generate_nmc_cert: Use P256 curve by default.

In Go stdlib, RSA2048 is used by default. RSA support was removed in our fork, but we neglected to set a default ECDSA curve, so the user had to choose a curve. P256 is recommended by the Go devs and by us, so it seems to be a reasonable default.
7 years ago · fca636d4a1
parent 7263b7ae04
commit fca636d4a1
1 changed files with 2 additions and 1 deletions
--- a/generate_nmc_cert/main.go
+++ b/generate_nmc_cert/main.go
@ -45,7 +45,8 @@ var (
 	validFor   = flag.Duration("duration", 365*24*time.Hour, "Duration that certificate is valid for")
 	//isCA       = flag.Bool("ca", false, "whether this cert should be its own Certificate Authority")
 	//rsaBits    = flag.Int("rsa-bits", 2048, "Size of RSA key to generate. Ignored if --ecdsa-curve is set")
-	ecdsaCurve = flag.String("ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521")
+	//ecdsaCurve = flag.String("ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521")
+	ecdsaCurve = flag.String("ecdsa-curve", "P256", "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521")
 	falseHost  = flag.String("false-host", "", "(Optional) Generate a false cert for this host; used to test x.509 implementations for safety regarding handling of the CA flag and KeyUsage")
 )