,7 @@ generate_cert() {
                        > "${TMPFILE}.cfg" || exit 1
 
        openssl req -new -out "${TMPFILE}.req" \
-               -newkey rsa:${KEY_SIZE} -keyout "${TMPFILE}.key" \
+               -newkey ec:CA_CURVE.pem -keyout "${TMPFILE}.key" \
                -config "${TMPFILE}.cfg" -nodes -sha1 >/dev/null || exit 1
 
        openssl x509 -req -CAkey "${CONFDIR}/CA/cakey.pem" -CA "${CONFDIR}/CA/cacert.pem" -CAcreateserial \
@@ -156,7 +157,6 @@ remove_ca() {
 }
 OUTFILESET="0"
 command="$1"
-shift
 
 while [ $# -gt 0 ]; do
        case $1 in