nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

General formatting corrections (NFC)

Browse Source 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2022-03-31 23:00:47 +01:00
parent 14a29f9fca
commit 0d29396070
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 25 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
easyrsa3/easyrsa
View File

@ -70,13 +70,13 @@ cmd_help() {
init-pki|clean-all) text=" init-pki|clean-all) text="
init-pki [ cmd-opts ] init-pki [ cmd-opts ]
Removes & re-initializes the PKI dir for a clean PKI" Removes & re-initializes the PKI dir for a clean PKI"
opts=" opts="
hard-reset - Recursively deletes the PKI directory if it exists. hard-reset - Recursively deletes the PKI directory if it exists.
soft-reset - Keeps the vars file and the PKI directory itself intact." ;; soft-reset - Keeps the vars file and the PKI directory itself intact." ;;
build-ca) text=" build-ca) text="
build-ca [ cmd-opts ] build-ca [ cmd-opts ]
Creates a new CA" Creates a new CA"
opts=" opts="
nopass - do not encrypt the CA key (default is encrypted) nopass - do not encrypt the CA key (default is encrypted)
subca - create an intermediate CA keypair and request (default is a root CA) subca - create an intermediate CA keypair and request (default is a root CA)
intca - alias to the above" ;; intca - alias to the above" ;;
@ -88,7 +88,7 @@ cmd_help() {
Generate a standalone keypair and request (CSR) Generate a standalone keypair and request (CSR)
This request is suitable for sending to a remote CA for signing." This request is suitable for sending to a remote CA for signing."
opts=" opts="
nopass - do not encrypt the private key (default is encrypted)" ;; nopass - do not encrypt the private key (default is encrypted)" ;;
sign|sign-req) text=" sign|sign-req) text="
sign-req <type> <filename_base> sign-req <type> <filename_base>
@ -121,7 +121,7 @@ cmd_help() {
renew) text=" renew) text="
renew <filename_base> [ cmd-opts ] renew <filename_base> [ cmd-opts ]
Renew a certificate specified by the filename_base" Renew a certificate specified by the filename_base"
opts=" opts="
nopass - do not encrypt the private key (default is encrypted)" ;; nopass - do not encrypt the private key (default is encrypted)" ;;
gen-crl) text=" gen-crl) text="
gen-crl gen-crl
@ -132,14 +132,14 @@ cmd_help() {
This command will use the system time to update the status of issued This command will use the system time to update the status of issued
certificates." ;; certificates." ;;
show-req|show-cert) text=" show-req|show-cert) text="
show-req <filename_base> [ cmd-opts ] show-req <filename_base> [ cmd-opts ]
show-cert <filename_base> [ cmd-opts ] show-cert <filename_base> [ cmd-opts ]
Shows details of the req or cert referenced by filename_base Shows details of the req or cert referenced by filename_base
Human-readable output is shown, including any requested cert options when Human-readable output is shown, including any requested cert options when
showing a request." showing a request."
opts=" opts="
full - show full req/cert info, including pubkey/sig data" ;; full - show full req/cert info, including pubkey/sig data" ;;
show-ca) text=" show-ca) text="
show-ca [ cmd-opts ] show-ca [ cmd-opts ]
@ -178,7 +178,7 @@ cmd_help() {
set-rsa-pass <filename_base> [ cmd-opts ] set-rsa-pass <filename_base> [ cmd-opts ]
set-ec-pass <filename_base> [ cmd-opts ] set-ec-pass <filename_base> [ cmd-opts ]
Set a new passphrase on an RSA or EC key for the listed <filename_base>." Set a new passphrase on an RSA or EC key for the listed <filename_base>."
opts=" opts="
nopass - use no password and leave the key unencrypted nopass - use no password and leave the key unencrypted
file - (advanced) treat the file as a raw path, not a short-name" ;; file - (advanced) treat the file as a raw path, not a short-name" ;;
upgrade) text=" upgrade) text="
@ -546,7 +546,7 @@ $help_note"
# init-pki backend: # init-pki backend:
init_pki() { init_pki() {
# Process command options
reset="hard" reset="hard"
while [ -n "$1" ]; do while [ -n "$1" ]; do
case "$1" in case "$1" in
@ -566,26 +566,28 @@ You are about to remove the EASYRSA_PKI at: $EASYRSA_PKI
and initialize a fresh PKI here." and initialize a fresh PKI here."
# now remove it: # now remove it:
case "$reset" in case "$reset" in
hard) hard)
rm -rf "$EASYRSA_PKI" || die "Removal of PKI dir failed. Check/correct errors above" rm -rf "$EASYRSA_PKI" || \
;; die "Removal of PKI dir failed. Check/correct errors above"
soft) ;;
files="ca.crt certs_by_serial ecparams index.txt index.txt.attr index.txt.old issued private reqs serial serial.old" soft)
for i in $files; do for i in ca.crt certs_by_serial ecparams index.txt index.txt.attr \
rm -rf "${EASYRSA_PKI:?}/$i" || die "Removal of PKI dir failed. Check/correct errors above" index.txt.old issued private reqs serial serial.old; do
done rm -rf "${EASYRSA_PKI:?}/$i" || \
;; die "Removal of PKI dir failed. Check/correct errors above"
# More modes could be added here, e.g. only remove done
# issued certs (and clean database), but keep CA intact. ;;
*) # More modes could be added here, e.g. only remove
die "Removal of PKI dir failed. Unknown reset type." # issued certs (and clean database), but keep CA intact.
;; *)
die "Removal of PKI dir failed. Unknown reset type."
esac esac
fi fi
# new dirs: # new dirs:
for i in private reqs; do for i in private reqs; do
mkdir -p "$EASYRSA_PKI/$i" || die "Failed to create PKI file structure (permissions?)" mkdir -p "$EASYRSA_PKI/$i" || \
die "Failed to create PKI file structure (permissions?)"
done done
# Install data-files into ALL new PKIs # Install data-files into ALL new PKIs