From 748c19be21007dde4caa7d9a92609de05b882a40 Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Tue, 20 Sep 2022 22:05:53 +0100 Subject: [PATCH 1/2] build-ca: Check x509-types 'ca' and 'COMMON' files exist Signed-off-by: Richard T Bonhomme --- easyrsa3/easyrsa | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 69dfe92..a80cdbf 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -1288,6 +1288,12 @@ $EASYRSA_PKI Refusing to create a new CA keypair as this operation would overwrite your current CA keypair. If you intended to start a new CA, run init-pki first." + # Cert type must exist under the EASYRSA_EXT_DIR + [ -e "$EASYRSA_EXT_DIR/ca" ] || die "\ +Missing X509-type 'ca'" + [ -e "$EASYRSA_EXT_DIR/COMMON" ] || die "\ +Missing X509-type 'COMMON'" + # Check for insert-marker in ssl config file if ! grep -q '^#%CA_X509_TYPES_EXTRA_EXTS%' "$EASYRSA_SSL_CONF"; then die "\ @@ -1635,9 +1641,9 @@ expected 2, got $# (see command help for usage)" # Cert type must exist under the EASYRSA_EXT_DIR [ -e "$EASYRSA_EXT_DIR/$crt_type" ] || die "\ -Unknown cert type '$crt_type'" +Missing X509-type '$crt_type'" [ -e "$EASYRSA_EXT_DIR/COMMON" ] || die "\ -Missing cert type 'COMMON'" +Missing X509-type 'COMMON'" # Cert type must NOT be COMMON [ "$crt_type" != COMMON ] || die "\ From 993f504b099d14e3d13d43d3cd2e94a5a4e407fe Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Tue, 20 Sep 2022 22:26:33 +0100 Subject: [PATCH 2/2] ChangeLog: 'Always ensure X509-types files exist (#581 #696)' Signed-off-by: Richard T Bonhomme --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 4ee7971..9c23d13 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ Easy-RSA 3 ChangeLog 3.1.1 (TBD) + * Always ensure X509-types files exist (#581 #696) * Remove renew-req (#684) * Re-enable use of '--vars=FILE init-pki' #640 (Revert #566) * Introduce --keep-tmp, keep temp files for debugging (#667)