nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'TinCanTech-update-ns-support'

Browse Source 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2022-09-28 16:39:04 +01:00
commit 4a04e5a5d9
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 16 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
easyrsa3/easyrsa
View File

@ -494,7 +494,7 @@ Certificate & Request options: (these impact cert/req field values)
--use-algo=ALG : crypto alg to use: choose rsa (default), ec or ed --use-algo=ALG : crypto alg to use: choose rsa (default), ec or ed
--curve=NAME : for elliptic curve, sets the named curve to use --curve=NAME : for elliptic curve, sets the named curve to use
--subca-len=# : path length of signed intermediate CA certs; must be >= 0 if used --subca-len=# : Path length of signed intermediate CA certificates
--copy-ext : Copy included request X509 extensions (namely subjAltName) --copy-ext : Copy included request X509 extensions (namely subjAltName)
--san|--subject-alt-name --san|--subject-alt-name
: Add a subjectAltName. : Add a subjectAltName.
@ -517,8 +517,8 @@ Distinguished Name mode:
Deprecated features: Deprecated features:
--ns-cert=YES/NO : yes or no to including deprecated NS extensions --ns-cert : Include deprecated Netscape extensions
--ns-comment=COMMENT : NS comment to include (value may be blank) --ns-comment=COMMENT : Include deprecated Netscape comment (may be blank)
" "
} # => opt_usage() } # => opt_usage()
@ -575,19 +575,6 @@ verbose() {
print "$1" print "$1"
} # => verbose() } # => verbose()
# yes/no case-insensitive match (operates on stdin pipe)
# Returns 0 when input contains yes, 1 for no, 2 for no match
# If both strings are present, returns 1; first matching line returns.
awk_yesno() {
# shellcheck disable=SC2016 # vars don't expand in single quotes
awkscript='
BEGIN {IGNORECASE=1; r=2}
{ if(match($0,"no")) {r=1; exit}
if(match($0,"yes")) {r=0; exit}
} END {exit r}'
awk "$awkscript"
} # => awk_yesno()
# intent confirmation helper func # intent confirmation helper func
# returns without prompting in EASYRSA_BATCH # returns without prompting in EASYRSA_BATCH
confirm() { confirm() {
@ -1761,9 +1748,9 @@ basicConstraints is not defined, cannot use 'pathlen'"
fi fi
# Deprecated Netscape extension support, if enabled # Deprecated Netscape extension support, if enabled
if print "$EASYRSA_NS_SUPPORT" | awk_yesno; then case "$EASYRSA_NS_SUPPORT" in
[ "$EASYRSA_NS_COMMENT" ] && \ [yY][eE][sS])
print "nsComment = \"$EASYRSA_NS_COMMENT\"" # Netscape extension
case "$crt_type" in case "$crt_type" in
serverClient) print "nsCertType = serverClient" ;; serverClient) print "nsCertType = serverClient" ;;
server) print "nsCertType = server" ;; server) print "nsCertType = server" ;;
@ -1771,7 +1758,13 @@ basicConstraints is not defined, cannot use 'pathlen'"
ca) print "nsCertType = sslCA" ;; ca) print "nsCertType = sslCA" ;;
*) die "Unknown certificate type: $crt_type" *) die "Unknown certificate type: $crt_type"
esac esac
fi # Netscape comment
[ "$EASYRSA_NS_COMMENT" ] && \
print "nsComment = \"$EASYRSA_NS_COMMENT\""
;;
*)
: # ok No NS support required
esac
# Add user SAN from --subject-alt-name # Add user SAN from --subject-alt-name
if [ "$user_san_true" ]; then if [ "$user_san_true" ]; then
@ -5032,7 +5025,9 @@ while :; do
empty_ok=1 empty_ok=1
export EASYRSA_REQ_SERIAL="$val" ;; export EASYRSA_REQ_SERIAL="$val" ;;
--ns-cert) --ns-cert)
export EASYRSA_NS_SUPPORT="$val" ;; empty_ok=1
[ "$is_empty" ] && unset -v val
export EASYRSA_NS_SUPPORT="${val:-yes}" ;;
--ns-comment) --ns-comment)
empty_ok=1 empty_ok=1
export EASYRSA_NS_COMMENT="$val" ;; export EASYRSA_NS_COMMENT="$val" ;;