Merge branch 'TinCanTech-self-sign-v2'

Signed-off-by: Richard T Bonhomme <[email protected]>
OpenVPN · Apr 26, 2024 · cc56dc9 · cc56dc9
2 parents 06768d2 + 4fa1011
commit cc56dc9
Showing 1 changed file with 22 additions and 9 deletions.
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
@@ -1894,19 +1894,31 @@ Cannot self-sign this request for '$file_name_base'.
 Conflicting certificate exists at:
 * $crt_out"
 
+	# Check algo and curve
+	case "$EASYRSA_ALGO" in
+	rsa)
+		# Silently use ec/secp384r1
+		export EASYRSA_ALGO=ec
+		set_var EASYRSA_CURVE secp384r1
+	;;
+	ec)
+		: # ok
+	;;
+	ed)
+		user_error "self-sign does not support ED Curves."
+	;;
+	*)
+		user_error "Unrecognised algorithm: '$EASYRSA_ALGO'"
+	esac
+
+	verbose "\
+self-sign: Use ALGO/CURVE to $EASYRSA_ALGO/$EASYRSA_CURVE"
+
 	# temp-file for params-file
 	selfsign_params_file=""
 	easyrsa_mktemp selfsign_params_file || \
 		die "build_self_sign - easyrsa_mktemp selfsign_params_file"
 
-	# Allow default EASYRSA_ALGO=rsa to silently use EC
-	if [ "$EASYRSA_CURVE" ]; then
-		[ "$EASYRSA_CURVE" = secp384r1 ] || \
-			user_error "Only EC Curve 'secp384r1' is supported."
-	else
-		export EASYRSA_CURVE=secp384r1
-	fi
-
 	# params-file
 	"${EASYRSA_OPENSSL}" ecparam \
 		-name "${EASYRSA_CURVE}" \
@@ -1937,7 +1949,8 @@ Conflicting certificate exists at:
 
 	# User info
 	notice "\
-Self-signed key and certificate created:
+Self-signed '$EASYRSA_ALGO/$EASYRSA_CURVE' \
+key and certificate created:
 * $key_out
 * $crt_out