gen-ec-cert: make encryption optional
This commit is contained in:
parent
f0505b1d11
commit
f53179091a
1 changed files with 6 additions and 3 deletions
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/sh
|
||||
usage()
|
||||
{
|
||||
printf "Usage: %s [-c curve] [-d days] domain\n" "${0##*/}" >&2
|
||||
printf "Usage: %s [-e] [-c curve] [-d days] domain\n" "${0##*/}" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
|
|
@ -12,13 +12,16 @@ tonumber()
|
|||
|
||||
curve=secp384r1
|
||||
days=3650
|
||||
while getopts c:d: flag; do
|
||||
encrypt=
|
||||
while getopts c:d:e flag; do
|
||||
case $flag in
|
||||
c) [ -n "$OPTARG" ] || usage
|
||||
curve=$OPTARG
|
||||
;;
|
||||
d) days=$(tonumber "$OPTARG") || usage
|
||||
;;
|
||||
e) encrypt=yes
|
||||
;;
|
||||
*) usage
|
||||
;;
|
||||
esac
|
||||
|
|
@ -31,7 +34,7 @@ if [ -f "$domain.key" ]; then
|
|||
printf "%s: key for %s already exists; reusing it.\n" \
|
||||
"${0##*/}" "$domain" >&2
|
||||
else
|
||||
(umask 077 && openssl genpkey -aes256 \
|
||||
(umask 077 && openssl genpkey ${encrypt:+-aes256} \
|
||||
-algorithm ec -pkeyopt ec_paramgen_curve:"$curve" \
|
||||
-out "$domain.key")
|
||||
if [ $? -ne 0 ] || [ ! -s "$domain.key" ]; then
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue