switch default cert signing algorithm to ECDSA

resolves #42 resolves #49 I did not expect support for Ed25519 to be so bad as to receive multiple complaints about it. I did expect some problems, hence why I provided the --ecdsa flag. I had hoped support would be better to drive those who still do not support it (while again there is no reason to not support this algorithm!) to use it.
mbrubeck · Apr 7, 2021 · f855851 · f855851
1 parent 869a784
commit f855851
Showing 1 changed file with 7 additions and 4 deletions.
diff --git a/src/main.rs b/src/main.rs
@@ -136,9 +136,9 @@ fn args() -> Result<Args> {
         "Use a central .meta file in the content root directory. Decentral config files will be ignored.",
     );
     opts.optflag(
-        "",
-        "ecdsa",
-        "Generate keys using the ecdsa signature algorithm instead of the default ed25519.",
+        "e",
+        "ed25519",
+        "Generate keys using the Ed25519 signature algorithm instead of the default ECDSA.",
     );
 
     let matches = opts.parse(&args[1..]).map_err(|f| f.to_string())?;
@@ -202,13 +202,14 @@ fn args() -> Result<Args> {
                 // <CertificateParams as Default>::default() already implements a
                 // date in the far future from the time of writing: 4096-01-01
 
-                if !matches.opt_present("ecdsa") {
+                if matches.opt_present("e") {
                     cert_params.alg = &rcgen::PKCS_ED25519;
                 }
 
                 // generate the certificate with the configuration
                 let cert = Certificate::from_params(cert_params)?;
 
+                // make sure the certificate directory exists
                 fs::create_dir(certs_path.join(domain))?;
                 // write certificate data to disk
                 let mut cert_file = File::create(certs_path.join(format!(
@@ -217,6 +218,7 @@ fn args() -> Result<Args> {
                     certificates::CERT_FILE_NAME
                 )))?;
                 cert_file.write_all(&cert.serialize_der()?)?;
+                // write key data to disk
                 let mut key_file = File::create(certs_path.join(format!(
                     "{}/{}",
                     domain,
@@ -238,6 +240,7 @@ fn args() -> Result<Args> {
         certs.unwrap()
     };
 
+    // parse listening addresses
     let mut addrs = vec![];
     for i in matches.opt_strs("addr") {
         addrs.push(i.parse()?);