Merge branch 'markus-t314-bugfix/spaces_in_path'
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme
commit
73e674a5ea
@ -329,7 +329,7 @@ Type the word '$value' to continue, or any other input to abort."
|
|||||||
easyrsa_mktemp() {
|
easyrsa_mktemp() {
|
||||||
[ -n "$EASYRSA_TEMP_DIR_session" ] || die "EASYRSA_TEMP_DIR_session not initialized!"
|
[ -n "$EASYRSA_TEMP_DIR_session" ] || die "EASYRSA_TEMP_DIR_session not initialized!"
|
||||||
[ -d "$EASYRSA_TEMP_DIR_session" ] || mkdir -p "$EASYRSA_TEMP_DIR_session" ||
|
[ -d "$EASYRSA_TEMP_DIR_session" ] || mkdir -p "$EASYRSA_TEMP_DIR_session" ||
|
||||||
die "Could not create temporary directory '$EASYRSA_TEMP_DIR_session'. Permission or concurrency problem?"
|
die "Could not create temporary directory '$EASYRSA_TEMP_DIR_session'. Permission or concurrency problem?"
|
||||||
[ -d "$EASYRSA_TEMP_DIR_session" ] || die "Temporary directory '$EASYRSA_TEMP_DIR_session' does not exist"
|
[ -d "$EASYRSA_TEMP_DIR_session" ] || die "Temporary directory '$EASYRSA_TEMP_DIR_session' does not exist"
|
||||||
|
|
||||||
tempfile="$EASYRSA_TEMP_DIR_session/tmp.$($EASYRSA_OPENSSL rand -hex 3)" || return
|
tempfile="$EASYRSA_TEMP_DIR_session/tmp.$($EASYRSA_OPENSSL rand -hex 3)" || return
|
||||||
@ -784,6 +784,7 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
|
|||||||
crypto_opts="-passin file:$out_key_pass_tmp"
|
crypto_opts="-passin file:$out_key_pass_tmp"
|
||||||
else
|
else
|
||||||
crypto_opts="$no_password"
|
crypto_opts="$no_password"
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#shellcheck disable=SC2086
|
#shellcheck disable=SC2086
|
||||||
@ -1223,8 +1224,7 @@ input in file: $req_in"
|
|||||||
[ -e "$key_in" ] && mv "$key_in" "$key_by_serial_revoked"
|
[ -e "$key_in" ] && mv "$key_in" "$key_by_serial_revoked"
|
||||||
|
|
||||||
# move the rest of the files (p12, p7, ...)
|
# move the rest of the files (p12, p7, ...)
|
||||||
# shellcheck disable=SC2231
|
for file in "$EASYRSA_PKI/private/$1"\.???
|
||||||
for file in $EASYRSA_PKI/private/$1\.???
|
|
||||||
do
|
do
|
||||||
# get file extension
|
# get file extension
|
||||||
file_ext="${file##*.}"
|
file_ext="${file##*.}"
|
||||||
@ -1275,17 +1275,17 @@ at: $crt_in"
|
|||||||
easyrsa_openssl x509 -in "$crt_in" -noout -enddate |
|
easyrsa_openssl x509 -in "$crt_in" -noout -enddate |
|
||||||
sed 's/^notAfter=//'
|
sed 's/^notAfter=//'
|
||||||
)
|
)
|
||||||
case $(uname 2>/dev/null) in
|
case $(uname 2>/dev/null) in
|
||||||
"Darwin"|*"BSD")
|
"Darwin"|*"BSD")
|
||||||
expire_date=$(date -j -f '%b %d %T %Y %Z' "$expire_date" +%s)
|
expire_date=$(date -j -f '%b %d %T %Y %Z' "$expire_date" +%s)
|
||||||
allow_renew_date=$(date -j -v"+${EASYRSA_CERT_RENEW}d" +%s)
|
allow_renew_date=$(date -j -v"+${EASYRSA_CERT_RENEW}d" +%s)
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
# This works on Windows, too, since uname doesn't exist and this is catch-all
|
# This works on Windows, too, since uname doesn't exist and this is catch-all
|
||||||
expire_date=$(date -d "$expire_date" +%s)
|
expire_date=$(date -d "$expire_date" +%s)
|
||||||
allow_renew_date=$(date -d "+${EASYRSA_CERT_RENEW}day" +%s)
|
allow_renew_date=$(date -d "+${EASYRSA_CERT_RENEW}day" +%s)
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
[ "$expire_date" -lt "$allow_renew_date" ] || die "\
|
[ "$expire_date" -lt "$allow_renew_date" ] || die "\
|
||||||
Certificate expires in more than $EASYRSA_CERT_RENEW days.
|
Certificate expires in more than $EASYRSA_CERT_RENEW days.
|
||||||
@ -1389,8 +1389,7 @@ input in file: $req_in"
|
|||||||
[ -e "$key_in" ] && mv "$key_in" "$key_by_serial_renewed"
|
[ -e "$key_in" ] && mv "$key_in" "$key_by_serial_renewed"
|
||||||
|
|
||||||
# move the rest of the files (p12, p7, ...)
|
# move the rest of the files (p12, p7, ...)
|
||||||
# shellcheck disable=SC2231
|
for file in "$EASYRSA_PKI/private/$1"\.???
|
||||||
for file in $EASYRSA_PKI/private/$1\.???
|
|
||||||
do
|
do
|
||||||
# get file extension
|
# get file extension
|
||||||
file_ext="${file##*.}"
|
file_ext="${file##*.}"
|
||||||
@ -1487,11 +1486,12 @@ Run easyrsa without commands for usage and command help."
|
|||||||
done
|
done
|
||||||
|
|
||||||
pkcs_opts=
|
pkcs_opts=
|
||||||
|
pkcs_certfile_path=
|
||||||
if [ $want_ca ]; then
|
if [ $want_ca ]; then
|
||||||
verify_file x509 "$crt_ca" || die "\
|
verify_file x509 "$crt_ca" || die "\
|
||||||
Unable to include CA cert in the $pkcs_type output (missing file, or use noca option.)
|
Unable to include CA cert in the $pkcs_type output (missing file, or use noca option.)
|
||||||
Missing file expected at: $crt_ca"
|
Missing file expected at: $crt_ca"
|
||||||
pkcs_opts="$pkcs_opts -certfile $crt_ca"
|
pkcs_certfile_path="$crt_ca"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# input files must exist
|
# input files must exist
|
||||||
@ -1509,13 +1509,14 @@ Unable to export p12 for short name '$short_name' without the key
|
|||||||
(if you want a p12 without the private key, use nokey option.)
|
(if you want a p12 without the private key, use nokey option.)
|
||||||
Missing key expected at: $key_in"
|
Missing key expected at: $key_in"
|
||||||
else
|
else
|
||||||
pkcs_opts="$pkcs_opts -nokeys"
|
pkcs_opts="-nokeys"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# export the p12:
|
# export the p12:
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
easyrsa_openssl pkcs12 -in "$crt_in" -inkey "$key_in" -export \
|
easyrsa_openssl pkcs12 -in "$crt_in" -inkey "$key_in" -export \
|
||||||
-out "$pkcs_out" $pkcs_opts ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} ${EASYRSA_PASSOUT:+-passout "$EASYRSA_PASSOUT"} || die "\
|
-out "$pkcs_out" $pkcs_opts ${pkcs_certfile_path:+-certfile "$pkcs_certfile_path"} \
|
||||||
|
${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} ${EASYRSA_PASSOUT:+-passout "$EASYRSA_PASSOUT"} || die "\
|
||||||
Export of p12 failed: see above for related openssl errors."
|
Export of p12 failed: see above for related openssl errors."
|
||||||
;;
|
;;
|
||||||
p7)
|
p7)
|
||||||
@ -1524,14 +1525,13 @@ Export of p12 failed: see above for related openssl errors."
|
|||||||
# export the p7:
|
# export the p7:
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
easyrsa_openssl crl2pkcs7 -nocrl -certfile "$crt_in" \
|
easyrsa_openssl crl2pkcs7 -nocrl -certfile "$crt_in" \
|
||||||
-out "$pkcs_out" $pkcs_opts ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} ${EASYRSA_PASSOUT:+-passout "$EASYRSA_PASSOUT"} || die "\
|
-out "$pkcs_out" ${pkcs_certfile_path:+-certfile "$pkcs_certfile_path"} \
|
||||||
|
${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} ${EASYRSA_PASSOUT:+-passout "$EASYRSA_PASSOUT"} || die "\
|
||||||
Export of p7 failed: see above for related openssl errors."
|
Export of p7 failed: see above for related openssl errors."
|
||||||
;;
|
;;
|
||||||
p8)
|
p8)
|
||||||
if [ -z $want_pass ]; then
|
if [ -z $want_pass ]; then
|
||||||
pkcs_opts="-nocrypt"
|
pkcs_opts="-nocrypt"
|
||||||
else
|
|
||||||
pkcs_opts=""
|
|
||||||
fi
|
fi
|
||||||
pkcs_out="$EASYRSA_PKI/private/$short_name.p8"
|
pkcs_out="$EASYRSA_PKI/private/$short_name.p8"
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user