Merge branch 'general-improvements' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-general-improvements
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme
commit
2b0d8f775c
@ -435,7 +435,7 @@ cmd_help() {
|
||||
print "${err_text}${NL}"
|
||||
else
|
||||
# display the help text
|
||||
[ "$text" ] && print "${text}"
|
||||
[ "$text" ] && print "$text"
|
||||
|
||||
if [ "$text_only" ]; then
|
||||
: # ok - No opts message required
|
||||
@ -636,7 +636,8 @@ secure_session() {
|
||||
|
||||
# Create temp-file atomically or fail
|
||||
easyrsa_mktemp() {
|
||||
[ "$#" = 1 ] || die "easyrsa_mktemp - invalid input"
|
||||
[ "$#" = 1 ] || die "\
|
||||
easyrsa_mktemp - input error"
|
||||
|
||||
# session directory must exist
|
||||
[ "$secured_session" ] || die "\
|
||||
@ -651,7 +652,7 @@ easyrsa_mktemp - Temporary session undefined"
|
||||
# Create temp-file or die
|
||||
for i in x y z; do
|
||||
shotfile="${t}.0"
|
||||
target="$t.$i"
|
||||
target="${t}.${i}"
|
||||
if [ -e "$shotfile" ]; then
|
||||
break
|
||||
else
|
||||
@ -1478,7 +1479,7 @@ Unable to create necessary PKI files (permissions?)"
|
||||
easyrsa_openssl genpkey -algorithm "$EASYRSA_ALGO" \
|
||||
-pkeyopt rsa_keygen_bits:"$EASYRSA_ALGO_PARAMS" \
|
||||
-out "$out_key_tmp" \
|
||||
${cipher+ "$cipher"} \
|
||||
${cipher:+ "$cipher"} \
|
||||
${EASYRSA_PASSOUT:+ -pass "$EASYRSA_PASSOUT"} \
|
||||
${out_key_pass_tmp:+ -pass file:"$out_key_pass_tmp"} \
|
||||
|| die "Failed create CA private key"
|
||||
@ -1486,7 +1487,7 @@ Unable to create necessary PKI files (permissions?)"
|
||||
ec)
|
||||
easyrsa_openssl genpkey -paramfile "$EASYRSA_ALGO_PARAMS" \
|
||||
-out "$out_key_tmp" \
|
||||
${cipher+ "$cipher"} \
|
||||
${cipher:+ "$cipher"} \
|
||||
${EASYRSA_PASSOUT:+ -pass "$EASYRSA_PASSOUT"} \
|
||||
${out_key_pass_tmp:+ -pass file:"$out_key_pass_tmp"} \
|
||||
|| die "Failed create CA private key"
|
||||
@ -1494,7 +1495,7 @@ Unable to create necessary PKI files (permissions?)"
|
||||
ed)
|
||||
easyrsa_openssl genpkey -algorithm "$EASYRSA_CURVE" \
|
||||
-out "$out_key_tmp" \
|
||||
${cipher+ "$cipher"} \
|
||||
${cipher:+ "$cipher"} \
|
||||
${EASYRSA_PASSOUT:+ -pass "$EASYRSA_PASSOUT"} \
|
||||
${out_key_pass_tmp:+ -pass file:"$out_key_pass_tmp"} \
|
||||
|| die "Failed create CA private key"
|
||||
@ -1507,11 +1508,11 @@ Unable to create necessary PKI files (permissions?)"
|
||||
easyrsa_openssl req -utf8 -new \
|
||||
-key "$out_key_tmp" -keyout "$out_key_tmp" \
|
||||
-out "$out_file_tmp" \
|
||||
${ssl_batch+ -batch} \
|
||||
${x509+ -x509} \
|
||||
${date_stamp+ -days "$EASYRSA_CA_EXPIRE"} \
|
||||
${EASYRSA_DIGEST+ -"$EASYRSA_DIGEST"} \
|
||||
${EASYRSA_NO_PASS+ "$no_password"} \
|
||||
${ssl_batch:+ -batch} \
|
||||
${x509:+ -x509} \
|
||||
${date_stamp:+ -days "$EASYRSA_CA_EXPIRE"} \
|
||||
${EASYRSA_DIGEST:+ -"$EASYRSA_DIGEST"} \
|
||||
${EASYRSA_NO_PASS:+ "$no_password"} \
|
||||
${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} \
|
||||
${EASYRSA_PASSOUT:+ -passout "$EASYRSA_PASSOUT"} \
|
||||
${in_key_pass_tmp:+ -passin file:"$in_key_pass_tmp"} \
|
||||
@ -1710,9 +1711,9 @@ $EASYRSA_EXTRA_EXTS"
|
||||
# Generate request
|
||||
easyrsa_openssl req -utf8 -new -newkey "$algo_opts" \
|
||||
-keyout "$key_out_tmp" -out "$req_out_tmp" \
|
||||
${EASYRSA_NO_PASS+ "$no_password"} \
|
||||
${text+ -text} \
|
||||
${ssl_batch+ -batch} \
|
||||
${EASYRSA_NO_PASS:+ "$no_password"} \
|
||||
${text:+ -text} \
|
||||
${ssl_batch:+ -batch} \
|
||||
${EASYRSA_PASSOUT:+ -passout "$EASYRSA_PASSOUT"} \
|
||||
|| die "Failed to generate request"
|
||||
|
||||
@ -1724,7 +1725,7 @@ $EASYRSA_EXTRA_EXTS"
|
||||
notice "\
|
||||
Keypair and certificate request completed. Your files are:
|
||||
* req: $req_out
|
||||
* key: $key_out${build_full+ $NL}"
|
||||
* key: $key_out${build_full:+ $NL}"
|
||||
|
||||
return 0
|
||||
} # => gen_req()
|
||||
@ -1959,11 +1960,11 @@ $(display_dn req "$req_in")
|
||||
easyrsa_openssl ca -utf8 -batch \
|
||||
-in "$req_in" -out "$crt_out_tmp" \
|
||||
-extfile "$ext_tmp" \
|
||||
${EASYRSA_PASSIN+-passin "$EASYRSA_PASSIN"} \
|
||||
${EASYRSA_NO_TEXT+-notext} \
|
||||
${EASYRSA_CERT_EXPIRE+-days "$EASYRSA_CERT_EXPIRE"} \
|
||||
${EASYRSA_FIX_OFFSET+-startdate "$start_fixdate"} \
|
||||
${EASYRSA_FIX_OFFSET+-enddate "$end_fixdate"} \
|
||||
${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} \
|
||||
${EASYRSA_NO_TEXT:+ -notext} \
|
||||
${EASYRSA_CERT_EXPIRE:+ -days "$EASYRSA_CERT_EXPIRE"} \
|
||||
${EASYRSA_FIX_OFFSET:+ -startdate "$start_fixdate"} \
|
||||
${EASYRSA_FIX_OFFSET:+ -enddate "$end_fixdate"} \
|
||||
|| die "\
|
||||
Signing failed (openssl output above may have more detail)"
|
||||
|
||||
@ -2194,11 +2195,11 @@ with the following subject:
|
||||
|
||||
serial-number: $cert_serial
|
||||
|
||||
Reason: ${crl_reason-None given}"
|
||||
Reason: ${crl_reason:-None given}"
|
||||
|
||||
# Revoke certificate
|
||||
easyrsa_openssl ca -utf8 -revoke "$crt_in" \
|
||||
${crl_reason+ -crl_reason "$crl_reason"} \
|
||||
${crl_reason:+ -crl_reason "$crl_reason"} \
|
||||
${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} \
|
||||
|| die "\
|
||||
Failed to revoke certificate: revocation command failed."
|
||||
@ -2645,11 +2646,11 @@ These files will be moved to the 'revoked' storage sub-directory:
|
||||
|
||||
serial-number: $cert_serial
|
||||
|
||||
Reason: ${crl_reason-None given}"
|
||||
Reason: ${crl_reason:-None given}"
|
||||
|
||||
# Revoke the old (already renewed) certificate
|
||||
easyrsa_openssl ca -utf8 -revoke "$crt_in" \
|
||||
${crl_reason+ -crl_reason "$crl_reason"} \
|
||||
${crl_reason:+ -crl_reason "$crl_reason"} \
|
||||
${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} \
|
||||
|| die "Failed to revoke renewed certificate: revocation command failed."
|
||||
|
||||
@ -2943,7 +2944,7 @@ The inline credentials files:
|
||||
The duplicate certificate:
|
||||
* $duplicate_crt_by_serial
|
||||
|
||||
IMPORTANT: The new key will${EASYRSA_NO_PASS+ NOT} be password protected."
|
||||
IMPORTANT: The new key will${EASYRSA_NO_PASS:+ NOT} be password protected."
|
||||
|
||||
confirm " Continue with rebuild: " "yes" "\
|
||||
Please confirm you wish to renew the certificate
|
||||
@ -3108,11 +3109,11 @@ gen_crl() {
|
||||
die "gen_crl - easyrsa_mktemp out_file_tmp"
|
||||
|
||||
easyrsa_openssl ca -utf8 -gencrl -out "$out_file_tmp" \
|
||||
${EASYRSA_CRL_DAYS:+-days "$EASYRSA_CRL_DAYS"} \
|
||||
${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} || \
|
||||
${EASYRSA_CRL_DAYS:+ -days "$EASYRSA_CRL_DAYS"} \
|
||||
${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} || \
|
||||
die "CRL Generation failed."
|
||||
|
||||
mv ${EASYRSA_BATCH:+-f} "$out_file_tmp" "$out_file"
|
||||
mv ${EASYRSA_BATCH:+ -f} "$out_file_tmp" "$out_file"
|
||||
|
||||
notice "\
|
||||
An updated CRL has been created:
|
||||
@ -3407,7 +3408,7 @@ update_db() {
|
||||
verify_ca_init
|
||||
|
||||
easyrsa_openssl ca -utf8 -updatedb \
|
||||
${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} || die "\
|
||||
${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} || die "\
|
||||
Failed to perform update-db: see above for related openssl errors."
|
||||
|
||||
return 0
|
||||
@ -3415,7 +3416,9 @@ Failed to perform update-db: see above for related openssl errors."
|
||||
|
||||
# Display subjectAltName
|
||||
display_san() {
|
||||
[ "$#" = 2 ] || die "display_dn - Incorrect input parameters"
|
||||
[ "$#" = 2 ] || die "\
|
||||
display_san - input error"
|
||||
|
||||
format="$1"
|
||||
path="$2"
|
||||
shift 2
|
||||
@ -3442,7 +3445,9 @@ display_san() {
|
||||
|
||||
# display cert DN info on a req/X509, passed by full pathname
|
||||
display_dn() {
|
||||
[ "$#" = 2 ] || die "display_dn - Incorrect input parameters"
|
||||
[ "$#" = 2 ] || die "\
|
||||
display_dn - input error"
|
||||
|
||||
format="$1"
|
||||
path="$2"
|
||||
shift 2
|
||||
@ -3465,7 +3470,9 @@ display_dn() {
|
||||
|
||||
# generate default SAN from req/X509, passed by full pathname
|
||||
default_server_san() {
|
||||
[ "$#" = 1 ] || die "display_dn - Incorrect input parameters"
|
||||
[ "$#" = 1 ] || die "\
|
||||
default_server_san - input error"
|
||||
|
||||
path="$1"
|
||||
shift
|
||||
|
||||
@ -3624,8 +3631,8 @@ This file is stored at:
|
||||
* $in_file"
|
||||
|
||||
easyrsa_openssl "$format" -in "$in_file" -noout -text \
|
||||
${type_opts+ "$type_opts" "$out_opts"} \
|
||||
${name_opts+ -nameopt "$name_opts"} \
|
||||
${type_opts:+ "$type_opts" "$out_opts"} \
|
||||
${name_opts:+ -nameopt "$name_opts"} \
|
||||
|| die "\
|
||||
OpenSSL failure to process the input"
|
||||
|
||||
@ -3673,7 +3680,8 @@ OpenSSL failure to process the input"
|
||||
# Set fixed offset dates
|
||||
fixed_cert_dates() {
|
||||
# check input
|
||||
[ "$#" -eq 3 ] || die "fixed_cert_dates - input error"
|
||||
[ "$#" = 3 ] || die "\
|
||||
fixed_cert_dates - input error"
|
||||
|
||||
# Set the start fixed day-number of the Year
|
||||
start_fix_day_n="$1"
|
||||
@ -3823,7 +3831,7 @@ fixed_cert_dates - force_set_var - $3 - $end_fix_day_d"
|
||||
# Convert certificate date to timestamp seconds since epoch
|
||||
cert_date_to_timestamp_s() {
|
||||
# check input
|
||||
[ "$#" -eq 2 ] || die "\
|
||||
[ "$#" = 2 ] || die "\
|
||||
cert_date_to_timestamp_s - input error"
|
||||
|
||||
in_date="$1"
|
||||
@ -3872,7 +3880,7 @@ cert_date_to_timestamp_s - force_set_var - $2 - $timestamp_s"
|
||||
# to X509 certificate style date (+)offset
|
||||
offset_days_to_cert_date() {
|
||||
# check input
|
||||
[ "$#" -eq 2 ] || die "\
|
||||
[ "$#" = 2 ] || die "\
|
||||
offset_days_to_cert_date - input error"
|
||||
|
||||
in_offset="$1"
|
||||
@ -3926,7 +3934,7 @@ offset_days_to_cert_date \
|
||||
# Convert fixed format date to X509 certificate style date
|
||||
ff_date_to_cert_date() {
|
||||
# check input
|
||||
[ "$#" -eq 2 ] || die "\
|
||||
[ "$#" = 2 ] || die "\
|
||||
ff_date_to_cert_date - input error"
|
||||
|
||||
in_date="$1"
|
||||
@ -3980,7 +3988,7 @@ ff_date_to_cert_date \
|
||||
# Build a Windows date.exe compatible input field
|
||||
db_date_to_ff_date() {
|
||||
# check input
|
||||
[ "$#" -eq 2 ] || die "\
|
||||
[ "$#" = 2 ] || die "\
|
||||
db_date_to_ff_date - input error"
|
||||
|
||||
in_date="$1"
|
||||
@ -4010,14 +4018,14 @@ db_date_to_ff_date \
|
||||
|
||||
# sanatize and set var
|
||||
force_set_var() {
|
||||
[ "$#" -eq 2 ] || die "force_set_var - input"
|
||||
[ "$#" = 2 ] || die "force_set_var - input"
|
||||
unset -v "$1" || die "force_set_var - unset"
|
||||
set_var "$1" "$2" || die "force_set_var - set_var"
|
||||
} # => force_set_var()
|
||||
|
||||
# get the serial number of the certificate -> serial=XXXX
|
||||
ssl_cert_serial() {
|
||||
[ "$#" = 2 ] || die "ssl_cert_serial - invalid input"
|
||||
[ "$#" = 2 ] || die "ssl_cert_serial - input error"
|
||||
[ -f "$1" ] || die "ssl_cert_serial - missing cert"
|
||||
|
||||
fn_ssl_out="$(
|
||||
@ -4035,7 +4043,7 @@ ssl_cert_serial() {
|
||||
# Get certificate start date
|
||||
ssl_cert_not_before_date() {
|
||||
[ "$#" = 2 ] || die "\
|
||||
ssl_cert_not_before_date - invalid input"
|
||||
ssl_cert_not_before_date - input error"
|
||||
[ -f "$1" ] || die "\
|
||||
ssl_cert_not_before_date - missing cert"
|
||||
|
||||
@ -4055,7 +4063,7 @@ ssl_cert_not_before_date - failed to set var '$*'"
|
||||
# Get certificate end date
|
||||
ssl_cert_not_after_date() {
|
||||
[ "$#" = 2 ] || die "\
|
||||
ssl_cert_not_after_date - invalid input"
|
||||
ssl_cert_not_after_date - input error"
|
||||
[ -f "$1" ] || die "\
|
||||
ssl_cert_not_after_date - missing cert"
|
||||
|
||||
@ -4308,7 +4316,7 @@ serial mismatch:
|
||||
# cert status reports
|
||||
status() {
|
||||
|
||||
[ "$#" -gt 0 ] || die "status - Incorrect input parameters"
|
||||
[ "$#" -gt 0 ] || die "status - input error"
|
||||
report="$1"
|
||||
target="$2"
|
||||
|
||||
@ -4437,7 +4445,7 @@ detect_host() {
|
||||
fi
|
||||
|
||||
host_out="\
|
||||
${host_out} | $easyrsa_host_os | $easyrsa_uname | $easyrsa_shell"
|
||||
$host_out | $easyrsa_host_os | $easyrsa_uname | $easyrsa_shell"
|
||||
host_out="\
|
||||
${host_out}${easyrsa_win_git_bash+ | "$easyrsa_win_git_bash"}"
|
||||
unset -v easyrsa_ver_test easyrsa_host_test
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user