mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-23 13:41:41 +00:00
set default account key to 2048.
Some old platforms doesn't support ecc signing.
This commit is contained in:
parent
d018be5d36
commit
57e58ce76c
47
acme.sh
47
acme.sh
@ -1,6 +1,6 @@
|
|||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
VER=2.6.3
|
VER=2.6.4
|
||||||
|
|
||||||
PROJECT_NAME="acme.sh"
|
PROJECT_NAME="acme.sh"
|
||||||
|
|
||||||
@ -19,6 +19,9 @@ DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.
|
|||||||
DEFAULT_USER_AGENT="$PROJECT_ENTRY client v$VER : $PROJECT"
|
DEFAULT_USER_AGENT="$PROJECT_ENTRY client v$VER : $PROJECT"
|
||||||
DEFAULT_ACCOUNT_EMAIL=""
|
DEFAULT_ACCOUNT_EMAIL=""
|
||||||
|
|
||||||
|
DEFAULT_ACCOUNT_KEY_LENGTH=2048
|
||||||
|
DEFAULT_DOMAIN_KEY_LENGTH=2048
|
||||||
|
|
||||||
STAGE_CA="https://acme-staging.api.letsencrypt.org"
|
STAGE_CA="https://acme-staging.api.letsencrypt.org"
|
||||||
|
|
||||||
VTYPE_HTTP="http-01"
|
VTYPE_HTTP="http-01"
|
||||||
@ -739,15 +742,24 @@ createAccountKey() {
|
|||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
length=$1
|
||||||
|
_create_account_key "$length"
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
_create_account_key() {
|
||||||
|
|
||||||
length=$1
|
length=$1
|
||||||
|
|
||||||
if [ -z "$length" ] || [ "$length" = "$NO_VALUE" ] ; then
|
if [ -z "$length" ] || [ "$length" = "$NO_VALUE" ] ; then
|
||||||
_debug "Use default length 2048"
|
_debug "Use default length $DEFAULT_ACCOUNT_KEY_LENGTH"
|
||||||
length=2048
|
length="$DEFAULT_ACCOUNT_KEY_LENGTH"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_debug length "$length"
|
_debug length "$length"
|
||||||
_initpath
|
_initpath
|
||||||
|
|
||||||
|
mkdir -p "$CA_DIR"
|
||||||
if [ -f "$ACCOUNT_KEY_PATH" ] ; then
|
if [ -f "$ACCOUNT_KEY_PATH" ] ; then
|
||||||
_info "Account key exists, skip"
|
_info "Account key exists, skip"
|
||||||
return
|
return
|
||||||
@ -769,6 +781,11 @@ createDomainKey() {
|
|||||||
domain=$1
|
domain=$1
|
||||||
length=$2
|
length=$2
|
||||||
|
|
||||||
|
if [ -z "$length" ] ; then
|
||||||
|
_debug "Use DEFAULT_DOMAIN_KEY_LENGTH=$DEFAULT_DOMAIN_KEY_LENGTH"
|
||||||
|
length="$DEFAULT_DOMAIN_KEY_LENGTH"
|
||||||
|
fi
|
||||||
|
|
||||||
_initpath $domain "$length"
|
_initpath $domain "$length"
|
||||||
|
|
||||||
if [ ! -f "$CERT_KEY_PATH" ] || ( [ "$FORCE" ] && ! [ "$IS_RENEW" ] ); then
|
if [ ! -f "$CERT_KEY_PATH" ] || ( [ "$FORCE" ] && ! [ "$IS_RENEW" ] ); then
|
||||||
@ -1319,7 +1336,7 @@ _read_conf() {
|
|||||||
eval "printf \"%s\" \"\$$_sdkey\""
|
eval "printf \"%s\" \"\$$_sdkey\""
|
||||||
)
|
)
|
||||||
else
|
else
|
||||||
_err "config file is empty, can not read $_sdkey"
|
_debug "config file is empty, can not read $_sdkey"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2163,16 +2180,21 @@ updateaccount() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
registeraccount() {
|
registeraccount() {
|
||||||
|
_reg_length="$1"
|
||||||
_initpath
|
_initpath
|
||||||
_regAccount
|
_regAccount "$_reg_length"
|
||||||
}
|
}
|
||||||
|
|
||||||
__calcAccountKeyHash() {
|
__calcAccountKeyHash() {
|
||||||
[ -f "$ACCOUNT_KEY_PATH" ] && cat "$ACCOUNT_KEY_PATH" | _digest sha256
|
[ -f "$ACCOUNT_KEY_PATH" ] && cat "$ACCOUNT_KEY_PATH" | _digest sha256
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#keylength
|
||||||
_regAccount() {
|
_regAccount() {
|
||||||
_initpath
|
_initpath
|
||||||
|
_reg_length="$1"
|
||||||
|
|
||||||
|
|
||||||
if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then
|
if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then
|
||||||
_info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH"
|
_info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH"
|
||||||
@ -2185,11 +2207,7 @@ _regAccount() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! -f "$ACCOUNT_KEY_PATH" ] ; then
|
if [ ! -f "$ACCOUNT_KEY_PATH" ] ; then
|
||||||
_acck="no"
|
if ! _create_account_key "$_reg_length" ; then
|
||||||
if [ "$Le_Keylength" ] ; then
|
|
||||||
_acck="$Le_Keylength"
|
|
||||||
fi
|
|
||||||
if ! createAccountKey "$_acck" ; then
|
|
||||||
_err "Create account key error."
|
_err "Create account key error."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
@ -2414,10 +2432,12 @@ issue() {
|
|||||||
_debug2 _saved_account_key_hash "$_saved_account_key_hash"
|
_debug2 _saved_account_key_hash "$_saved_account_key_hash"
|
||||||
|
|
||||||
if [ -z "$_saved_account_key_hash" ] || [ "$_saved_account_key_hash" != "$(__calcAccountKeyHash)" ] ; then
|
if [ -z "$_saved_account_key_hash" ] || [ "$_saved_account_key_hash" != "$(__calcAccountKeyHash)" ] ; then
|
||||||
if ! _regAccount ; then
|
if ! _regAccount "$_accountkeylength"; then
|
||||||
_on_issue_err
|
_on_issue_err
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
else
|
||||||
|
_debug "_saved_account_key_hash is not changed, skip register account."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -f "$CSR_PATH" ] && [ ! -f "$CERT_KEY_PATH" ] ; then
|
if [ -f "$CSR_PATH" ] && [ ! -f "$CERT_KEY_PATH" ] ; then
|
||||||
@ -4232,9 +4252,6 @@ _process() {
|
|||||||
|
|
||||||
--keylength|-k)
|
--keylength|-k)
|
||||||
_keylength="$2"
|
_keylength="$2"
|
||||||
if [ "$_accountkeylength" = "$NO_VALUE" ] ; then
|
|
||||||
_accountkeylength="$2"
|
|
||||||
fi
|
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
--accountkeylength|-ak)
|
--accountkeylength|-ak)
|
||||||
@ -4458,7 +4475,7 @@ _process() {
|
|||||||
deactivate "$_domain,$_altdomains"
|
deactivate "$_domain,$_altdomains"
|
||||||
;;
|
;;
|
||||||
registeraccount)
|
registeraccount)
|
||||||
registeraccount
|
registeraccount "$_accountkeylength"
|
||||||
;;
|
;;
|
||||||
updateaccount)
|
updateaccount)
|
||||||
updateaccount
|
updateaccount
|
||||||
|
Loading…
Reference in New Issue
Block a user