Define the default algo in acme_common

Because ring does not currently support RSA keys generation, the default algo must be adapted depending on whether or not the standalone feature is activated.
6 years ago · d186f5c10a
3 changed files with 4 additions and 2 deletions
--- a/acme_common/src/crypto.rs
+++ b/acme_common/src/crypto.rs
@ -7,7 +7,10 @@ mod standalone_hash;

 mod openssl_keys;

+#[cfg(not(feature = "standalone"))]
 pub const DEFAULT_ALGO: &str = "rsa2048";
+#[cfg(feature = "standalone")]
+pub const DEFAULT_ALGO: &str = "ecdsa_p256";

 pub use openssl_certificate::{Csr, X509Certificate};

--- a/acmed/src/config.rs
+++ b/acmed/src/config.rs
@ -284,7 +284,7 @@ impl Certificate {
    pub fn get_algorithm(&self) -> Result<Algorithm, Error> {
        let algo = match &self.algorithm {
            Some(a) => &a,
-            None => crate::DEFAULT_ALGO,
+            None => acme_common::crypto::DEFAULT_ALGO,
        };
        Algorithm::from_str(algo)
    }
--- a/acmed/src/main.rs
+++ b/acmed/src/main.rs
@ -18,7 +18,6 @@ pub const DEFAULT_CONFIG_FILE: &str = "/etc/acmed/acmed.toml";
 pub const DEFAULT_ACCOUNTS_DIR: &str = "/etc/acmed/accounts";
 pub const DEFAULT_CERT_DIR: &str = "/etc/acmed/certs";
 pub const DEFAULT_CERT_FORMAT: &str = "{{name}}_{{algo}}.{{file_type}}.{{ext}}";
-pub const DEFAULT_ALGO: &str = "rsa2048";
 pub const DEFAULT_SLEEP_TIME: u64 = 3600;
 pub const DEFAULT_POOL_TIME: u64 = 5000;
 pub const DEFAULT_CERT_FILE_MODE: u32 = 0o644;