From 205510bfab5f48080df8641c735ea2f3cf8e53b2 Mon Sep 17 00:00:00 2001 From: Richard Bonhomme Date: Wed, 6 Feb 2019 19:57:01 +0000 Subject: [PATCH 1/2] Improve verify_ssl_lib Signed-off-by: Richard Bonhomme --- easyrsa3/easyrsa | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index e019982..bc72423 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -383,7 +383,7 @@ verify_ssl_lib () { val="$("$EASYRSA_OPENSSL" version)" case "${val%% *}" in OpenSSL|LibreSSL) - notice "\ + print "\ Using SSL: $EASYRSA_OPENSSL $("$EASYRSA_OPENSSL" version)" ;; *) die "\ Missing or invalid OpenSSL @@ -584,7 +584,7 @@ current CA keypair. If you intended to start a new CA, run init-pki first." fi # make safessl-easyrsa.cnf - make_ssl_config + #make_ssl_config # create the CA keypair: [ ! $nopass ] && crypto_opts="-passin file:$out_key_pass_tmp" @@ -682,7 +682,7 @@ $EASYRSA_EXTRA_EXTS" fi # make safessl-easyrsa.cnf - make_ssl_config + #make_ssl_config key_out_tmp="$(mktemp "$key_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$key_out_tmp" req_out_tmp="$(mktemp "$req_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_3="$req_out_tmp" @@ -802,7 +802,7 @@ Failed to create temp extension file (bad permissions?) at: $EASYRSA_TEMP_EXT" # make safessl-easyrsa.cnf - make_ssl_config + #make_ssl_config # sign request # shellcheck disable=SC2086 @@ -893,7 +893,7 @@ Unable to revoke as no certificate was found. Certificate was expected at: $crt_in" # make safessl-easyrsa.cnf - make_ssl_config + #make_ssl_config # shellcheck disable=SC2086 "$EASYRSA_OPENSSL" ca -utf8 -revoke "$crt_in" -config "$EASYRSA_SAFE_CONF" $opts || die "\ @@ -1003,7 +1003,7 @@ Unable to renew as no certificate was found. Certificate was expected at: $crt_in" # make safessl-easyrsa.cnf - make_ssl_config + #make_ssl_config # Check if old cert is expired or expires within 30 days expire_date=$( @@ -1138,7 +1138,7 @@ gen_crl() { verify_ca_init # make safessl-easyrsa.cnf - make_ssl_config + #make_ssl_config out_file="$EASYRSA_PKI/crl.pem" out_file_tmp="$(mktemp "$out_file.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$out_file_tmp" From cedd50e01e0aafbe7a295d777b7cb401de5eb16d Mon Sep 17 00:00:00 2001 From: Richard Bonhomme Date: Wed, 6 Feb 2019 20:05:42 +0000 Subject: [PATCH 2/2] Prune make_ssl_config Signed-off-by: Richard Bonhomme --- easyrsa3/easyrsa | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index bc72423..0798dbd 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -583,9 +583,6 @@ current CA keypair. If you intended to start a new CA, run init-pki first." "$EASYRSA_OPENSSL" ec -out "$out_key_tmp" $crypto_opts fi - # make safessl-easyrsa.cnf - #make_ssl_config - # create the CA keypair: [ ! $nopass ] && crypto_opts="-passin file:$out_key_pass_tmp" #shellcheck disable=SC2086 @@ -681,9 +678,6 @@ $EASYRSA_EXTRA_EXTS" EASYRSA_SSL_CONF="$EASYRSA_TEMP_CONF" fi - # make safessl-easyrsa.cnf - #make_ssl_config - key_out_tmp="$(mktemp "$key_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$key_out_tmp" req_out_tmp="$(mktemp "$req_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_3="$req_out_tmp" # generate request @@ -801,9 +795,6 @@ $(display_dn req "$req_in") Failed to create temp extension file (bad permissions?) at: $EASYRSA_TEMP_EXT" - # make safessl-easyrsa.cnf - #make_ssl_config - # sign request # shellcheck disable=SC2086 crt_out_tmp="$(mktemp "$crt_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$crt_out_tmp" @@ -892,9 +883,6 @@ $(display_dn x509 "$crt_in") Unable to revoke as no certificate was found. Certificate was expected at: $crt_in" - # make safessl-easyrsa.cnf - #make_ssl_config - # shellcheck disable=SC2086 "$EASYRSA_OPENSSL" ca -utf8 -revoke "$crt_in" -config "$EASYRSA_SAFE_CONF" $opts || die "\ Failed to revoke certificate: revocation command failed." @@ -1002,9 +990,6 @@ $(display_dn x509 "$crt_in") Unable to renew as no certificate was found. Certificate was expected at: $crt_in" - # make safessl-easyrsa.cnf - #make_ssl_config - # Check if old cert is expired or expires within 30 days expire_date=$( "$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -enddate | @@ -1137,9 +1122,6 @@ input in file: $req_in" gen_crl() { verify_ca_init - # make safessl-easyrsa.cnf - #make_ssl_config - out_file="$EASYRSA_PKI/crl.pem" out_file_tmp="$(mktemp "$out_file.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$out_file_tmp" "$EASYRSA_OPENSSL" ca -utf8 -gencrl -out "$out_file_tmp" -config "$EASYRSA_SAFE_CONF" || die "\