nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sign-req: Only create a random serial number file when expected

Browse Source 
When EASYRSA_RAND_SN="no", the file pki/serial file is not meant to
be updated by easyrsa. OpenSSL manages the file itself.

Move the code to write the file pki/serial with a random number,
inside the if condition for EASYRSA_RAND_SN, so the file is only
written to by easyrsa, when a random serial number is expected.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2023-02-19 21:37:30 +00:00
parent 2abc237594
commit 2eda52061b
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
easyrsa3/easyrsa
View File

@ -1765,12 +1765,12 @@ sign_req() {
sign_req - Randomize Serial number failed: sign_req - Randomize Serial number failed:
$check_serial" $check_serial"
fi
# Print random $serial to pki/serial file # Print random $serial to pki/serial file
# for use by SSL config # for use by SSL config
print "$serial" > "$EASYRSA_PKI/serial" || \ print "$serial" > "$EASYRSA_PKI/serial" || \
die "sign_req - write serial to file" die "sign_req - write serial to file"
fi
verify_ca_init verify_ca_init