nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update default certificate length, comments

Browse Source 
- Resolve #57, set default certificate length to 1080 days, leaves CA
  certifcates at 3650
- Add EasyRSA version to certificate comment for later troubleshooting
  and identification.

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
This commit is contained in:
Eric F Crist 2018-08-23 16:51:17 -05:00
parent 93b0f2e74b
commit 376c62f2b8
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
build/build-dist.sh
View File

@ -73,9 +73,11 @@ stage_unix() {
src_files="easyrsa3/ Licensing/ COPYING.md ChangeLog README.md README.quickstart.md" src_files="easyrsa3/ Licensing/ COPYING.md ChangeLog README.md README.quickstart.md"
for f in $src_files for f in $src_files
do do
sed -i -e "s/~~~/$VERSION/" "$SRC_ROOT/$f"
cp -a "$SRC_ROOT/$f" "$DIST_ROOT/unix/$PV" || die "failed to copy $f" cp -a "$SRC_ROOT/$f" "$DIST_ROOT/unix/$PV" || die "failed to copy $f"
done done
sed -i -e "s/~~~/$VERSION/" "$SRC_ROOT/$f"
cp -R "$SRC_ROOT/doc" "$DIST_ROOT/unix/$PV/" || die "failed to copy unix doc" cp -R "$SRC_ROOT/doc" "$DIST_ROOT/unix/$PV/" || die "failed to copy unix doc"
# files not included # files not included
@ -92,6 +94,7 @@ stage_win() {
for f in $SRC_ROOT/doc/*.md; for f in $SRC_ROOT/doc/*.md;
do do
fname=$(basename "$f" .md) fname=$(basename "$f" .md)
sed -i -e "s/~~~/$VERSION/" "$SRC_ROOT/$f"
python -m markdown "$f" > "$DIST_ROOT/windows/$PV/doc/$fname.html" python -m markdown "$f" > "$DIST_ROOT/windows/$PV/doc/$fname.html"
done done
@ -103,6 +106,7 @@ stage_win() {
src_files="easyrsa3/ ChangeLog COPYING.md" src_files="easyrsa3/ ChangeLog COPYING.md"
for f in $src_files for f in $src_files
do do
sed -i -e "s/~~~/$VERSION/" "$SRC_ROOT/$f"
cp -a "$SRC_ROOT/$f" "$DIST_ROOT/windows/$PV" || die "failed to copy $f" cp -a "$SRC_ROOT/$f" "$DIST_ROOT/windows/$PV" || die "failed to copy $f"
done done

6
easyrsa3/easyrsa
View File

@ -2,7 +2,7 @@
# Easy-RSA 3 -- A Shell-based CA Utility # Easy-RSA 3 -- A Shell-based CA Utility
# #
# Copyright (C) 2013 by the Open-Source OpenVPN development community. # Copyright (C) 2018 by the Open-Source OpenVPN development community.
# A full list of contributors can be found in the ChangeLog. # A full list of contributors can be found in the ChangeLog.
# #
# This code released under version 2 of the GNU GPL; see COPYING and the # This code released under version 2 of the GNU GPL; see COPYING and the
@ -1169,10 +1169,10 @@ Note: using Easy-RSA configuration from: $vars"
set_var EASYRSA_CURVE secp384r1 set_var EASYRSA_CURVE secp384r1
set_var EASYRSA_EC_DIR "$EASYRSA_PKI/ecparams" set_var EASYRSA_EC_DIR "$EASYRSA_PKI/ecparams"
set_var EASYRSA_CA_EXPIRE 3650 set_var EASYRSA_CA_EXPIRE 3650
set_var EASYRSA_CERT_EXPIRE 3650 set_var EASYRSA_CERT_EXPIRE 1080 # new default of 36 months
set_var EASYRSA_CRL_DAYS 180 set_var EASYRSA_CRL_DAYS 180
set_var EASYRSA_NS_SUPPORT no set_var EASYRSA_NS_SUPPORT no
set_var EASYRSA_NS_COMMENT "Easy-RSA Generated Certificate" set_var EASYRSA_NS_COMMENT "Easy-RSA (~~~) Generated Certificate"
set_var EASYRSA_TEMP_CONF "$EASYRSA_PKI/openssl-easyrsa.temp" set_var EASYRSA_TEMP_CONF "$EASYRSA_PKI/openssl-easyrsa.temp"
set_var EASYRSA_TEMP_EXT "$EASYRSA_PKI/extensions.temp" set_var EASYRSA_TEMP_EXT "$EASYRSA_PKI/extensions.temp"
set_var EASYRSA_TEMP_FILE_2 "" set_var EASYRSA_TEMP_FILE_2 ""