From 23d7051e767384ecc82cd77920d3c425230d4f50 Mon Sep 17 00:00:00 2001
From: Javier Godoy <11554739+javier-godoy@users.noreply.github.com>
Date: Sun, 16 Dec 2018 18:18:28 -0300
Subject: [PATCH 1/2] Add optional CRL reason parameter

---
 easyrsa3/easyrsa | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index dfd123a..e3ec74d 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -33,7 +33,7 @@ Here is the list of commands available with a short syntax reminder. Use the
   sign-req <type> <filename_base>
   build-client-full <filename_base> [ cmd-opts ]
   build-server-full <filename_base> [ cmd-opts ]
-  revoke <filename_base>
+  revoke <filename_base> [cmd-opts]
   gen-crl
   update-db
   show-req <filename_base> [ cmd-opts ]
@@ -98,8 +98,16 @@ cmd_help() {
 			opts="
         nopass  - do not encrypt the private key (default is encrypted)" ;;
 		revoke) text="
-  revoke <filename_base>
-      Revoke a certificate specified by the filename_base" ;;
+  revoke <filename_base> [reason]
+      Revoke a certificate specified by the filename_base, with an optional 
+      revocation reason that is one of: 
+        unspecified
+        keyCompromise
+        CACompromise
+        affiliationChanged
+        superseded
+        cessationOfOperation
+        certificateHold";;
 		gen-crl) text="
   gen-crl
       Generate a CRL" ;;
@@ -841,6 +849,11 @@ Error: didn't find a file base name as the first argument.
 Run easyrsa without commands for usage and command help."
 	crt_in="$EASYRSA_PKI/issued/$1.crt"
 
+	opts=""
+	if [ "$2" ]; then
+		opts="$opts -crl_reason $2"
+	fi
+	
 	verify_file x509 "$crt_in" || die "\
 Unable to revoke as the input file is not a valid certificate. Unexpected
 input in file: $crt_in"
@@ -860,7 +873,7 @@ at: $crt_in"
 	# make safessl-easyrsa.cnf
 	make_ssl_config
 
-	"$EASYRSA_OPENSSL" ca -utf8 -revoke "$crt_in" -config "$EASYRSA_SAFE_CONF" || die "\
+	"$EASYRSA_OPENSSL" ca -utf8 -revoke "$crt_in" -config "$EASYRSA_SAFE_CONF" $opts || die "\
 Failed to revoke certificate: revocation command failed."
 
 	notice "\

From 1a62872e05071ef21b59917cf255c4d5082c00f5 Mon Sep 17 00:00:00 2001
From: Javier Godoy <11554739+javier-godoy@users.noreply.github.com>
Date: Sat, 22 Dec 2018 06:05:00 -0300
Subject: [PATCH 2/2] Double quote to prevent globbing and word splitting

---
 easyrsa3/easyrsa | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index e3ec74d..0ac9b4f 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -873,7 +873,7 @@ at: $crt_in"
 	# make safessl-easyrsa.cnf
 	make_ssl_config
 
-	"$EASYRSA_OPENSSL" ca -utf8 -revoke "$crt_in" -config "$EASYRSA_SAFE_CONF" $opts || die "\
+	"$EASYRSA_OPENSSL" ca -utf8 -revoke "$crt_in" -config "$EASYRSA_SAFE_CONF" "$opts" || die "\
 Failed to revoke certificate: revocation command failed."
 
 	notice "\