mirror of
https://github.com/moepman/acertmgr.git
synced 2024-12-27 11:51:50 +01:00
Unify key_algorithm handling for elipic curves (change naming to ECC but stay backwards compatible)
This commit is contained in:
parent
d1caaf80ef
commit
ef81ea62d1
@ -56,7 +56,7 @@ By default the directory (work_dir) containing the working data (csr,certificate
|
||||
4 configuration contexts are known (*domainconfig (d) > globalconfig (g) > commandline (c) > built-in defaults*) with the following directives (subject to change, usual usage context written bold):
|
||||
|
||||
| Directive | Context | Description | Built-in Default |
|
||||
| --- | --- | --- | --- |
|
||||
| --- | --- |----------------------------------------------------------------------------------------------------------------------------------------------| --- |
|
||||
| -c/--config-file | **c** | global configuration file (optional) | /etc/acertmgr/acertmgr.conf |
|
||||
| -d/--config-dir | **c** | directory containing domain configuration files (ending with .conf, globalconfig will be excluded automatically if in same directory) | /etc/acertmgr/*.conf |
|
||||
| -w/--work-dir | **c** | working directory containing csr/certificates/keys/ca files | /etc/acertmgr |
|
||||
@ -74,7 +74,7 @@ By default the directory (work_dir) containing the working data (csr,certificate
|
||||
| ttl_days | d,**g** | Renew certificate if it has less than this value validity left | 30 |
|
||||
| validate_ocsp | d,**g** | Renew certificate if it's OCSP status is REVOKED. Allowed values for this key are: false, sha1, sha224, sha256, sha384, sha512 | sha1 (as mandated by RFC5019) |
|
||||
| cert_dir | d,**g** | Directory containing all certificate related data (crt,key,csr) | {work_dir} |
|
||||
| key_algorithm | d,**g** | Key-algorithm for newly generated private keys (RSA, EC, ED25519, ED448) | RSA |
|
||||
| key_algorithm | d,**g** | Key-algorithm for newly generated private keys (RSA, ECC, ED25519, ED448) | RSA |
|
||||
| key_length | d,**g** | Key-length for newly generated RSA private keys (in bits) or EC curve (256=P-256, 384=P-384, 521=P-521) | depends on key_algorithm |
|
||||
| csr_static | **d**,g | Whether to re-use a static CSR or generate a new dynamic CSR | false |
|
||||
| csr_file | **d**,g | Path to store (and load) the certificate CSR file | {cert_dir}/{cert_id}.csr |
|
||||
|
@ -129,7 +129,7 @@ def parse_config_entry(entry, globalconfig, runtimeconfig):
|
||||
# Update config id if we have a key algorithm set to allow for
|
||||
# multiple certs with different algorithms for the same set of domains
|
||||
if config.get('key_algorithm', None):
|
||||
config['id'] += "_" + config['key_algorithm']
|
||||
config['id'] += "_" + config['key_algorithm'].lower()
|
||||
|
||||
# SSL key length (if key has to be (re-)generated, converted to int)
|
||||
update_config_value(config, 'key_length', localconfig, globalconfig, None)
|
||||
|
@ -144,7 +144,7 @@ def new_ssl_key(path=None, key_algo=None, key_size=None):
|
||||
key_size=key_size,
|
||||
backend=default_backend()
|
||||
)
|
||||
elif key_algo.lower() == 'ec':
|
||||
elif key_algo.lower() == 'ec' or key_algo.lower() == 'ecc':
|
||||
if not key_size or key_size == 256:
|
||||
key_curve = ec.SECP256R1
|
||||
elif key_size == 384:
|
||||
|
Loading…
Reference in New Issue
Block a user