Hello,This is a short patch to let acme-client accept ECDSA keys now that letsencrypt accepts signing certificates with those keys. This functionality is present in certbot, so it might be a good idea to let acme-client accept that too.
The key needs to be generated manually i.e.: openssl ecparam -genkey -name secp384r1 -out privkey.pem
Best Regards
Index: rsa.c
===================================================================
RCS file: /cvs/src/usr.sbin/acme-client/rsa.c,v
retrieving revision 1.7
diff -u -p -r1.7 rsa.c
--- rsa.c 28 Jul 2018 15:25:23 -0000 1.7
+++ rsa.c 22 May 2019 11:17:47 -0000
@@ -79,7 +79,8 @@ rsa_key_load(FILE *f, const char *fname)
if (pkey == NULL) {
warnx("%s: PEM_read_PrivateKey", fname);
return NULL;
- } else if (EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA)
+ } else if (EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA ||
+ EVP_PKEY_type(pkey->type) == EVP_PKEY_EC )
return pkey;
warnx("%s: unsupported key type", fname);
smime.p7s
Description: S/MIME Cryptographic Signature
