From 57e58ce76cce210992e05db818d9066bbe7e6226 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 6 Nov 2016 23:08:45 +0800 Subject: [PATCH] set default account key to 2048. Some old platforms doesn't support ecc signing. --- acme.sh | 47 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 15 deletions(-) diff --git a/acme.sh b/acme.sh index 83bca1d8..1bea19d9 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=2.6.3 +VER=2.6.4 PROJECT_NAME="acme.sh" @@ -19,6 +19,9 @@ DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016. DEFAULT_USER_AGENT="$PROJECT_ENTRY client v$VER : $PROJECT" DEFAULT_ACCOUNT_EMAIL="" +DEFAULT_ACCOUNT_KEY_LENGTH=2048 +DEFAULT_DOMAIN_KEY_LENGTH=2048 + STAGE_CA="https://acme-staging.api.letsencrypt.org" VTYPE_HTTP="http-01" @@ -739,15 +742,24 @@ createAccountKey() { return fi + length=$1 + _create_account_key "$length" + +} + +_create_account_key() { + length=$1 if [ -z "$length" ] || [ "$length" = "$NO_VALUE" ] ; then - _debug "Use default length 2048" - length=2048 + _debug "Use default length $DEFAULT_ACCOUNT_KEY_LENGTH" + length="$DEFAULT_ACCOUNT_KEY_LENGTH" fi + _debug length "$length" _initpath + mkdir -p "$CA_DIR" if [ -f "$ACCOUNT_KEY_PATH" ] ; then _info "Account key exists, skip" return @@ -769,6 +781,11 @@ createDomainKey() { domain=$1 length=$2 + if [ -z "$length" ] ; then + _debug "Use DEFAULT_DOMAIN_KEY_LENGTH=$DEFAULT_DOMAIN_KEY_LENGTH" + length="$DEFAULT_DOMAIN_KEY_LENGTH" + fi + _initpath $domain "$length" if [ ! -f "$CERT_KEY_PATH" ] || ( [ "$FORCE" ] && ! [ "$IS_RENEW" ] ); then @@ -1319,7 +1336,7 @@ _read_conf() { eval "printf \"%s\" \"\$$_sdkey\"" ) else - _err "config file is empty, can not read $_sdkey" + _debug "config file is empty, can not read $_sdkey" fi } @@ -2163,16 +2180,21 @@ updateaccount() { } registeraccount() { + _reg_length="$1" _initpath - _regAccount + _regAccount "$_reg_length" } __calcAccountKeyHash() { [ -f "$ACCOUNT_KEY_PATH" ] && cat "$ACCOUNT_KEY_PATH" | _digest sha256 } + +#keylength _regAccount() { _initpath + _reg_length="$1" + if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then _info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH" @@ -2185,11 +2207,7 @@ _regAccount() { fi if [ ! -f "$ACCOUNT_KEY_PATH" ] ; then - _acck="no" - if [ "$Le_Keylength" ] ; then - _acck="$Le_Keylength" - fi - if ! createAccountKey "$_acck" ; then + if ! _create_account_key "$_reg_length" ; then _err "Create account key error." return 1 fi @@ -2414,10 +2432,12 @@ issue() { _debug2 _saved_account_key_hash "$_saved_account_key_hash" if [ -z "$_saved_account_key_hash" ] || [ "$_saved_account_key_hash" != "$(__calcAccountKeyHash)" ] ; then - if ! _regAccount ; then + if ! _regAccount "$_accountkeylength"; then _on_issue_err return 1 fi + else + _debug "_saved_account_key_hash is not changed, skip register account." fi if [ -f "$CSR_PATH" ] && [ ! -f "$CERT_KEY_PATH" ] ; then @@ -4232,9 +4252,6 @@ _process() { --keylength|-k) _keylength="$2" - if [ "$_accountkeylength" = "$NO_VALUE" ] ; then - _accountkeylength="$2" - fi shift ;; --accountkeylength|-ak) @@ -4458,7 +4475,7 @@ _process() { deactivate "$_domain,$_altdomains" ;; registeraccount) - registeraccount + registeraccount "$_accountkeylength" ;; updateaccount) updateaccount