nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'TinCanTech-verify-cert'

Browse Source 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2022-05-05 20:42:37 +01:00
commit 7a7302c4b0
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
easyrsa3/easyrsa
View File

@ -44,6 +44,7 @@ Here is the list of commands available with a short syntax reminder. Use the
show-cert <filename_base> [ cmd-opts ]
show-ca [ cmd-opts ]
show-crl
verify <filename_base>
import-req <request_file_path> <short_basename>
export-p1 <filename_base> [ cmd-opts ]
export-p7 <filename_base> [ cmd-opts ]
@ -169,6 +170,9 @@ cmd_help() {
Shows details of the current certificate revocation list (CRL)
Human-readable output is shown." ;;
verify) text="
verify <filename_base>
Verify certificate against CA" ;;
import-req) text="
import-req <request_file_path> <short_basename>
Import a certificate request from a file
@ -2373,6 +2377,47 @@ default_server_san() {
fi
} # => default_server_san()
# Verify certificate against CA
verify_cert() {
# pull filename base:
[ "$1" ] || die "\
Error: didn't find a file base name as the first argument.
Run easyrsa without commands for usage and command help."
verify_ca_init
# Assign file_name_base and dust off!
file_name_base="$1"
shift
in_dir="$EASYRSA_PKI"
ca_crt="$in_dir/ca.crt"
crt_in="$in_dir/issued/$file_name_base.crt"
# Cert file must exist
[ -f "$crt_in" ] || die "\
No certificate found for the input: '$crt_in'"
# Verify file is a valid cert
verify_file x509 "$crt_in" || die "\
Input is not a valid certificate: $crt_in"
# Test and show SSL out
if easyrsa_openssl verify -CAfile "$ca_crt" "$crt_in"; then
[ "$EASYRSA_SILENT" ] || print # Separate Notice below
notice "\
Certificate name: $file_name_base
Verfication status: GOOD"
exit 0
fi
[ "$EASYRSA_SILENT" ] || print # Separate Notice below
warn "\
Certificate name: $file_name_base
Verfication status: FAILED"
exit 1
} # => verify_cert()
# verify a file seems to be a valid req/X509
verify_file() {
format="$1"
@ -3645,6 +3690,9 @@ case "$cmd" in
show-ca)
show_ca "$@"
;;
verify)
verify_cert "$@"
;;
upgrade)
up23_manage_upgrade_23 "$@"
;;