Exit with error if somebody is trying to use EC account keys with ACME v1

author Lukas Schauer <lukas@schauer.dev>

Sun, 31 Oct 2021 21:36:40 +0000 (22:36 +0100)

committer Lukas Schauer <lukas@schauer.dev>

Sun, 31 Oct 2021 21:36:40 +0000 (22:36 +0100)
author Lukas Schauer <lukas@schauer.dev>
Sun, 31 Oct 2021 21:36:40 +0000 (22:36 +0100)
committer Lukas Schauer <lukas@schauer.dev>
Sun, 31 Oct 2021 21:36:40 +0000 (22:36 +0100)
diff --git a/dehydrated b/dehydrated

index 3cbae352863b2e010adfc398a086da382d6ce63e..83ad4045a27d1bb5687dd3f07691ebc60b7e7a20 100755 (executable)
--- a/dehydrated
+++ b/dehydrated
@@ -613,6 +613,9 @@ init_system() {
        generated="true"
        local tmp_account_key
        tmp_account_key="$(_mktemp)"
+      if [[ ${API} -eq 1 && ! "${ACCOUNT_KEY_ALGO}" = "rsa" ]]; then
+        _exiterr "ACME API version 1 does not support EC account keys"
+      fi
        case "${ACCOUNT_KEY_ALGO}" in
          rsa) _openssl genrsa -out "${tmp_account_key}" "${ACCOUNT_KEYSIZE}";;
          prime256v1|secp384r1|secp521r1) _openssl ecparam -genkey -name "${ACCOUNT_KEY_ALGO}" -out "${tmp_account_key}" -noout;;
author	Lukas Schauer <lukas@schauer.dev>
	Sun, 31 Oct 2021 21:36:40 +0000 (22:36 +0100)
committer	Lukas Schauer <lukas@schauer.dev>
	Sun, 31 Oct 2021 21:36:40 +0000 (22:36 +0100)