In Go stdlib, RSA2048 is used by default. RSA support was removed in our fork, but we neglected to set a default ECDSA curve, so the user had to choose a curve. P256 is recommended by the Go devs and by us, so it seems to be a reasonable default.
validFor=flag.Duration("duration",365*24*time.Hour,"Duration that certificate is valid for")
validFor=flag.Duration("duration",365*24*time.Hour,"Duration that certificate is valid for")
//isCA = flag.Bool("ca", false, "whether this cert should be its own Certificate Authority")
//isCA = flag.Bool("ca", false, "whether this cert should be its own Certificate Authority")
//rsaBits = flag.Int("rsa-bits", 2048, "Size of RSA key to generate. Ignored if --ecdsa-curve is set")
//rsaBits = flag.Int("rsa-bits", 2048, "Size of RSA key to generate. Ignored if --ecdsa-curve is set")
ecdsaCurve=flag.String("ecdsa-curve","","ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521")
//ecdsaCurve = flag.String("ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521")
ecdsaCurve=flag.String("ecdsa-curve","P256","ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521")
falseHost=flag.String("false-host","","(Optional) Generate a false cert for this host; used to test x.509 implementations for safety regarding handling of the CA flag and KeyUsage")
falseHost=flag.String("false-host","","(Optional) Generate a false cert for this host; used to test x.509 implementations for safety regarding handling of the CA flag and KeyUsage")