From 08477170e91da4665ed8362f20295922ca99a59b Mon Sep 17 00:00:00 2001
From: Lukas Schauer <lukas@schauer.dev>
Date: Sun, 31 Oct 2021 22:36:40 +0100
Subject: [PATCH] Exit with error if somebody is trying to use EC account keys
 with ACME v1

---
 dehydrated | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/dehydrated b/dehydrated
index 3cbae35..83ad404 100755
--- a/dehydrated
+++ b/dehydrated
@@ -613,6 +613,9 @@ init_system() {
       generated="true"
       local tmp_account_key
       tmp_account_key="$(_mktemp)"
+      if [[ ${API} -eq 1 && ! "${ACCOUNT_KEY_ALGO}" = "rsa" ]]; then
+        _exiterr "ACME API version 1 does not support EC account keys"
+      fi
       case "${ACCOUNT_KEY_ALGO}" in
         rsa) _openssl genrsa -out "${tmp_account_key}" "${ACCOUNT_KEYSIZE}";;
         prime256v1|secp384r1|secp521r1) _openssl ecparam -genkey -name "${ACCOUNT_KEY_ALGO}" -out "${tmp_account_key}" -noout;;
-- 
2.47.3