nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge: Simple maintenance improvements #455

Browse Source 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2022-03-22 12:26:15 +00:00
commit 764c256fd7
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
23 changed files with 83 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.travis.yml
View File

@ -19,4 +19,3 @@ matrix:
script: script:
- openssl version - openssl version
- sh op_test.sh -vv - sh op_test.sh -vv

1
Licensing/gpl-2.0.txt
View File

@ -337,4 +337,3 @@ proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. Public License instead of this License.

6
README.md
View File

@ -25,13 +25,13 @@ seek help using Easy-RSA:
The [openvpn-users mailing list](https://lists.sourceforge.net/lists/listinfo/openvpn-users) The [openvpn-users mailing list](https://lists.sourceforge.net/lists/listinfo/openvpn-users)
is a good place to post usage or help questions. is a good place to post usage or help questions.
You can also try IRC at Freenode/#openvpn for general support or Freenode/#easyrsa for development discussion. You can also try libera.chat IRC network, in channels #openvpn for general support or #easyrsa for development discussion.
# Branch structure # Branch structure
The easy-rsa master branch is currently tracking development for the 3.x release The easy-rsa master branch is currently tracking development for the 3.x release
cycle. Please note that, at any given time, master may be broken. Feel free to cycle. Please note that, at any given time, master may be broken. Feel free to
create issues against master, but have patience when using the master branch. It create issues against master, but have patience when using the master branch. It
is recommended to use a release, and priority will be given to bugs identified in is recommended to use a release, and priority will be given to bugs identified in
the most recent release. the most recent release.

2
build/build-dist.sh
View File

@ -39,7 +39,7 @@ note() { echo "build-dist NOTE: $1"; }
# ask before dangerous things # ask before dangerous things
confirm() { confirm() {
[ "$2" ] && return [ -n "$2" ] && return
printf "%s y/n: " "$1" printf "%s y/n: " "$1"
read r read r
[ "$r" = "y" ] || die "user abort" [ "$r" = "y" ] || die "user abort"

1
distro/README
View File

@ -2,4 +2,3 @@ This distro/ directory contains distro/platform specific tools.
Components that are not platform neutral end up here, sorted into further dirs Components that are not platform neutral end up here, sorted into further dirs
based on the platform. based on the platform.

1
distro/windows/README-OpenSSL.txt
View File

@ -1,4 +1,3 @@
----------------------------------------------------------------------- -----------------------------------------------------------------------
OpenSSL v1.1.1g from https://bintray.com/vszakats/generic/openssl OpenSSL v1.1.1g from https://bintray.com/vszakats/generic/openssl
----------------------------------------------------------------------- -----------------------------------------------------------------------

2
distro/windows/README-Windows.txt
View File

@ -107,7 +107,7 @@ Contents of this file:
4.1: mksh/Win32 4.1: mksh/Win32
A special thanks is in order to the mksh/Win32 project and its primary A special thanks is in order to the mksh/Win32 project and its primary
maintainer, Michael Langguth <mksh-w32@gmx.net>. This shell offers featurs maintainer, Michael Langguth <mksh-w32@gmx.net>. This shell offers features
that allow Easy-RSA to run smoothly under Windows; by using mksh/Win32, that allow Easy-RSA to run smoothly under Windows; by using mksh/Win32,
Easy-RSA can deliver the same PKI flexibility to all major platforms. Easy-RSA can deliver the same PKI flexibility to all major platforms.

1
doc/EasyRSA-Readme.md
View File

@ -236,4 +236,3 @@ In order to obtain a signed certificate, the request file must be sent to the
CA for signing; this step is obviously not required if a single PKI is used as CA for signing; this step is obviously not required if a single PKI is used as
both the CA and keypair/request generation as the generated request is already both the CA and keypair/request generation as the generated request is already
"imported." "imported."

2
doc/TODO
View File

@ -9,7 +9,7 @@ Feature support:
* Keep platform-specific tools separate from platform-neutral code * Keep platform-specific tools separate from platform-neutral code
* add detection for duplicate CN prior to OpenSSL failure * add detection for duplicate CN prior to OpenSSL failure
* This gets tricky if `updatedb` requires a CA passphrase * This gets tricky if `updatedb` requires a CA passphrase
* It would help to warn users before OpenSSL throws errors * It would help to warn users before OpenSSL throws errors
Longer term wishlist: Longer term wishlist:
* Support openssl's -password source mechanism: * Support openssl's -password source mechanism:

8
easyrsa3/easyrsa
View File

@ -542,7 +542,7 @@ $help_note"
# init-pki backend: # init-pki backend:
init_pki() { init_pki() {
# If EASYRSA_PKI exists, confirm before we rm -rf (skiped with EASYRSA_BATCH) # If EASYRSA_PKI exists, confirm before we rm -rf (skipped with EASYRSA_BATCH)
if [ -e "$EASYRSA_PKI" ]; then if [ -e "$EASYRSA_PKI" ]; then
confirm "Confirm removal: " "yes" " confirm "Confirm removal: " "yes" "
WARNING!!! WARNING!!!
@ -1032,7 +1032,7 @@ $(display_dn req "$req_in")
# Add any advanced extensions supplied by env-var: # Add any advanced extensions supplied by env-var:
[ -n "$EASYRSA_EXTRA_EXTS" ] && print "$EASYRSA_EXTRA_EXTS" [ -n "$EASYRSA_EXTRA_EXTS" ] && print "$EASYRSA_EXTRA_EXTS"
: # needed to keep die from inherting the above test : # needed to keep die from inheriting the above test
} > "$ext_tmp" || die "\ } > "$ext_tmp" || die "\
Failed to create temp extension file (bad permissions?) at: Failed to create temp extension file (bad permissions?) at:
$ext_tmp" $ext_tmp"
@ -1232,7 +1232,7 @@ input in file: $req_in"
[ -f "$file" ] && mv "$file" "$EASYRSA_PKI/revoked/private_by_serial/$cert_serial.$file_ext" [ -f "$file" ] && mv "$file" "$EASYRSA_PKI/revoked/private_by_serial/$cert_serial.$file_ext"
done done
# remove the dublicate certificate in the certs_by_serial folder # remove the duplicate certificate in the certs_by_serial folder
rm "$crt_by_serial" rm "$crt_by_serial"
return 0 return 0
@ -1889,7 +1889,7 @@ set_var() {
# You can report problems on the normal openvpn support channels: # You can report problems on the normal openvpn support channels:
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# 1. The Openvpn Forum: https://forums.openvpn.net/viewforum.php?f=31 # 1. The Openvpn Forum: https://forums.openvpn.net/viewforum.php?f=31
# 2. The #easyrsa IRC channel at freenode # 2. The #easyrsa IRC channel at libera.chat
# 3. Info: https://community.openvpn.net/openvpn/wiki/easyrsa-upgrade # 3. Info: https://community.openvpn.net/openvpn/wiki/easyrsa-upgrade
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# #

1
easyrsa3/openssl-easyrsa.cnf
View File

@ -135,4 +135,3 @@ keyUsage = cRLSign, keyCertSign
# issuerAltName=issuer:copy # issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always authorityKeyIdentifier=keyid:always,issuer:always

1
easyrsa3/vars.example
View File

@ -218,4 +218,3 @@ fi
# or most output. Setting this to any non-blank string enables batch mode. # or most output. Setting this to any non-blank string enables batch mode.
#set_var EASYRSA_BATCH "" #set_var EASYRSA_BATCH ""

1
easyrsa3/x509-types/ca
View File

@ -10,4 +10,3 @@ basicConstraints = CA:TRUE
subjectKeyIdentifier = hash subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always authorityKeyIdentifier = keyid:always,issuer:always
keyUsage = cRLSign, keyCertSign keyUsage = cRLSign, keyCertSign

1
easyrsa3/x509-types/client
View File

@ -5,4 +5,3 @@ subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always authorityKeyIdentifier = keyid,issuer:always
extendedKeyUsage = clientAuth extendedKeyUsage = clientAuth
keyUsage = digitalSignature keyUsage = digitalSignature

1
easyrsa3/x509-types/code-signing
View File

@ -5,4 +5,3 @@ subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always authorityKeyIdentifier = keyid,issuer:always
extendedKeyUsage = codeSigning extendedKeyUsage = codeSigning
keyUsage = digitalSignature keyUsage = digitalSignature

1
easyrsa3/x509-types/email
View File

@ -5,4 +5,3 @@ subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always authorityKeyIdentifier = keyid,issuer:always
extendedKeyUsage = emailProtection extendedKeyUsage = emailProtection
keyUsage = digitalSignature,keyEncipherment,nonRepudiation keyUsage = digitalSignature,keyEncipherment,nonRepudiation

1
easyrsa3/x509-types/server
View File

@ -5,4 +5,3 @@ subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always authorityKeyIdentifier = keyid,issuer:always
extendedKeyUsage = serverAuth extendedKeyUsage = serverAuth
keyUsage = digitalSignature,keyEncipherment keyUsage = digitalSignature,keyEncipherment

1
easyrsa3/x509-types/serverClient
View File

@ -5,4 +5,3 @@ subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always authorityKeyIdentifier = keyid,issuer:always
extendedKeyUsage = serverAuth,clientAuth extendedKeyUsage = serverAuth,clientAuth
keyUsage = digitalSignature,keyEncipherment keyUsage = digitalSignature,keyEncipherment

1
wop_test.bat
View File

@ -33,4 +33,3 @@ IF ERRORLEVEL 0 (
set SAVE_LAYOUT= set SAVE_LAYOUT=
set SYS_ARCH= set SYS_ARCH=
pause pause

2
wop_test.sh
View File

@ -6,7 +6,7 @@
# project; use with other POSIX shells for Windows may require modification to # project; use with other POSIX shells for Windows may require modification to
# this wrapper script. # this wrapper script.
cd easyrsa3 || { echo "ERROR: Cannot find easyrsa3 direcory"; exit 1; } cd easyrsa3 || { echo "ERROR: Cannot find easyrsa3 directory"; exit 1; }
setup_path="${EASYRSA:-$PWD}" setup_path="${EASYRSA:-$PWD}"
export PATH="$setup_path;$setup_path/bin;$PATH" export PATH="$setup_path;$setup_path/bin;$PATH"