Hello, First, sorry for double posting to misc@.
This is a short patch to let acme-client accept ECDSA keys now that letsencrypt accepts signing certificates with those keys. This functionality is present in certbot, so it might be a good idea to let acme-client accept that too.
The key needs to be generated manually i.e.: openssl ecparam -genkey -name secp384r1 -out privkey.pem Best Regards
Index: rsa.c =================================================================== RCS file: /cvs/src/usr.sbin/acme-client/rsa.c,v retrieving revision 1.7 diff -u -p -r1.7 rsa.c --- rsa.c 28 Jul 2018 15:25:23 -0000 1.7 +++ rsa.c 22 May 2019 11:17:47 -0000 @@ -79,7 +79,8 @@ rsa_key_load(FILE *f, const char *fname) if (pkey == NULL) { warnx("%s: PEM_read_PrivateKey", fname); return NULL; - } else if (EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) + } else if (EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA || + EVP_PKEY_type(pkey->type) == EVP_PKEY_EC ) return pkey; warnx("%s: unsupported key type", fname);
smime.p7s
Description: S/MIME Cryptographic Signature