Browse Source

Add the `--crt-signature-alg` option in tacd

pull/39/head
Rodolphe Breard 4 years ago
parent
commit
602d8c6cf6
  1. 15
      acme_common/src/crypto/key_type.rs
  2. 5
      man/en/tacd.8
  3. 16
      tacd/src/main.rs

15
acme_common/src/crypto/key_type.rs

@ -47,13 +47,26 @@ impl KeyType {
Err(err_msg.into())
}
}
pub fn list_possible_values() -> Vec<&'static str> {
vec![
"rsa2048",
"rsa4096",
"ecdsa-p256",
"ecdsa-p384",
#[cfg(ed25519)]
"ed25519",
#[cfg(ed448)]
"ed448",
]
}
}
impl FromStr for KeyType {
type Err = Error;
fn from_str(s: &str) -> Result<Self, Error> {
match s.to_lowercase().as_str() {
match s.to_lowercase().replace("-", "_").as_str() {
"rsa2048" => Ok(KeyType::Rsa2048),
"rsa4096" => Ok(KeyType::Rsa4096),
"ecdsa_p256" => Ok(KeyType::EcdsaP256),

5
man/en/tacd.8

@ -14,6 +14,7 @@
.Nm
.Op Fl e|--acme-ext Ar STRING
.Op Fl -acme-ext-file Ar FILE
.Op Fl -crt-signature-alg Ar STRING
.Op Fl d|--domain Ar STRING
.Op Fl -domain-file Ar STRING
.Op Fl f|--foreground
@ -49,6 +50,10 @@ The options are as follows:
The acmeIdentifier extension to set in the self-signed certificate.
.It Fl -acme-ext-file Ar FILE
File from which is read the acmeIdentifier extension to set in the self-signed certificate.
.It Fl -crt-signature-alg Ar STRING
Set the certificate's signature algorithm. Possible values depends on the cryptographic library support and can be listed using the
.Em --help
flag.
.It Fl d, -domain Ar STRING
The domain that is being validated.
.It Fl -domain-file Ar STRING

16
tacd/src/main.rs

@ -50,13 +50,18 @@ fn init(cnf: &ArgMatches) -> Result<(), Error> {
let domain = to_idna(&domain)?;
let ext = get_acme_value(cnf, "acme-ext", "acme-ext-file")?;
let listen_addr = cnf.value_of("listen").unwrap_or(DEFAULT_LISTEN_ADDR);
let (pk, cert) = X509Certificate::from_acme_ext(&domain, &ext, DEFAULT_CRT_KEY_TYPE)?;
let crt_signature_alg = match cnf.value_of("crt-signature-alg") {
Some(alg) => alg.parse()?,
None => DEFAULT_CRT_KEY_TYPE,
};
let (pk, cert) = X509Certificate::from_acme_ext(&domain, &ext, crt_signature_alg)?;
info!("Starting {} on {} for {}", APP_NAME, listen_addr, domain);
server_start(listen_addr, &cert, &pk)?;
Ok(())
}
fn main() {
let default_crt_key_type = DEFAULT_CRT_KEY_TYPE.to_string();
let matches = App::new(APP_NAME)
.version(APP_VERSION)
.arg(
@ -101,6 +106,15 @@ fn main() {
.value_name("FILE")
.conflicts_with("acme-ext")
)
.arg(
Arg::with_name("crt-signature-alg")
.long("crt-signature-alg")
.help("The certificate's signature algorithm")
.takes_value(true)
.value_name("STRING")
.possible_values(&KeyType::list_possible_values())
.default_value(&default_crt_key_type)
)
.arg(
Arg::with_name("log-level")
.long("log-level")

Loading…
Cancel
Save