From 6d61014e51266f1cb083d9f31491f9c5fb73eeb0 Mon Sep 17 00:00:00 2001 From: Glen Huang Date: Wed, 17 May 2023 17:53:51 +0800 Subject: [PATCH] acme: standardize key_type keylength, being an acme.sh value type, uses pure numbers for rsa keys. This can be disorienting for other acme clients. This change introduces a new option "key_type" that aims to remove this ambiguity, and makes all key type names follow the same pattern, making acme-common more client agnostic. Signed-off-by: Glen Huang --- net/acme-acmesh/files/hook.sh | 8 +++++--- net/acme-common/files/acme.init | 14 +++++++++++--- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/net/acme-acmesh/files/hook.sh b/net/acme-acmesh/files/hook.sh index 1e784edc3..477003e3f 100644 --- a/net/acme-acmesh/files/hook.sh +++ b/net/acme-acmesh/files/hook.sh @@ -44,12 +44,14 @@ get) set -- [ "$debug" = 1 ] && set -- "$@" --debug - case $keylength in - ec-*) + case $key_type in + ec*) + keylength=${key_type/ec/ec-} domain_dir="$state_dir/${main_domain}_ecc" set -- "$@" --ecc ;; - *) + rsa*) + keylength=${key_type#rsa} domain_dir="$state_dir/$main_domain" ;; esac diff --git a/net/acme-common/files/acme.init b/net/acme-common/files/acme.init index a365ecd3e..d4ff51063 100644 --- a/net/acme-common/files/acme.init +++ b/net/acme-common/files/acme.init @@ -39,8 +39,17 @@ load_options() { export domains export main_domain main_domain="$(first_arg $domains)" - config_get keylength "$section" keylength ec-256 - export keylength + config_get keylength "$section" keylength + if [ "$keylength" ]; then + log warn "Option \"keylength\" is deprecated, please use key_type (e.g., ec256, rsa2048) instead." + case $keylength in + ec-*) key_type=${keylength/-/} ;; + *) key_type=rsa$keylength ;; + esac + else + config_get key_type "$section" key_type ec256 + fi + export key_type config_get dns "$section" dns export dns config_get acme_server "$section" acme_server @@ -51,7 +60,6 @@ load_options() { export standalone config_get dns_wait "$section" dns_wait export dns_wait - config_get webroot "$section" webroot if [ "$webroot" ]; then log warn "Option \"webroot\" is deprecated, please remove it and change your web server's config so it serves ACME challenge requests from $CHALLENGE_DIR."