nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove renew-req

Browse Source 
Phase-2: #684

Supersedes: #616

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2022-09-09 14:20:30 +01:00
parent 77172864c0
commit 2850fbb009
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
2 changed files with 2 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -1,11 +1,13 @@
Easy-RSA 3 ChangeLog Easy-RSA 3 ChangeLog
3.1.1 (TBD) 3.1.1 (TBD)
* Remove renew-req (#684)
* Re-enable use of '--vars=FILE init-pki' #640 (Revert #566) * Re-enable use of '--vars=FILE init-pki' #640 (Revert #566)
* Introduce --keep-tmp, keep temp files for debugging (#667) * Introduce --keep-tmp, keep temp files for debugging (#667)
* Introduce Quiet mode option -q|--quiet, disable information output * Introduce Quiet mode option -q|--quiet, disable information output
8b7e79096b18afc5c61bfbaee204c1f7401f0019 8b7e79096b18afc5c61bfbaee204c1f7401f0019
* Introduce renew-req, create a new CSR for an existing key (#616) * Introduce renew-req, create a new CSR for an existing key (#616)
Superseded by #684
* Add serialNumber (OID 2.5.4.5) to DN 'org' mode (#606) * Add serialNumber (OID 2.5.4.5) to DN 'org' mode (#606)
* Support ampersand and dollar-sign in vars file (#590) * Support ampersand and dollar-sign in vars file (#590)
* Introduce 'rewind-renew' (#579) * Introduce 'rewind-renew' (#579)

109
easyrsa3/easyrsa
View File

@ -36,7 +36,6 @@ Here is the list of commands available with a short syntax reminder. Use the
build-server-full <file_name_base> [ cmd-opts ] build-server-full <file_name_base> [ cmd-opts ]
build-serverClient-full <file_name_base> [ cmd-opts ] build-serverClient-full <file_name_base> [ cmd-opts ]
revoke <file_name_base> [cmd-opts] revoke <file_name_base> [cmd-opts]
renew-req <file_name_base> [cmd-opts]
renew <file_name_base> [cmd-opts] renew <file_name_base> [cmd-opts]
renewable [ <file_name_base> ] renewable [ <file_name_base> ]
revoke-renewed <file_name_base> [cmd-opts] revoke-renewed <file_name_base> [cmd-opts]
@ -109,17 +108,6 @@ cmd_help() {
* gen-dh * gen-dh
Generates DH (Diffie-Hellman) parameters" Generates DH (Diffie-Hellman) parameters"
;;
renew-req)
text="
* renew-req <file_name_base> [ cmd-opts ]
Generate a certificate signing request [CSR] from an existing private key.
This request is suitable for sending to a remote CA for signing."
opts="
* text - Include certificate text in request"
;; ;;
gen-req) gen-req)
text=" text="
@ -1860,100 +1848,6 @@ inline_creds ()
} > "$inline_file" } > "$inline_file"
} # => inline_creds () } # => inline_creds ()
# renew-req backend:
# Create a new CSR with existing private key
renew_req() {
# pull filename base and use as default interactive CommonName:
[ "$1" ] || die "\
Error: gen-req must have a file base as the first argument.
Run easyrsa without commands for usage and commands."
key_in="$EASYRSA_PKI/private/$1.key"
req_out="$EASYRSA_PKI/reqs/$1.req"
# Set the request commonName
EASYRSA_REQ_CN="$1"
shift
# Verify PKI has been initialised
verify_pki_init
# function opts support
unset -v text nopass ssl_batch
while [ "$1" ]; do
case "$1" in
text) text=1 ;;
nopass) nopass=1 ;;
*) warn "Ignoring unknown command option: '$1'"
esac
shift
done
# an existing private key must exist
[ -f "$key_in" ] || die "Private key required: $key_in"
# don't wipe out an existing request without confirmation
[ -f "$req_out" ] && confirm "Confirm request overwrite: " "yes" "\
WARNING!!!
An existing request file was found at $req_out
Continuing with request generation will replace this request file."
# When EASYRSA_EXTRA_EXTS is defined, append it to openssl's [req] section:
if [ "$EASYRSA_EXTRA_EXTS" ]; then
# Setup & insert the extra ext data keyed by a magic line
extra_exts="
req_extensions = req_extra
[ req_extra ]
$EASYRSA_EXTRA_EXTS"
# shellcheck disable=SC2016 # vars don't expand in single quote
awkscript='
{if ( match($0, "^#%EXTRA_EXTS%") )
{ while ( getline<"/dev/stdin" ) {print} next }
{print}
}'
conf_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
print "$extra_exts" | \
awk "$awkscript" "$EASYRSA_SSL_CONF" \
> "$conf_tmp" \
|| die "Copying SSL config to temp file failed"
# Use this new SSL config for the rest of this function
EASYRSA_SSL_CONF="$conf_tmp"
fi
# Name temp files
req_out_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
# Set Edwards curve name or elliptic curve parameters file
algo_opts=""
if [ "ed" = "$EASYRSA_ALGO" ]; then
algo_opts="$EASYRSA_CURVE"
else
algo_opts="$EASYRSA_ALGO:$EASYRSA_ALGO_PARAMS"
fi
# Generate request
easyrsa_openssl req -utf8 -batch -new \
-key "$key_in" -out "$req_out_tmp" \
${nopass+ "$no_password"} \
${text+ -text} \
${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} \
|| die "Failed to generate request"
# Move temp-files to target-files
mv "$req_out_tmp" "$req_out"
# Success messages
notice "\
Certificate request completed. Your file is:
req: $req_out
*Original* key: $key_in"
return 0
} # => renew_req()
# revoke backend # revoke backend
revoke() { revoke() {
# pull filename base: # pull filename base:
@ -4891,9 +4785,6 @@ case "$cmd" in
gen-req) gen-req)
gen_req "$@" gen_req "$@"
;; ;;
renew-req)
renew_req "$@"
;;
sign|sign-req) sign|sign-req)
[ "$alias_days" ] && export EASYRSA_CERT_EXPIRE="$alias_days"; : [ "$alias_days" ] && export EASYRSA_CERT_EXPIRE="$alias_days"; :
sign_req "$@" sign_req "$@"