diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index afdbb88..013c674 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -435,7 +435,7 @@ cmd_help() { print "${err_text}${NL}" else # display the help text - [ "$text" ] && print "${text}" + [ "$text" ] && print "$text" if [ "$text_only" ]; then : # ok - No opts message required @@ -636,7 +636,8 @@ secure_session() { # Create temp-file atomically or fail easyrsa_mktemp() { - [ "$#" = 1 ] || die "easyrsa_mktemp - invalid input" + [ "$#" = 1 ] || die "\ +easyrsa_mktemp - input error" # session directory must exist [ "$secured_session" ] || die "\ @@ -651,7 +652,7 @@ easyrsa_mktemp - Temporary session undefined" # Create temp-file or die for i in x y z; do shotfile="${t}.0" - target="$t.$i" + target="${t}.${i}" if [ -e "$shotfile" ]; then break else @@ -1478,7 +1479,7 @@ Unable to create necessary PKI files (permissions?)" easyrsa_openssl genpkey -algorithm "$EASYRSA_ALGO" \ -pkeyopt rsa_keygen_bits:"$EASYRSA_ALGO_PARAMS" \ -out "$out_key_tmp" \ - ${cipher+ "$cipher"} \ + ${cipher:+ "$cipher"} \ ${EASYRSA_PASSOUT:+ -pass "$EASYRSA_PASSOUT"} \ ${out_key_pass_tmp:+ -pass file:"$out_key_pass_tmp"} \ || die "Failed create CA private key" @@ -1486,7 +1487,7 @@ Unable to create necessary PKI files (permissions?)" ec) easyrsa_openssl genpkey -paramfile "$EASYRSA_ALGO_PARAMS" \ -out "$out_key_tmp" \ - ${cipher+ "$cipher"} \ + ${cipher:+ "$cipher"} \ ${EASYRSA_PASSOUT:+ -pass "$EASYRSA_PASSOUT"} \ ${out_key_pass_tmp:+ -pass file:"$out_key_pass_tmp"} \ || die "Failed create CA private key" @@ -1494,7 +1495,7 @@ Unable to create necessary PKI files (permissions?)" ed) easyrsa_openssl genpkey -algorithm "$EASYRSA_CURVE" \ -out "$out_key_tmp" \ - ${cipher+ "$cipher"} \ + ${cipher:+ "$cipher"} \ ${EASYRSA_PASSOUT:+ -pass "$EASYRSA_PASSOUT"} \ ${out_key_pass_tmp:+ -pass file:"$out_key_pass_tmp"} \ || die "Failed create CA private key" @@ -1507,11 +1508,11 @@ Unable to create necessary PKI files (permissions?)" easyrsa_openssl req -utf8 -new \ -key "$out_key_tmp" -keyout "$out_key_tmp" \ -out "$out_file_tmp" \ - ${ssl_batch+ -batch} \ - ${x509+ -x509} \ - ${date_stamp+ -days "$EASYRSA_CA_EXPIRE"} \ - ${EASYRSA_DIGEST+ -"$EASYRSA_DIGEST"} \ - ${EASYRSA_NO_PASS+ "$no_password"} \ + ${ssl_batch:+ -batch} \ + ${x509:+ -x509} \ + ${date_stamp:+ -days "$EASYRSA_CA_EXPIRE"} \ + ${EASYRSA_DIGEST:+ -"$EASYRSA_DIGEST"} \ + ${EASYRSA_NO_PASS:+ "$no_password"} \ ${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} \ ${EASYRSA_PASSOUT:+ -passout "$EASYRSA_PASSOUT"} \ ${in_key_pass_tmp:+ -passin file:"$in_key_pass_tmp"} \ @@ -1710,9 +1711,9 @@ $EASYRSA_EXTRA_EXTS" # Generate request easyrsa_openssl req -utf8 -new -newkey "$algo_opts" \ -keyout "$key_out_tmp" -out "$req_out_tmp" \ - ${EASYRSA_NO_PASS+ "$no_password"} \ - ${text+ -text} \ - ${ssl_batch+ -batch} \ + ${EASYRSA_NO_PASS:+ "$no_password"} \ + ${text:+ -text} \ + ${ssl_batch:+ -batch} \ ${EASYRSA_PASSOUT:+ -passout "$EASYRSA_PASSOUT"} \ || die "Failed to generate request" @@ -1724,7 +1725,7 @@ $EASYRSA_EXTRA_EXTS" notice "\ Keypair and certificate request completed. Your files are: * req: $req_out -* key: $key_out${build_full+ $NL}" +* key: $key_out${build_full:+ $NL}" return 0 } # => gen_req() @@ -1959,11 +1960,11 @@ $(display_dn req "$req_in") easyrsa_openssl ca -utf8 -batch \ -in "$req_in" -out "$crt_out_tmp" \ -extfile "$ext_tmp" \ - ${EASYRSA_PASSIN+-passin "$EASYRSA_PASSIN"} \ - ${EASYRSA_NO_TEXT+-notext} \ - ${EASYRSA_CERT_EXPIRE+-days "$EASYRSA_CERT_EXPIRE"} \ - ${EASYRSA_FIX_OFFSET+-startdate "$start_fixdate"} \ - ${EASYRSA_FIX_OFFSET+-enddate "$end_fixdate"} \ + ${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} \ + ${EASYRSA_NO_TEXT:+ -notext} \ + ${EASYRSA_CERT_EXPIRE:+ -days "$EASYRSA_CERT_EXPIRE"} \ + ${EASYRSA_FIX_OFFSET:+ -startdate "$start_fixdate"} \ + ${EASYRSA_FIX_OFFSET:+ -enddate "$end_fixdate"} \ || die "\ Signing failed (openssl output above may have more detail)" @@ -2194,11 +2195,11 @@ with the following subject: serial-number: $cert_serial - Reason: ${crl_reason-None given}" + Reason: ${crl_reason:-None given}" # Revoke certificate easyrsa_openssl ca -utf8 -revoke "$crt_in" \ - ${crl_reason+ -crl_reason "$crl_reason"} \ + ${crl_reason:+ -crl_reason "$crl_reason"} \ ${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} \ || die "\ Failed to revoke certificate: revocation command failed." @@ -2645,11 +2646,11 @@ These files will be moved to the 'revoked' storage sub-directory: serial-number: $cert_serial - Reason: ${crl_reason-None given}" + Reason: ${crl_reason:-None given}" # Revoke the old (already renewed) certificate easyrsa_openssl ca -utf8 -revoke "$crt_in" \ - ${crl_reason+ -crl_reason "$crl_reason"} \ + ${crl_reason:+ -crl_reason "$crl_reason"} \ ${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} \ || die "Failed to revoke renewed certificate: revocation command failed." @@ -2943,7 +2944,7 @@ The inline credentials files: The duplicate certificate: * $duplicate_crt_by_serial -IMPORTANT: The new key will${EASYRSA_NO_PASS+ NOT} be password protected." +IMPORTANT: The new key will${EASYRSA_NO_PASS:+ NOT} be password protected." confirm " Continue with rebuild: " "yes" "\ Please confirm you wish to renew the certificate @@ -3108,11 +3109,11 @@ gen_crl() { die "gen_crl - easyrsa_mktemp out_file_tmp" easyrsa_openssl ca -utf8 -gencrl -out "$out_file_tmp" \ - ${EASYRSA_CRL_DAYS:+-days "$EASYRSA_CRL_DAYS"} \ - ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} || \ + ${EASYRSA_CRL_DAYS:+ -days "$EASYRSA_CRL_DAYS"} \ + ${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} || \ die "CRL Generation failed." - mv ${EASYRSA_BATCH:+-f} "$out_file_tmp" "$out_file" + mv ${EASYRSA_BATCH:+ -f} "$out_file_tmp" "$out_file" notice "\ An updated CRL has been created: @@ -3407,7 +3408,7 @@ update_db() { verify_ca_init easyrsa_openssl ca -utf8 -updatedb \ - ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} || die "\ + ${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} || die "\ Failed to perform update-db: see above for related openssl errors." return 0 @@ -3415,7 +3416,9 @@ Failed to perform update-db: see above for related openssl errors." # Display subjectAltName display_san() { - [ "$#" = 2 ] || die "display_dn - Incorrect input parameters" + [ "$#" = 2 ] || die "\ +display_san - input error" + format="$1" path="$2" shift 2 @@ -3442,7 +3445,9 @@ display_san() { # display cert DN info on a req/X509, passed by full pathname display_dn() { - [ "$#" = 2 ] || die "display_dn - Incorrect input parameters" + [ "$#" = 2 ] || die "\ +display_dn - input error" + format="$1" path="$2" shift 2 @@ -3465,7 +3470,9 @@ display_dn() { # generate default SAN from req/X509, passed by full pathname default_server_san() { - [ "$#" = 1 ] || die "display_dn - Incorrect input parameters" + [ "$#" = 1 ] || die "\ +default_server_san - input error" + path="$1" shift @@ -3624,8 +3631,8 @@ This file is stored at: * $in_file" easyrsa_openssl "$format" -in "$in_file" -noout -text \ - ${type_opts+ "$type_opts" "$out_opts"} \ - ${name_opts+ -nameopt "$name_opts"} \ + ${type_opts:+ "$type_opts" "$out_opts"} \ + ${name_opts:+ -nameopt "$name_opts"} \ || die "\ OpenSSL failure to process the input" @@ -3673,7 +3680,8 @@ OpenSSL failure to process the input" # Set fixed offset dates fixed_cert_dates() { # check input - [ "$#" -eq 3 ] || die "fixed_cert_dates - input error" + [ "$#" = 3 ] || die "\ +fixed_cert_dates - input error" # Set the start fixed day-number of the Year start_fix_day_n="$1" @@ -3823,7 +3831,7 @@ fixed_cert_dates - force_set_var - $3 - $end_fix_day_d" # Convert certificate date to timestamp seconds since epoch cert_date_to_timestamp_s() { # check input - [ "$#" -eq 2 ] || die "\ + [ "$#" = 2 ] || die "\ cert_date_to_timestamp_s - input error" in_date="$1" @@ -3872,7 +3880,7 @@ cert_date_to_timestamp_s - force_set_var - $2 - $timestamp_s" # to X509 certificate style date (+)offset offset_days_to_cert_date() { # check input - [ "$#" -eq 2 ] || die "\ + [ "$#" = 2 ] || die "\ offset_days_to_cert_date - input error" in_offset="$1" @@ -3926,7 +3934,7 @@ offset_days_to_cert_date \ # Convert fixed format date to X509 certificate style date ff_date_to_cert_date() { # check input - [ "$#" -eq 2 ] || die "\ + [ "$#" = 2 ] || die "\ ff_date_to_cert_date - input error" in_date="$1" @@ -3980,7 +3988,7 @@ ff_date_to_cert_date \ # Build a Windows date.exe compatible input field db_date_to_ff_date() { # check input - [ "$#" -eq 2 ] || die "\ + [ "$#" = 2 ] || die "\ db_date_to_ff_date - input error" in_date="$1" @@ -4010,14 +4018,14 @@ db_date_to_ff_date \ # sanatize and set var force_set_var() { - [ "$#" -eq 2 ] || die "force_set_var - input" + [ "$#" = 2 ] || die "force_set_var - input" unset -v "$1" || die "force_set_var - unset" set_var "$1" "$2" || die "force_set_var - set_var" } # => force_set_var() # get the serial number of the certificate -> serial=XXXX ssl_cert_serial() { - [ "$#" = 2 ] || die "ssl_cert_serial - invalid input" + [ "$#" = 2 ] || die "ssl_cert_serial - input error" [ -f "$1" ] || die "ssl_cert_serial - missing cert" fn_ssl_out="$( @@ -4035,7 +4043,7 @@ ssl_cert_serial() { # Get certificate start date ssl_cert_not_before_date() { [ "$#" = 2 ] || die "\ -ssl_cert_not_before_date - invalid input" +ssl_cert_not_before_date - input error" [ -f "$1" ] || die "\ ssl_cert_not_before_date - missing cert" @@ -4055,7 +4063,7 @@ ssl_cert_not_before_date - failed to set var '$*'" # Get certificate end date ssl_cert_not_after_date() { [ "$#" = 2 ] || die "\ -ssl_cert_not_after_date - invalid input" +ssl_cert_not_after_date - input error" [ -f "$1" ] || die "\ ssl_cert_not_after_date - missing cert" @@ -4308,7 +4316,7 @@ serial mismatch: # cert status reports status() { - [ "$#" -gt 0 ] || die "status - Incorrect input parameters" + [ "$#" -gt 0 ] || die "status - input error" report="$1" target="$2" @@ -4437,7 +4445,7 @@ detect_host() { fi host_out="\ -${host_out} | $easyrsa_host_os | $easyrsa_uname | $easyrsa_shell" +$host_out | $easyrsa_host_os | $easyrsa_uname | $easyrsa_shell" host_out="\ ${host_out}${easyrsa_win_git_bash+ | "$easyrsa_win_git_bash"}" unset -v easyrsa_ver_test easyrsa_host_test