Command renew: Require CSR as input file and refactor verification

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
2022-12-17 21:51:39 +00:00 · 2022-12-17 21:51:39 +00:00 · 4c8a4e8765
commit 4c8a4e8765
parent b4dc2ad0ea
1 changed files with 15 additions and 10 deletions
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@ -2183,21 +2183,26 @@ Option 'nopass' is not supported by command 'renew'."
 		shift
 	done

-	# referenced cert must exist:
-	[ -f "$crt_in" ] || die "\
-Unable to renew as no certificate was found. Certificate was expected
-at: $crt_in"
-
 	# Verify certificate
-	verify_file x509 "$crt_in" || die "\
-Unable to renew as the input file is not a valid certificate. Unexpected
-input in file: $crt_in"
+	if [ -f "$crt_in" ]; then
+		verify_file x509 "$crt_in" || die "\
+Input file is not a valid certificate:
+* $crt_in"
+	else
+		die "\
+Missing certificate file:
+* $crt_in"
+	fi

 	# Verify request
 	if [ -e "$req_in" ]; then
 		verify_file req "$req_in" || die "\
-Unable to verify request. The file is not a valid request.
-Unexpected input in file: $req_in"
+Input file is not a valid request:
+* $req_in"
+	else
+		die "\
+Missing request file:
+* $req_in"
 	fi

 	# get the serial number of the certificate