From ef81ea62d16a505ea5dfaf0b638eece3ab5aaf2d Mon Sep 17 00:00:00 2001 From: Rudolf Mayerhofer Date: Tue, 28 Mar 2023 22:03:32 +0200 Subject: [PATCH] Unify key_algorithm handling for elipic curves (change naming to ECC but stay backwards compatible) --- README.md | 4 ++-- acertmgr/configuration.py | 2 +- acertmgr/tools.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 0c3fedf..5132979 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,7 @@ By default the directory (work_dir) containing the working data (csr,certificate 4 configuration contexts are known (*domainconfig (d) > globalconfig (g) > commandline (c) > built-in defaults*) with the following directives (subject to change, usual usage context written bold): | Directive | Context | Description | Built-in Default | -| --- | --- | --- | --- | +| --- | --- |----------------------------------------------------------------------------------------------------------------------------------------------| --- | | -c/--config-file | **c** | global configuration file (optional) | /etc/acertmgr/acertmgr.conf | | -d/--config-dir | **c** | directory containing domain configuration files (ending with .conf, globalconfig will be excluded automatically if in same directory) | /etc/acertmgr/*.conf | | -w/--work-dir | **c** | working directory containing csr/certificates/keys/ca files | /etc/acertmgr | @@ -74,7 +74,7 @@ By default the directory (work_dir) containing the working data (csr,certificate | ttl_days | d,**g** | Renew certificate if it has less than this value validity left | 30 | | validate_ocsp | d,**g** | Renew certificate if it's OCSP status is REVOKED. Allowed values for this key are: false, sha1, sha224, sha256, sha384, sha512 | sha1 (as mandated by RFC5019) | | cert_dir | d,**g** | Directory containing all certificate related data (crt,key,csr) | {work_dir} | -| key_algorithm | d,**g** | Key-algorithm for newly generated private keys (RSA, EC, ED25519, ED448) | RSA | +| key_algorithm | d,**g** | Key-algorithm for newly generated private keys (RSA, ECC, ED25519, ED448) | RSA | | key_length | d,**g** | Key-length for newly generated RSA private keys (in bits) or EC curve (256=P-256, 384=P-384, 521=P-521) | depends on key_algorithm | | csr_static | **d**,g | Whether to re-use a static CSR or generate a new dynamic CSR | false | | csr_file | **d**,g | Path to store (and load) the certificate CSR file | {cert_dir}/{cert_id}.csr | diff --git a/acertmgr/configuration.py b/acertmgr/configuration.py index 4da7a04..ca35504 100644 --- a/acertmgr/configuration.py +++ b/acertmgr/configuration.py @@ -129,7 +129,7 @@ def parse_config_entry(entry, globalconfig, runtimeconfig): # Update config id if we have a key algorithm set to allow for # multiple certs with different algorithms for the same set of domains if config.get('key_algorithm', None): - config['id'] += "_" + config['key_algorithm'] + config['id'] += "_" + config['key_algorithm'].lower() # SSL key length (if key has to be (re-)generated, converted to int) update_config_value(config, 'key_length', localconfig, globalconfig, None) diff --git a/acertmgr/tools.py b/acertmgr/tools.py index 7201e19..be1bb69 100644 --- a/acertmgr/tools.py +++ b/acertmgr/tools.py @@ -144,7 +144,7 @@ def new_ssl_key(path=None, key_algo=None, key_size=None): key_size=key_size, backend=default_backend() ) - elif key_algo.lower() == 'ec': + elif key_algo.lower() == 'ec' or key_algo.lower() == 'ecc': if not key_size or key_size == 256: key_curve = ec.SECP256R1 elif key_size == 384: