nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Workaround older openssl which don't have -ext

Browse Source 
Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
This commit is contained in:
Xavier Bachelot 2019-01-28 16:19:55 +01:00
parent 7966cc287a
commit 2f841e9fec
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
easyrsa3/easyrsa
View File

@ -1018,8 +1018,8 @@ Renewal not allowed."
# Extract certificate usage from old cert
cert_ext_key_usage=$(
"$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -ext extendedKeyUsage |
sed -n "2p;n;s/^ *//;p;"
"$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -text |
sed -n "/X509v3 Extended Key Usage:/{n;s/^ *//g;p;}"
)
case $cert_ext_key_usage in
"TLS Web Client Authentication")
@ -1037,8 +1037,8 @@ Renewal not allowed."
echo "$EASYRSA_EXTRA_EXTS" | grep -q subjectAltName || \
{
san=$(
"$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -ext subjectAltName |
sed -n "2p;{n;s/ //g;p;}"
"$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -text |
sed -n "/X509v3 Subject Alternative Name:/{n;s/ //g;p;}"
)
export EASYRSA_EXTRA_EXTS="\
$EASYRSA_EXTRA_EXTS