nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'remove-renewable' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-remove-renewable

Browse Source 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2022-10-02 18:54:08 +01:00
commit 03d974a064
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 2 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
easyrsa3/easyrsa
View File

@ -37,7 +37,6 @@ Here is the list of commands available with a short syntax reminder. Use the
build-serverClient-full <file_name_base> [ cmd-opts ] build-serverClient-full <file_name_base> [ cmd-opts ]
revoke <file_name_base> [cmd-opts] revoke <file_name_base> [cmd-opts]
renew <file_name_base> [cmd-opts] renew <file_name_base> [cmd-opts]
renewable [ <file_name_base> ]
revoke-renewed <file_name_base> [cmd-opts] revoke-renewed <file_name_base> [cmd-opts]
rewind-renew <certificate-serial-number> rewind-renew <certificate-serial-number>
rebuild <file_name_base> [cmd-opts] rebuild <file_name_base> [cmd-opts]
@ -192,12 +191,6 @@ cmd_help() {
opts=" opts="
* nopass - do not encrypt the private key (default is encrypted)" * nopass - do not encrypt the private key (default is encrypted)"
;;
renewable)
text="
* renewable [ <file_name_base> ]
Check which certificates can be renewed"
;; ;;
rewind|rewind-renew) rewind|rewind-renew)
text=" text="
@ -262,7 +255,7 @@ cmd_help() {
* show-expire [ <file_name_base> ] * show-expire [ <file_name_base> ]
Shows details of *all* expiring certificates Shows details of *all* expiring certificates
Use --renew-days=NN to extend the grace period (Default 30 days) Use --renew-days=NN to extend the grace period (Default 90 days)
Optionally, check *only* <file_name_base> certificate" Optionally, check *only* <file_name_base> certificate"
;; ;;
show-revoke) show-revoke)
@ -400,7 +393,7 @@ cmd_help() {
eg: '--days=1095 renew server' eg: '--days=1095 renew server'
* Expiry days for certificate revokation list. * Expiry days for certificate revokation list.
eg: '--days=180 gen-crl' eg: '--days=180 gen-crl'
* Cutoff days for commands: show-expire or renewable. * Cutoff days for command: show-expire.
eg: '--days=90 show-expire'" eg: '--days=90 show-expire'"
;; ;;
--req-cn|req-cn) --req-cn|req-cn)
@ -2468,42 +2461,6 @@ revoke_renewed_move() {
return 0 return 0
} # => revoke_renewed_move() } # => revoke_renewed_move()
# renewable backend
renewable() {
verify_ca_init
in_dir="$EASYRSA_PKI"
MATCH=$(echo "$*" | sed -re 's/\s+/|/g')
DATE=$(date --date \
"+${EASYRSA_CERT_RENEW} days" \
+"%y%m%d%H%M%S")
{ awkscript=$(cat) ; } <<EOF
BEGIN { FS = "\t" };
# Only report valid entries
\$1 ~ /V/ {
# Only consider CN
gsub(".*/CN=", "", \$6);
gsub("[^-0-9a-zA-Z.].*", "", \$6);
# Only report old enough candidates
if (\$2 < "${DATE}") {
# Only report matches
if (\$6 ~ /(${MATCH})/) {
print \$6;
}
}
}
EOF
matches=$(awk "$awkscript" "${in_dir}/index.txt")
if [ -z "$matches" ] ; then
: # ok - Nothing is renewable
else
print "$matches"
fi
[ "$EASYRSA_SILENT" ] || print # Separate output above
return 0
} # => renewable
# Move renewed certs_by_serial to the new renew layout # Move renewed certs_by_serial to the new renew layout
rewind_renew() { rewind_renew() {
# pull filename base: serial number # pull filename base: serial number
@ -5155,10 +5112,6 @@ case "$cmd" in
[ "$alias_days" ] && export EASYRSA_CERT_EXPIRE="$alias_days"; : [ "$alias_days" ] && export EASYRSA_CERT_EXPIRE="$alias_days"; :
renew "$@" renew "$@"
;; ;;
renewable)
[ "$alias_days" ] && export EASYRSA_CERT_RENEW="$alias_days"; :
renewable "$@"
;;
rewind-renew) rewind-renew)
rewind_renew "$@" rewind_renew "$@"
;; ;;