commit f85585155e9c3e2af1c5286e676c4caea25cd366
parent 869a784b593116d33b6e133a5dbe9169d2beec80
Author: Johann150 <johann.galle@protonmail.com>
Date: Thu, 8 Apr 2021 00:13:18 +0200
switch default cert signing algorithm to ECDSA
resolves #42
resolves #49
I did not expect support for Ed25519 to be so bad as to receive multiple
complaints about it. I did expect some problems, hence why I provided the
--ecdsa flag. I had hoped support would be better to drive those who still
do not support it (while again there is no reason to not support this
algorithm!) to use it.
Diffstat:
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/main.rs b/src/main.rs
@@ -136,9 +136,9 @@ fn args() -> Result<Args> {
"Use a central .meta file in the content root directory. Decentral config files will be ignored.",
);
opts.optflag(
- "",
- "ecdsa",
- "Generate keys using the ecdsa signature algorithm instead of the default ed25519.",
+ "e",
+ "ed25519",
+ "Generate keys using the Ed25519 signature algorithm instead of the default ECDSA.",
);
let matches = opts.parse(&args[1..]).map_err(|f| f.to_string())?;
@@ -202,13 +202,14 @@ fn args() -> Result<Args> {
// <CertificateParams as Default>::default() already implements a
// date in the far future from the time of writing: 4096-01-01
- if !matches.opt_present("ecdsa") {
+ if matches.opt_present("e") {
cert_params.alg = &rcgen::PKCS_ED25519;
}
// generate the certificate with the configuration
let cert = Certificate::from_params(cert_params)?;
+ // make sure the certificate directory exists
fs::create_dir(certs_path.join(domain))?;
// write certificate data to disk
let mut cert_file = File::create(certs_path.join(format!(
@@ -217,6 +218,7 @@ fn args() -> Result<Args> {
certificates::CERT_FILE_NAME
)))?;
cert_file.write_all(&cert.serialize_der()?)?;
+ // write key data to disk
let mut key_file = File::create(certs_path.join(format!(
"{}/{}",
domain,
@@ -238,6 +240,7 @@ fn args() -> Result<Args> {
certs.unwrap()
};
+ // parse listening addresses
let mut addrs = vec![];
for i in matches.opt_strs("addr") {
addrs.push(i.parse()?);