From 67184d7b20e9622b91ea23a2640de10105f84213 Mon Sep 17 00:00:00 2001
From: neilpang <github@byneil.com>
Date: Fri, 4 Nov 2016 23:34:06 +0800
Subject: [PATCH 1/2] add more error check

---
 acme.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/acme.sh b/acme.sh
index 8e86b03e..653dd042 100755
--- a/acme.sh
+++ b/acme.sh
@@ -454,7 +454,12 @@ _sign() {
   if grep "BEGIN RSA PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then
     $_sign_openssl | _base64
   elif grep "BEGIN EC PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then
-    _signedECText="$($_sign_openssl | openssl asn1parse -inform DER)"
+    if ! _signedECText="$($_sign_openssl | openssl asn1parse -inform DER)" ; then
+      _err "Sign failed: $_sign_openssl"
+      _err "Key file: $keyfile"
+      _err "Key content:$(cat "$keyfile")"
+      return 1
+    fi
     _debug3 "_signedECText" "$_signedECText"
     _ec_r="$(echo "$_signedECText" | _head_n 2 | _tail_n 1 | cut -d : -f 4 | tr -d "\r\n")"
     _debug3 "_ec_r" "$_ec_r"

From d018be5d36e83428ab43ef51c67104f675f96f5a Mon Sep 17 00:00:00 2001
From: neilpang <github@byneil.com>
Date: Fri, 4 Nov 2016 23:45:08 +0800
Subject: [PATCH 2/2] hide private key from the log

---
 acme.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/acme.sh b/acme.sh
index 653dd042..83bca1d8 100755
--- a/acme.sh
+++ b/acme.sh
@@ -457,7 +457,7 @@ _sign() {
     if ! _signedECText="$($_sign_openssl | openssl asn1parse -inform DER)" ; then
       _err "Sign failed: $_sign_openssl"
       _err "Key file: $keyfile"
-      _err "Key content:$(cat "$keyfile")"
+      _err "Key content:$(cat "$keyfile" | wc -l) lises"
       return 1
     fi
     _debug3 "_signedECText" "$_signedECText"