nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sign-req: Check for an existing certificate

Browse Source 
'sign-req' must not over-write an existing certificate.

Closes: #629

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2022-08-08 14:13:32 +01:00
parent f3f984991a
commit 5b4fd2b484
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
easyrsa3/easyrsa
View File

@ -1546,6 +1546,11 @@ Unknown cert type '$crt_type'"
No request found for the input: '$2' No request found for the input: '$2'
Expected to find the request at: $req_in" Expected to find the request at: $req_in"
# Existing certificate file must NOT exist
[ ! -e "$crt_out" ] || die "\
Cannot sign this request for '$2' because a certificate for it already exists
at: $crt_out"
# Confirm input is a cert req # Confirm input is a cert req
verify_file req "$req_in" || die "\ verify_file req "$req_in" || die "\
The certificate request file is not in a valid X509 request format. The certificate request file is not in a valid X509 request format.