formatting and travis fix
This commit is contained in:
Kodie Glosser
parent
ca201d7ba8
commit
1968cb0259
@ -59,7 +59,7 @@ DIRECTORY STATUS (commands would take effect on these locations)
|
|||||||
# Detailed command help
|
# Detailed command help
|
||||||
# When called with no args, calls usage(), otherwise shows help for a command
|
# When called with no args, calls usage(), otherwise shows help for a command
|
||||||
cmd_help() {
|
cmd_help() {
|
||||||
text=""
|
text=""
|
||||||
opts=""
|
opts=""
|
||||||
case "$1" in
|
case "$1" in
|
||||||
init-pki|clean-all) text="
|
init-pki|clean-all) text="
|
||||||
@ -220,6 +220,7 @@ Deprecated features:
|
|||||||
} # => opt_usage()
|
} # => opt_usage()
|
||||||
|
|
||||||
# Wrapper around printf - clobber print since it's not POSIX anyway
|
# Wrapper around printf - clobber print since it's not POSIX anyway
|
||||||
|
# shellcheck disable=SC1117
|
||||||
print() { printf "%s\n" "$*"; }
|
print() { printf "%s\n" "$*"; }
|
||||||
|
|
||||||
# Exit fatally with a message to stderr
|
# Exit fatally with a message to stderr
|
||||||
@ -264,8 +265,8 @@ BEGIN {IGNORECASE=1; r=2}
|
|||||||
confirm() {
|
confirm() {
|
||||||
[ "$EASYRSA_BATCH" ] && return
|
[ "$EASYRSA_BATCH" ] && return
|
||||||
prompt="$1"
|
prompt="$1"
|
||||||
value="$2"
|
value="$2"
|
||||||
msg="$3"
|
msg="$3"
|
||||||
input=""
|
input=""
|
||||||
print "
|
print "
|
||||||
$msg
|
$msg
|
||||||
@ -414,7 +415,7 @@ Your newly created PKI dir is: $EASYRSA_PKI
|
|||||||
|
|
||||||
# build-ca backend:
|
# build-ca backend:
|
||||||
build_ca() {
|
build_ca() {
|
||||||
opts=""
|
opts=""
|
||||||
sub_ca=""
|
sub_ca=""
|
||||||
crypto="-aes256"
|
crypto="-aes256"
|
||||||
while [ -n "$1" ]; do
|
while [ -n "$1" ]; do
|
||||||
@ -465,16 +466,17 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
|
|||||||
[ "$EASYRSA_BATCH" ] && opts="$opts -batch" || export EASYRSA_REQ_CN="Easy-RSA CA"
|
[ "$EASYRSA_BATCH" ] && opts="$opts -batch" || export EASYRSA_REQ_CN="Easy-RSA CA"
|
||||||
|
|
||||||
out_key_tmp="$(mktemp "$out_key.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$out_key_tmp"
|
out_key_tmp="$(mktemp "$out_key.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$out_key_tmp"
|
||||||
|
# shellcheck disable=SC2154
|
||||||
out_key_pass_tmp="$(mktemp "$out_key_pass.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_3="$out_key_pass_tmp"
|
out_key_pass_tmp="$(mktemp "$out_key_pass.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_3="$out_key_pass_tmp"
|
||||||
out_file_tmp="$(mktemp "$out_file.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_3="$out_file_tmp"
|
out_file_tmp="$(mktemp "$out_file.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_3="$out_file_tmp"
|
||||||
printf "Enter New CA Key Passphrase: "
|
printf "Enter New CA Key Passphrase: "
|
||||||
stty -echo
|
stty -echo
|
||||||
read kpass
|
read -r kpass
|
||||||
stty echo
|
stty echo
|
||||||
echo
|
echo
|
||||||
printf "Re-Enter New CA Key Passphrase: "
|
printf "Re-Enter New CA Key Passphrase: "
|
||||||
stty -echo
|
stty -echo
|
||||||
read kpass2
|
read -r kpass2
|
||||||
stty echo
|
stty echo
|
||||||
echo
|
echo
|
||||||
if [ "$kpass" = "$kpass2" ];
|
if [ "$kpass" = "$kpass2" ];
|
||||||
@ -484,7 +486,7 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
|
|||||||
die "Passphrases do not match."
|
die "Passphrases do not match."
|
||||||
fi
|
fi
|
||||||
# create the CA key using AES256
|
# create the CA key using AES256
|
||||||
"$EASYRSA_OPENSSL" genrsa -aes256 -out "$out_key_tmp" -passout file:"$out_key_pass_tmp"
|
"$EASYRSA_OPENSSL" genrsa -aes256 -out "$out_key_tmp" -passout file:"$out_key_pass_tmp"
|
||||||
# create the CA keypair:
|
# create the CA keypair:
|
||||||
#shellcheck disable=SC2086
|
#shellcheck disable=SC2086
|
||||||
"$EASYRSA_OPENSSL" req -utf8 -new -key "$out_key_tmp" \
|
"$EASYRSA_OPENSSL" req -utf8 -new -key "$out_key_tmp" \
|
||||||
@ -598,14 +600,14 @@ key: $key_out
|
|||||||
|
|
||||||
# common signing backend
|
# common signing backend
|
||||||
sign_req() {
|
sign_req() {
|
||||||
crt_type="$1"
|
crt_type="$1"
|
||||||
opts=""
|
opts=""
|
||||||
req_in="$EASYRSA_PKI/reqs/$2.req"
|
req_in="$EASYRSA_PKI/reqs/$2.req"
|
||||||
crt_out="$EASYRSA_PKI/issued/$2.crt"
|
crt_out="$EASYRSA_PKI/issued/$2.crt"
|
||||||
|
|
||||||
# Randomize Serial number
|
# Randomize Serial number
|
||||||
i=""
|
i=""
|
||||||
serial=""
|
serial=""
|
||||||
check_serial=""
|
check_serial=""
|
||||||
for i in 1 2 3 4 5; do
|
for i in 1 2 3 4 5; do
|
||||||
"$EASYRSA_OPENSSL" rand -hex -out "$EASYRSA_PKI/serial" 16
|
"$EASYRSA_OPENSSL" rand -hex -out "$EASYRSA_PKI/serial" 16
|
||||||
@ -679,17 +681,16 @@ $(display_dn req "$req_in")
|
|||||||
|
|
||||||
# If type is server and no subjectAltName was requested,
|
# If type is server and no subjectAltName was requested,
|
||||||
# add one to the extensions file
|
# add one to the extensions file
|
||||||
if [ "$crt_type" = 'server' ];
|
if [ "$crt_type" = 'server' ];
|
||||||
then
|
then
|
||||||
sname=$(basename $req_in | cut -d. -f1)
|
echo "$EASYRSA_EXTRA_EXTS" |
|
||||||
echo "$EASYRSA_EXTRA_EXTS" |
|
grep -q subjectAltName ||
|
||||||
grep -q subjectAltName ||
|
|
||||||
default_server_san "$req_in"
|
default_server_san "$req_in"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Add any advanced extensions supplied by env-var:
|
# Add any advanced extensions supplied by env-var:
|
||||||
[ -n "$EASYRSA_EXTRA_EXTS" ] && print "$EASYRSA_EXTRA_EXTS"
|
[ -n "$EASYRSA_EXTRA_EXTS" ] && print "$EASYRSA_EXTRA_EXTS"
|
||||||
|
|
||||||
: # needed to keep die from inherting the above test
|
: # needed to keep die from inherting the above test
|
||||||
} > "$EASYRSA_TEMP_EXT" || die "\
|
} > "$EASYRSA_TEMP_EXT" || die "\
|
||||||
Failed to create temp extension file (bad permissions?) at:
|
Failed to create temp extension file (bad permissions?) at:
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user