diff options
| author | Glen Huang <me@glenhuang.com> | 2023-05-17 17:53:51 +0800 |
|---|---|---|
| committer | Glen Huang <me@glenhuang.com> | 2023-05-18 12:48:47 +0800 |
| commit | 6d61014e51266f1cb083d9f31491f9c5fb73eeb0 (patch) | |
| tree | 7501a623d9f293c4c313f9e76490ff298df4fe8a | |
| parent | 38eeca5df92c6f8fedd153e7383904eb5b893beb (diff) | |
acme: standardize key_type
keylength, being an acme.sh value type, uses pure numbers for rsa keys.
This can be disorienting for other acme clients. This change introduces
a new option "key_type" that aims to remove this ambiguity, and makes
all key type names follow the same pattern, making acme-common more
client agnostic.
Signed-off-by: Glen Huang <me@glenhuang.com>
| -rw-r--r-- | net/acme-acmesh/files/hook.sh | 8 | ||||
| -rw-r--r-- | net/acme-common/files/acme.init | 14 |
2 files changed, 16 insertions, 6 deletions
diff --git a/net/acme-acmesh/files/hook.sh b/net/acme-acmesh/files/hook.sh index 1e784edc3..477003e3f 100644 --- a/net/acme-acmesh/files/hook.sh +++ b/net/acme-acmesh/files/hook.sh @@ -44,12 +44,14 @@ get) set -- [ "$debug" = 1 ] && set -- "$@" --debug - case $keylength in - ec-*) + case $key_type in + ec*) + keylength=${key_type/ec/ec-} domain_dir="$state_dir/${main_domain}_ecc" set -- "$@" --ecc ;; - *) + rsa*) + keylength=${key_type#rsa} domain_dir="$state_dir/$main_domain" ;; esac diff --git a/net/acme-common/files/acme.init b/net/acme-common/files/acme.init index a365ecd3e..d4ff51063 100644 --- a/net/acme-common/files/acme.init +++ b/net/acme-common/files/acme.init @@ -39,8 +39,17 @@ load_options() { export domains export main_domain main_domain="$(first_arg $domains)" - config_get keylength "$section" keylength ec-256 - export keylength + config_get keylength "$section" keylength + if [ "$keylength" ]; then + log warn "Option \"keylength\" is deprecated, please use key_type (e.g., ec256, rsa2048) instead." + case $keylength in + ec-*) key_type=${keylength/-/} ;; + *) key_type=rsa$keylength ;; + esac + else + config_get key_type "$section" key_type ec256 + fi + export key_type config_get dns "$section" dns export dns config_get acme_server "$section" acme_server @@ -51,7 +60,6 @@ load_options() { export standalone config_get dns_wait "$section" dns_wait export dns_wait - config_get webroot "$section" webroot if [ "$webroot" ]; then log warn "Option \"webroot\" is deprecated, please remove it and change your web server's config so it serves ACME challenge requests from $CHALLENGE_DIR." |