From 6eff1118f8779caf2e6ef63cdcce7535ce4d270c Mon Sep 17 00:00:00 2001 From: Xavier Bachelot Date: Mon, 28 Jan 2019 15:40:13 +0100 Subject: [PATCH] Fix broken check for cert expiration time in renew command Signed-off-by: Xavier Bachelot --- easyrsa3/easyrsa | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 16ba40d..d019f87 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -1006,13 +1006,13 @@ at: $crt_in" # Check if old cert is expired or expires within 30 days expire_date=$( "$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -enddate | - sed -n 's/^notAfter=//' + sed 's/^notAfter=//' ) expire_date=$(date -d "$expire_date" +%s) allow_renew_date=$(date -d '+30day' +%s) - [ "$expire_date" -gt "$allow_renew_date" ] || die "\ + [ "$expire_date" -lt "$allow_renew_date" ] || die "\ Certificate expires in more than 30 days. Renewal not allowed."