nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sign--req: Prohibit COMMON as a certificate type

Browse Source 
The command 'sign-req COMMON client1 nopass' would generate an invalid
certificate. Do not allow COMMON as a $cert_type.

Also, improve comment and user output for existing certificate check.

Closese: #634

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2022-08-15 13:13:55 +01:00
parent 0d999826ea
commit 5dfeff8984
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
easyrsa3/easyrsa
View File

@ -1563,14 +1563,18 @@ expected 2, got $# (see command help for usage)"
[ -e "$EASYRSA_EXT_DIR/$crt_type" ] || die "\ [ -e "$EASYRSA_EXT_DIR/$crt_type" ] || die "\
Unknown cert type '$crt_type'" Unknown cert type '$crt_type'"
# Cert type must NOT be COMMON
[ "$crt_type" != COMMON ] || die "\
Invalid certificate type: '$crt_type'"
# Request file must exist # Request file must exist
[ -e "$req_in" ] || die "\ [ -e "$req_in" ] || die "\
No request found for the input: '$2' No request found for the input: '$2'
Expected to find the request at: $req_in" Expected to find the request at: $req_in"
# Existing certificate file must NOT exist # Certificate file must NOT exist
[ ! -e "$crt_out" ] || die "\ [ ! -e "$crt_out" ] || die "\
Cannot sign this request for '$2' because a certificate for it already exists Cannot sign this request for '$2', a certificate already exists
at: $crt_out" at: $crt_out"
# Confirm input is a cert req # Confirm input is a cert req