From: Lukas Schauer <lukas@schauer.dev>
Date: Sun, 31 Oct 2021 19:20:40 +0000 (+0100)
Subject: Avoid writing ec-parameters to private-key file (fixes #830)
X-Git-Tag: v0.7.1~17
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=607a6088d365840f738302621f13b304e5c7d9a7;p=thirdparty%2Fdehydrated.git

Avoid writing ec-parameters to private-key file (fixes #830)
---

diff --git a/dehydrated b/dehydrated
index eb38116..b7e1ff6 100755
--- a/dehydrated
+++ b/dehydrated
@@ -1343,7 +1343,7 @@ sign_domain() {
       tmp_privkey="$(_mktemp)"
       case "${KEY_ALGO}" in
         rsa) _openssl genrsa -out "${tmp_privkey}" "${KEYSIZE}";;
-        prime256v1|secp384r1) _openssl ecparam -genkey -name "${KEY_ALGO}" -out "${tmp_privkey}";;
+        prime256v1|secp384r1) _openssl ecparam -genkey -name "${KEY_ALGO}" -out "${tmp_privkey}" -noout;;
       esac
       cat "${tmp_privkey}" > "${certdir}/privkey-${timestamp}.pem"
       rm "${tmp_privkey}"
@@ -1360,7 +1360,7 @@ sign_domain() {
       echo " + Generating private rollover key..."
       case "${KEY_ALGO}" in
         rsa) _openssl genrsa -out "${certdir}/privkey.roll.pem" "${KEYSIZE}";;
-        prime256v1|secp384r1) _openssl ecparam -genkey -name "${KEY_ALGO}" -out "${certdir}/privkey.roll.pem";;
+        prime256v1|secp384r1) _openssl ecparam -genkey -name "${KEY_ALGO}" -out "${certdir}/privkey.roll.pem" -noout;;
       esac
     fi
     # delete rolloverkeys if disabled