From d22b7938dae42e92d0af60f060c56ea4354f851c Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 4 Nov 2016 22:45:50 +0800 Subject: [PATCH] fix old version openssl issue for ecc key --- acme.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/acme.sh b/acme.sh index 18453b6d..b1703ec8 100755 --- a/acme.sh +++ b/acme.sh @@ -891,6 +891,26 @@ _calcjwk() { crv="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")" _debug3 crv "$crv" + if [ -z "$crv" ] ; then + _debug "Let's try ASN1 OID" + crv_oid="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")" + case "${crv_oid}" in + "prime256v1") + crv="P-256" + ;; + "secp384r1") + crv="P-384" + ;; + "secp521r1") + crv="P-521" + ;; + *) + _err "ECC oid : $crv_oid" + return 1 + ;; + _debug3 crv "$crv" + fi + pubi="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)" pubi=$(_math $pubi + 1) _debug3 pubi "$pubi"