Skip to content

Commit

Permalink
self-sign: simplify required curve EASYRSA_CURVE
Browse files Browse the repository at this point in the history
Signed-off-by: Richard T Bonhomme <[email protected]>
  • Loading branch information
TinCanTech committed Apr 21, 2024
1 parent 22fd055 commit a1052b7
Showing 1 changed file with 12 additions and 8 deletions.
20 changes: 12 additions & 8 deletions easyrsa3/easyrsa
Original file line number Diff line number Diff line change
Expand Up @@ -1898,29 +1898,33 @@ Conflicting certificate exists at:
easyrsa_mktemp selfsign_params_file || \
die "build_self_sign - easyrsa_mktemp selfsign_params_file"

# params-file
# Allow default EASYRSA_ALGO=rsa to silently use EC
if [ "$EASYRSA_CURVE" ]; then
user_error "Only EC Curve 'secp384r1' is suported."
[ "$EASYRSA_CURVE" = secp384r1 ] || \
user_error "Only EC Curve 'secp384r1' is supported."
else
export EASYRSA_CURVE=secp384r1
"${EASYRSA_OPENSSL}" ecparam \
-name "${EASYRSA_CURVE}" \
-out "${selfsign_params_file}" || \
die "build_self_sign - params-file failed"
fi

# params-file
"${EASYRSA_OPENSSL}" ecparam \
-name "${EASYRSA_CURVE}" \
-out "${selfsign_params_file}" || \
die "build_self_sign - params-file failed"

# create self-signed key pair
easyrsa_openssl req -x509 -utf8 -sha256 -text \
easyrsa_openssl req -x509 -utf8 -sha256 -text \
-newkey ec:"${selfsign_params_file}" \
-keyout "${key_out}" \
-out "${crt_out}" \
-subj "/CN=${file_name_base}" \
-addext extendedKeyUsage="${selfsign_eku}" \
${EASYRSA_NO_PASS:+ "$no_password"} \
${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} \
${EASYRSA_PASSOUT:+ -passout "$EASYRSA_PASSOUT"} \
${EASYRSA_CERT_EXPIRE:+ -days "$EASYRSA_CERT_EXPIRE"} \
${EASYRSA_START_DATE:+ -startdate "$EASYRSA_START_DATE"} \
${EASYRSA_END_DATE:+ -enddate "$EASYRSA_END_DATE"} \
${EASYRSA_END_DATE:+ -enddate "$EASYRSA_END_DATE"}

# Generate fingerprint for inline file
crt_fingerprint="$(
Expand Down

0 comments on commit a1052b7

Please sign in to comment.