nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'fix-offset-use-enddate' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-fix-offset-use-enddate

Browse Source 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2023-02-21 22:15:40 +00:00
commit 04ee3b0977
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
easyrsa3/easyrsa
View File

@ -1805,12 +1805,6 @@ Conflicting certificate already exists at:
The certificate request file is not in a valid X509 format: The certificate request file is not in a valid X509 format:
* $req_in" * $req_in"
# Get fixed dates by --fix-offset
if [ "$EASYRSA_FIX_OFFSET" ]; then
fixed_cert_dates "$EASYRSA_FIX_OFFSET" \
start_fixdate end_fixdate
fi
# When EASYRSA_CP_EXT is defined, # When EASYRSA_CP_EXT is defined,
# adjust openssl's [default_ca] section: # adjust openssl's [default_ca] section:
if [ "$EASYRSA_CP_EXT" ]; then if [ "$EASYRSA_CP_EXT" ]; then
@ -1929,6 +1923,14 @@ basicConstraints is not defined, cannot use 'pathlen'"
Failed to create temp extension file (bad permissions?) at: Failed to create temp extension file (bad permissions?) at:
* $ext_tmp" * $ext_tmp"
# Get fixed dates by --fix-offset
valid_days="$EASYRSA_CERT_EXPIRE"
if [ "$EASYRSA_FIX_OFFSET" ]; then
fixed_cert_dates "$EASYRSA_FIX_OFFSET" \
start_fixdate end_fixdate
unset -v EASYRSA_CERT_EXPIRE
fi
# Display the request subject in an easy-to-read format # Display the request subject in an easy-to-read format
# Confirm the user wishes to sign this request # Confirm the user wishes to sign this request
# Support batch by internal caller: # Support batch by internal caller:
@ -1942,7 +1944,7 @@ source or that you have verified the request checksum \
with the sender. with the sender.
Request subject, to be signed as a $crt_type certificate \ Request subject, to be signed as a $crt_type certificate \
for $EASYRSA_CERT_EXPIRE days: for $valid_days days:
$(display_dn req "$req_in") $(display_dn req "$req_in")
" # => confirm end " # => confirm end
@ -1953,13 +1955,14 @@ $(display_dn req "$req_in")
die "sign_req - easyrsa_mktemp crt_out_tmp" die "sign_req - easyrsa_mktemp crt_out_tmp"
# sign request # sign request
easyrsa_openssl ca -utf8 -in "$req_in" \ easyrsa_openssl ca -utf8 -batch \
-out "$crt_out_tmp" -extfile "$ext_tmp" \ -in "$req_in" -out "$crt_out_tmp" \
-days "$EASYRSA_CERT_EXPIRE" -batch \ -extfile "$ext_tmp" \
${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} \ ${EASYRSA_PASSIN+-passin "$EASYRSA_PASSIN"} \
${EASYRSA_NO_TEXT:+-notext} \ ${EASYRSA_NO_TEXT+-notext} \
${EASYRSA_FIX_OFFSET+ -startdate "$start_fixdate"} \ ${EASYRSA_CERT_EXPIRE+-days "$EASYRSA_CERT_EXPIRE"} \
${EASYRSA_FIX_OFFSET+ -enddate "$end_fixdate"} \ ${EASYRSA_FIX_OFFSET+-startdate "$start_fixdate"} \
${EASYRSA_FIX_OFFSET+-enddate "$end_fixdate"} \
|| die "\ || die "\
Signing failed (openssl output above may have more detail)" Signing failed (openssl output above may have more detail)"