From fca636d4a16870198d924a2860c7bd498b7eaf69 Mon Sep 17 00:00:00 2001 From: JeremyRand Date: Sun, 19 Nov 2017 06:48:57 +0000 Subject: [PATCH] generate_nmc_cert: Use P256 curve by default. In Go stdlib, RSA2048 is used by default. RSA support was removed in our fork, but we neglected to set a default ECDSA curve, so the user had to choose a curve. P256 is recommended by the Go devs and by us, so it seems to be a reasonable default. --- generate_nmc_cert/main.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/generate_nmc_cert/main.go b/generate_nmc_cert/main.go index 672a51d..caf5ff2 100644 --- a/generate_nmc_cert/main.go +++ b/generate_nmc_cert/main.go @@ -45,7 +45,8 @@ var ( validFor = flag.Duration("duration", 365*24*time.Hour, "Duration that certificate is valid for") //isCA = flag.Bool("ca", false, "whether this cert should be its own Certificate Authority") //rsaBits = flag.Int("rsa-bits", 2048, "Size of RSA key to generate. Ignored if --ecdsa-curve is set") - ecdsaCurve = flag.String("ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521") + //ecdsaCurve = flag.String("ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521") + ecdsaCurve = flag.String("ecdsa-curve", "P256", "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521") falseHost = flag.String("false-host", "", "(Optional) Generate a false cert for this host; used to test x.509 implementations for safety regarding handling of the CA flag and KeyUsage") )