Merge: Simple maintenance improvements #455

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

.travis.yml

@@ -19,4 +19,3 @@ matrix:
       script:
         - openssl version
         - sh op_test.sh -vv
-

ChangeLog

@@ -82,11 +82,11 @@ Easy-RSA 3 ChangeLog
 
     * 8b42eea Make aes256 default, replacing 3des
         (keros: Github)
-    
+
     * f2f4ac8 Make -utf8 default
         (roubert: Github)
 
-	
+
 3.0.0-rc2 (2014/07/27)
 
     * 1551e5f docs: fix typo

Licensing/gpl-2.0.txt

@@ -337,4 +337,3 @@ proprietary programs.  If your program is a subroutine library, you may
 consider it more useful to permit linking proprietary applications with the
 library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.
-

README.md

@@ -1,7 +1,7 @@
 # Overview
 
 easy-rsa is a CLI utility to build and manage a PKI CA. In laymen's terms,
-this means to create a root certificate authority, and request and sign 
+this means to create a root certificate authority, and request and sign
 certificates, including intermediate CAs and certificate revocation lists (CRL).
 
 # Downloads
@@ -25,13 +25,13 @@ seek help using Easy-RSA:
 The [openvpn-users mailing list](https://lists.sourceforge.net/lists/listinfo/openvpn-users)
 is a good place to post usage or help questions.
 
-You can also try IRC at Freenode/#openvpn for general support or Freenode/#easyrsa for development discussion.
+You can also try libera.chat IRC network, in channels #openvpn for general support or #easyrsa for development discussion.
 
 # Branch structure
 
 The easy-rsa master branch is currently tracking development for the 3.x release
-cycle. Please note that, at any given time, master may be broken.  Feel free to
-create issues against master, but have patience when using the master branch.  It
+cycle. Please note that, at any given time, master may be broken. Feel free to
+create issues against master, but have patience when using the master branch. It
 is recommended to use a release, and priority will be given to bugs identified in
 the most recent release.
 

build/build-dist.sh

@@ -39,7 +39,7 @@ note() { echo "build-dist NOTE: $1"; }
 
 # ask before dangerous things
 confirm() {
-	[ "$2" ] && return
+	[ -n "$2" ] && return
 	printf "%s y/n: " "$1"
 	read r
 	[ "$r" = "y" ] || die "user abort"
@@ -70,14 +70,14 @@ dist_clean() {
 stage_unix() {
 	# make our unix stage if it doesn't exist
 	mkdir -p "$DIST_ROOT/unix/$PV"
-	
+
 	# Copy files into $PV, starting with easyrsa3 as the initial root dir
 	src_files="easyrsa3/. Licensing/. COPYING.md ChangeLog README.md README.quickstart.md doc"
 	for f in $src_files
 	do
 		cp -R "$SRC_ROOT/$f" "$DIST_ROOT/unix/$PV/" || die "failed to copy $f"
 	done
-	
+
 	# FreeBSD does not accept -i without argument in a way also acceptable by GNU sed
 	sed -i.tmp -e "s/~VER~/$VERSION/" \
 		   -e "s/~DATE~/$(date)/" \
@@ -95,7 +95,7 @@ stage_win() {
 	do
 		# make our windows stage if it doesn't exist
 		mkdir -p "$DIST_ROOT/$win/$PV"
-	
+
 		# make doc dir
 		mkdir -p "$DIST_ROOT/$win/$PV/doc"
 
@@ -106,28 +106,28 @@ stage_win() {
 			rm -f "$SRC_ROOT/$f.tmp"
 			python -m markdown "$SRC_ROOT/$f" > "$DIST_ROOT/$win/$PV/${f%.md}.html" || die "Failed to convert markdown to HTML"
 		done
-	
+
 		# Copy files into $PV, starting with easyrsa3 as the initial root dir
 		src_files="easyrsa3/. ChangeLog COPYING.md Licensing distro/windows/Licensing distro/windows/bin distro/windows/$win/lib* distro/windows/$win/openssl.exe"
 		for f in $src_files
 		do
 			cp -R "$SRC_ROOT/$f" "$DIST_ROOT/$win/$PV/" || die "failed to copy $f"
 		done
-		
+
 		src_files="README-Windows.txt EasyRSA-Start.bat"
 		for f in $src_files
 		do
 			cp -R "$SRC_ROOT/distro/windows/$f" "$DIST_ROOT/$win/$PV/" || die "failed to copy $f"
 			unix2dos "$DIST_ROOT/$win/$PV/$f" || die "unix2dos conversion failed for $f"
 		done
-	
+
 		sed -i.tmp -e "s/~VER~/$VERSION/" \
 			   -e "s/~DATE~/$(date)/" \
 			   -e "s/~HOST~/$(hostname -s)/" \
 			   -e "s/~GITHEAD~/$(git rev-parse HEAD)/" \
 			   "$DIST_ROOT/$win/$PV/easyrsa" || die "Cannot update easyrsa version data"
 		rm -f "$DIST_ROOT/$win/$PV/easyrsa.tmp"
-		
+
 		# files not included
 		rm -rf "$DIST_ROOT/$win/$PV/doc/TODO" || die "failed rm TODO"
 	done
@@ -135,14 +135,14 @@ stage_win() {
 
 make_tar() {
 	(cd "$DIST_ROOT/unix/"; tar -czf "../${PV}.tgz" "$PV") || die "tar failed"
-	note "tarball created at: $DIST_ROOT/${PV}.tgz" 
+	note "tarball created at: $DIST_ROOT/${PV}.tgz"
 }
 
 make_zip() {
 	for win in win32 win64;
 	do
 		(cd "$DIST_ROOT/$win/"; zip -qr "../${PV}-$win.zip" "$PV") || die "zip failed"
-		note "zip file created at: $DIST_ROOT/${PV}-$win.zip" 
+		note "zip file created at: $DIST_ROOT/${PV}-$win.zip"
 	done
 }
 

distro/README

@@ -2,4 +2,3 @@ This distro/ directory contains distro/platform specific tools.
 
 Components that are not platform neutral end up here, sorted into further dirs
 based on the platform.
-

distro/windows/EasyRSA-Start.bat

@@ -1,2 +1,2 @@
-@echo OFF
-bin\sh.exe bin\easyrsa-shell-init.sh
+@echo OFF
+bin\sh.exe bin\easyrsa-shell-init.sh

distro/windows/README-OpenSSL.txt

@@ -1,4 +1,3 @@
 -----------------------------------------------------------------------
-OpenSSL v1.1.1g from https://bintray.com/vszakats/generic/openssl 
+OpenSSL v1.1.1g from https://bintray.com/vszakats/generic/openssl
 -----------------------------------------------------------------------
-

distro/windows/README-Windows.txt

@@ -3,7 +3,7 @@ Easy-RSA 3 Windows README
 Easy-RSA 3 runs POSIX shell code, so use on Windows has some additional
 requirements: an OpenSSL installation, and a usable shell environment.
 
-The Windows packages of EasyRSA 3.0.7+ include an OpenSSL binary and 
+The Windows packages of EasyRSA 3.0.7+ include an OpenSSL binary and
 libraries that will be used by default.  If you want to use a system binary
 instead, remove the openssl.exe and the lib*.dll files from the bin
 directory.
@@ -107,8 +107,8 @@ Contents of this file:
  4.1: mksh/Win32
 
     A special thanks is in order to the mksh/Win32 project and its primary
-    maintainer, Michael Langguth <mksh-w32@gmx.net>. This shell offers featurs
+    maintainer, Michael Langguth <mksh-w32@gmx.net>. This shell offers features
     that allow Easy-RSA to run smoothly under Windows; by using mksh/Win32,
     Easy-RSA can deliver the same PKI flexibility to all major platforms.
-       
+
 vim: wrap tw=80 expandtab

doc/EasyRSA-Advanced.md

@@ -120,5 +120,5 @@ possible terse description is shown below:
     password using any openssl password options like pass:1234 or env:var
  *  `EASYRSA_PASSOUT` (CLI: `--passout`) - allows to specify a source for
     password using any openssl password options like pass:1234 or env:var
-    
+
 **NOTE:** the global options need to be provided before the actual commands.

doc/EasyRSA-Readme.md

@@ -236,4 +236,3 @@ In order to obtain a signed certificate, the request file must be sent to the
 CA for signing; this step is obviously not required if a single PKI is used as
 both the CA and keypair/request generation as the generated request is already
 "imported."
-

doc/TODO

@@ -9,7 +9,7 @@ Feature support:
         * Keep platform-specific tools separate from platform-neutral code
     * add detection for duplicate CN prior to OpenSSL failure
         * This gets tricky if `updatedb` requires a CA passphrase
-	* It would help to warn users before OpenSSL throws errors
+    * It would help to warn users before OpenSSL throws errors
 
 Longer term wishlist:
     * Support openssl's -password source mechanism:

easyrsa3/easyrsa

@@ -106,8 +106,8 @@ cmd_help() {
         inline  - create an inline credentials file for this node" ;;
 		revoke) text="
   revoke <filename_base> [reason]
-      Revoke a certificate specified by the filename_base, with an optional 
-      revocation reason that is one of: 
+      Revoke a certificate specified by the filename_base, with an optional
+      revocation reason that is one of:
         unspecified
         keyCompromise
         CACompromise
@@ -542,7 +542,7 @@ $help_note"
 # init-pki backend:
 init_pki() {
 
-	# If EASYRSA_PKI exists, confirm before we rm -rf (skiped with EASYRSA_BATCH)
+	# If EASYRSA_PKI exists, confirm before we rm -rf (skipped with EASYRSA_BATCH)
 	if [ -e "$EASYRSA_PKI" ]; then
 		confirm "Confirm removal: " "yes" "
 WARNING!!!
@@ -557,7 +557,7 @@ and initialize a fresh PKI here."
 	for i in private reqs; do
 		mkdir -p "$EASYRSA_PKI/$i" || die "Failed to create PKI file structure (permissions?)"
 	done
-	
+
 	# Create $EASYRSA_SAFE_CONF ($OPENSSL_CONF) prevents bogus warnings (especially useful on win32)
 	if [ ! -f "$EASYRSA_SSL_CONF" ] && [ -f "$EASYRSA/openssl-easyrsa.cnf" ];
 	then
@@ -1032,7 +1032,7 @@ $(display_dn req "$req_in")
 		# Add any advanced extensions supplied by env-var:
 		[ -n "$EASYRSA_EXTRA_EXTS" ] && print "$EASYRSA_EXTRA_EXTS"
 
-		: # needed to keep die from inherting the above test
+		: # needed to keep die from inheriting the above test
 	} > "$ext_tmp" || die "\
 Failed to create temp extension file (bad permissions?) at:
 $ext_tmp"
@@ -1139,7 +1139,7 @@ Run easyrsa without commands for usage and command help."
 	if [ "$2" ]; then
 		opts="$opts -crl_reason $2"
 	fi
-	
+
 	verify_file x509 "$crt_in" || die "\
 Unable to revoke as the input file is not a valid certificate. Unexpected
 input in file: $crt_in"
@@ -1232,7 +1232,7 @@ input in file: $req_in"
 		[ -f "$file" ] && mv "$file" "$EASYRSA_PKI/revoked/private_by_serial/$cert_serial.$file_ext"
 	done
 
-	# remove the dublicate certificate in the certs_by_serial folder
+	# remove the duplicate certificate in the certs_by_serial folder
 	rm "$crt_by_serial"
 
 	return 0
@@ -1429,7 +1429,7 @@ import_req() {
 
 	# pull passed paths
 	in_req="$1" short_name="$2"
-	out_req="$EASYRSA_PKI/reqs/$2.req" 
+	out_req="$EASYRSA_PKI/reqs/$2.req"
 
 	[ -n "$short_name" ] || die "\
 Unable to import: incorrect command syntax.
@@ -1444,7 +1444,7 @@ File Path: $in_req"
 Unable to import the request as the destination file already exists.
 Please choose a different name for your imported request file.
 Existing file at: $out_req"
-	
+
 	# now import it
 	cp "$in_req" "$out_req"
 
@@ -1654,7 +1654,7 @@ default_server_san() {
 
 # verify a file seems to be a valid req/X509
 verify_file() {
-	format="$1" 
+	format="$1"
 	path="$2"
 	easyrsa_openssl "$format" -in "$path" -noout 2>/dev/null || return 1
 	return 0
@@ -1663,8 +1663,8 @@ verify_file() {
 # show-* command backend
 # Prints req/cert details in a readable format
 show() {
-	type="$1" 
-	name="$2" 
+	type="$1"
+	name="$2"
 	in_file=""
 	format=""
 	[ -n "$name" ] || die "\
@@ -1676,11 +1676,11 @@ Run easyrsa without commands for usage help."
 	opts="-${type}opt no_pubkey,no_sigdump"
 	while [ -n "$1" ]; do
 		case "$1" in
-			full) 
+			full)
 				opts=""
 				;;
-			*) 
-				warn "Ignoring unknown command option: '$1'" 
+			*)
+				warn "Ignoring unknown command option: '$1'"
 				;;
 		esac
 		shift
@@ -1786,7 +1786,7 @@ vars_setup() {
 	elif [ -f "$prog_vars" ]; then
 		vars="$prog_vars"
 	fi
-	
+
 	# If a vars file was located, source it
 	# If $EASYRSA_NO_VARS is defined (not blank) this is skipped
 	if [ -z "$EASYRSA_NO_VARS" ] && [ -n "$vars" ]; then
@@ -1797,13 +1797,13 @@ file. Storing sensitive information in the configuration file is not \
 recommended - please remove it from there before continuing."
 		fi
 		#shellcheck disable=SC2034
-		EASYRSA_CALLER=1 
+		EASYRSA_CALLER=1
 		# shellcheck disable=SC1090
 		. "$vars"
 		notice "\
 Note: using Easy-RSA configuration from: $vars"
 	fi
-	
+
 	# Set defaults, preferring existing env-vars if present
 	set_var EASYRSA		"$prog_dir"
 	set_var EASYRSA_OPENSSL	openssl
@@ -1820,7 +1820,7 @@ Note: using Easy-RSA configuration from: $vars"
 	set_var EASYRSA_CURVE		secp384r1
 	set_var EASYRSA_EC_DIR		"$EASYRSA_PKI/ecparams"
 	set_var EASYRSA_CA_EXPIRE	3650
-	set_var EASYRSA_CERT_EXPIRE	825 # new default of 36 months	
+	set_var EASYRSA_CERT_EXPIRE	825 # new default of 36 months
 	set_var EASYRSA_CERT_RENEW	30
 	set_var EASYRSA_CRL_DAYS	180
 	set_var EASYRSA_NS_SUPPORT	no
@@ -1835,7 +1835,7 @@ Note: using Easy-RSA configuration from: $vars"
 	# Same as above for the x509-types extensions dir
 	if [ -d "$EASYRSA_PKI/x509-types" ]; then
 		set_var EASYRSA_EXT_DIR		"$EASYRSA_PKI/x509-types"
-	else	
+	else
 		#TODO: This should be removed.  Not really suitable for packaging.
 		set_var EASYRSA_EXT_DIR		"$EASYRSA/x509-types"
 	fi
@@ -1889,7 +1889,7 @@ set_var() {
 # You can report problems on the normal openvpn support channels:
 # --------------------------------------------------------------------------
 #   1. The Openvpn Forum: https://forums.openvpn.net/viewforum.php?f=31
-#   2. The #easyrsa IRC channel at freenode
+#   2. The #easyrsa IRC channel at libera.chat
 #   3. Info: https://community.openvpn.net/openvpn/wiki/easyrsa-upgrade
 # --------------------------------------------------------------------------
 #
@@ -2123,7 +2123,7 @@ up23_upgrade_ca ()
 	# Otherwise this is required for all easyrsa v3
 	#confirm "Set 'unique_subject = no' in index.txt.attr for your current CA: " \
 	#"yes" "This version of easyrsa requires that 'unique_subject = no' is set correctly"
-	
+
 	printf "%s\n" "unique_subject = no" > "$EASYRSA_PKI/index.txt.attr"
 	up23_verbose "> OK"
 	up23_verbose "  Upgraded index.txt.attr to v306+"

easyrsa3/openssl-easyrsa.cnf

@@ -135,4 +135,3 @@ keyUsage = cRLSign, keyCertSign
 
 # issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always,issuer:always
-

easyrsa3/vars.example

@@ -27,7 +27,7 @@
 # "C:/Program Files/OpenSSL-Win32/bin/openssl.exe"
 
 # A little housekeeping: DON'T EDIT THIS SECTION
-# 
+#
 # Easy-RSA 3.x doesn't source into the environment directly.
 # Complain if a user tries to do this:
 if [ -z "$EASYRSA_CALLER" ]; then
@@ -218,4 +218,3 @@ fi
 # or most output. Setting this to any non-blank string enables batch mode.
 
 #set_var EASYRSA_BATCH		""
-

easyrsa3/x509-types/ca

@@ -10,4 +10,3 @@ basicConstraints = CA:TRUE
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always,issuer:always
 keyUsage = cRLSign, keyCertSign
-

easyrsa3/x509-types/client

@@ -5,4 +5,3 @@ subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid,issuer:always
 extendedKeyUsage = clientAuth
 keyUsage = digitalSignature
-

easyrsa3/x509-types/code-signing

@@ -5,4 +5,3 @@ subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid,issuer:always
 extendedKeyUsage = codeSigning
 keyUsage = digitalSignature
-

easyrsa3/x509-types/email

@@ -5,4 +5,3 @@ subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid,issuer:always
 extendedKeyUsage = emailProtection
 keyUsage = digitalSignature,keyEncipherment,nonRepudiation
-

easyrsa3/x509-types/server

@@ -5,4 +5,3 @@ subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid,issuer:always
 extendedKeyUsage = serverAuth
 keyUsage = digitalSignature,keyEncipherment
-

easyrsa3/x509-types/serverClient

@@ -5,4 +5,3 @@ subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid,issuer:always
 extendedKeyUsage = serverAuth,clientAuth
 keyUsage = digitalSignature,keyEncipherment
-

wop_test.bat

@@ -1,36 +1,35 @@
-@echo off
-
-IF "%1"=="/SL" (set SAVE_LAYOUT=1) ELSE set SAVE_LAYOUT=0
-
-set SYS_ARCH=test
-IF %PROCESSOR_ARCHITECTURE%==x86 set SYS_ARCH=win32
-IF %PROCESSOR_ARCHITECTURE%==x86_64 set SYS_ARCH=win64
-IF %PROCESSOR_ARCHITECTURE%==AMD64 set SYS_ARCH=win64
-IF %SYS_ARCH%==test (
-	echo Fatal Error: Unknown PROCESSOR_ARCHITECTURE
-	set SYS_ARCH=
-	exit /B 1 )
-
-set WORK_DIR=%cd%
-mkdir %WORK_DIR%\easyrsa3\bin
-copy  %WORK_DIR%\distro\windows\bin\* %WORK_DIR%\easyrsa3\bin
-copy  %WORK_DIR%\distro\windows\%SYS_ARCH%\* %WORK_DIR%\easyrsa3\bin
-copy  %WORK_DIR%\distro\windows\EasyRSA-Start.bat %WORK_DIR%\easyrsa3\EasyRSA-Start.bat
-PATH=%PATH%;%WORK_DIR%\easyrsa3\bin;C:\PROGRA~1\openssl
-
-cmd /C "easyrsa3\bin\sh.exe wop_test.sh"
-IF ERRORLEVEL 0 (
-	IF %SAVE_LAYOUT% EQU 0 (
-		echo rmdir /S /Q %WORK_DIR%\easyrsa3\bin
-		rmdir /S /Q %WORK_DIR%\easyrsa3\bin
-		echo del /Q %WORK_DIR%\easyrsa3\EasyRSA-Start.bat
-		del /Q %WORK_DIR%\easyrsa3\EasyRSA-Start.bat
-		echo rm %WORK_DIR%\easyrsa3\.rnd
-		rm %WORK_DIR%\easyrsa3\.rnd
-	) ELSE echo NOTICE; Saved Layout
-) ELSE echo Error occurred, no clean up
-	
-set SAVE_LAYOUT=
-set SYS_ARCH=
-pause
-
+@echo off
+
+IF "%1"=="/SL" (set SAVE_LAYOUT=1) ELSE set SAVE_LAYOUT=0
+
+set SYS_ARCH=test
+IF %PROCESSOR_ARCHITECTURE%==x86 set SYS_ARCH=win32
+IF %PROCESSOR_ARCHITECTURE%==x86_64 set SYS_ARCH=win64
+IF %PROCESSOR_ARCHITECTURE%==AMD64 set SYS_ARCH=win64
+IF %SYS_ARCH%==test (
+	echo Fatal Error: Unknown PROCESSOR_ARCHITECTURE
+	set SYS_ARCH=
+	exit /B 1 )
+
+set WORK_DIR=%cd%
+mkdir %WORK_DIR%\easyrsa3\bin
+copy  %WORK_DIR%\distro\windows\bin\* %WORK_DIR%\easyrsa3\bin
+copy  %WORK_DIR%\distro\windows\%SYS_ARCH%\* %WORK_DIR%\easyrsa3\bin
+copy  %WORK_DIR%\distro\windows\EasyRSA-Start.bat %WORK_DIR%\easyrsa3\EasyRSA-Start.bat
+PATH=%PATH%;%WORK_DIR%\easyrsa3\bin;C:\PROGRA~1\openssl
+
+cmd /C "easyrsa3\bin\sh.exe wop_test.sh"
+IF ERRORLEVEL 0 (
+	IF %SAVE_LAYOUT% EQU 0 (
+		echo rmdir /S /Q %WORK_DIR%\easyrsa3\bin
+		rmdir /S /Q %WORK_DIR%\easyrsa3\bin
+		echo del /Q %WORK_DIR%\easyrsa3\EasyRSA-Start.bat
+		del /Q %WORK_DIR%\easyrsa3\EasyRSA-Start.bat
+		echo rm %WORK_DIR%\easyrsa3\.rnd
+		rm %WORK_DIR%\easyrsa3\.rnd
+	) ELSE echo NOTICE; Saved Layout
+) ELSE echo Error occurred, no clean up
+
+set SAVE_LAYOUT=
+set SYS_ARCH=
+pause

wop_test.sh

@@ -6,7 +6,7 @@
 # project; use with other POSIX shells for Windows may require modification to
 # this wrapper script.
 
-cd easyrsa3 || { echo "ERROR: Cannot find easyrsa3 direcory"; exit 1; }
+cd easyrsa3 || { echo "ERROR: Cannot find easyrsa3 directory"; exit 1; }
 
 setup_path="${EASYRSA:-$PWD}"
 export PATH="$setup_path;$setup_path/bin;$PATH"