Skip to content

Commit

Permalink
README: Force use of named curves in example
Browse files Browse the repository at this point in the history 
MacOS uses LibreSSL for the OpenSSL command, and LibreSSL defaults to
using explicit curve parameters rather than named curves when encoding
private keys with `openssl req ...`. But the Golang x509 library does
not support explicit curve parameters, causing `tesla-http-proxy` to
fail with "x509: invalid ECDSA parameters".

This commit fixes the problem by adding an option to the openssl command
in the README that forces LibreSSL to use named curves.
  • Loading branch information
@sethterashima
sethterashima committed Dec 8, 2023
1 parent 4c4e5ae commit 12678f4
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,9 @@ purposes, you can create a self-signed localhost server certificate using
OpenSSL:

```
openssl req -x509 -nodes -newkey ec -pkeyopt ec_paramgen_curve:secp521r1 \
openssl req -x509 -nodes -newkey ec \
-pkeyopt ec_paramgen_curve:secp521r1 \
-pkeyopt ec_param_enc:named_curve \
-subj '/CN=localhost' \
-keyout key.pem -out cert.pem -sha256 -days 3650 \
-addext "extendedKeyUsage = serverAuth" \
Expand Down

0 comments on commit 12678f4

Please sign in to comment.