From c3f380e527ba2acec6762c4d1be284a00b2dfaf6 Mon Sep 17 00:00:00 2001
From: srvrco <andy@serverco.com>
Date: Tue, 3 Jan 2017 14:05:43 +0000
Subject: [PATCH] include key types in config check

---
 getssl | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/getssl b/getssl
index ea8a012..e67e891 100755
--- a/getssl
+++ b/getssl
@@ -308,6 +308,16 @@ check_challenge_completion() { # checks with the ACME server if our challenge is
 
 check_config() { # check the config files for all obvious errors
   debug "checking config"
+
+  if [[ ! "$ACCOUNT_KEY_TYPE" =~ ^(rsa|prime256v1|secp384r1|secp521r1)$ ]]; then
+    info "invalid ACCOUNT_KEY_TYPE"
+    config_errors=true
+  fi
+  if [[ ! "$PRIVATE_KEY_ALG" =~ ^(rsa|prime256v1|secp384r1|secp521r1)$ ]]; then
+    info "invalid PRIVATE_KEY_ALG"
+    config_errors=true
+  fi
+
   # get all domains
   if [[ "$IGNORE_DIRECTORY_DOMAIN" == "true" ]]; then
     alldomains=${SANS//,/ }