allow to generate cert/csr with ECDSA key
Add ability to generate certificates/CSRs with ECDSA keys.
Change default ECSDA curve to prime256v1. Issue #9843
Previous default was brainpool, but brainpool curves are not (widely?)
supported by browsers and were deprecated by IETF for TLS v1.3
GUI improvements for ECDSA certificate handling
- Make central functions to check and test ECDSA compatibility. Issue #9843
- Filter incompatible certificates from being offered for the GUI or Captive Portal. Implements #9897
- Do the same for IPsec, which implements #4991
- Add a check for key type when generating ipsec.secrets to allow ECDSA certs to work in IPsec for issue #4991
Note that as of this moment, the following curves are known to be compatible:
HTTPS (GUI, Captive Portal): prime256v1, secp384r1
IPsec: prime256v1, secp384r1, secp521r1
Results may vary in other areas which are not yet well-tested, and in packages.