From 3151860109c26667b457ff57ecf56562131c1333 Mon Sep 17 00:00:00 2001 From: Bob Vincent Date: Mon, 1 Jan 2018 13:43:42 -0500 Subject: [PATCH 1/3] Fix generation of serverAltName. --- easyrsa3/easyrsa | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index e99f6db..3deed0c 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -655,7 +655,7 @@ $(display_dn req "$req_in") if [ "$crt_type" = 'server' ]; then echo "$EASYRSA_EXTRA_EXTS" | grep -q subjectAltName || - print "default_server_san $req_in" + default_server_san $req_in fi # Add any advanced extensions supplied by env-var: From 86c8fc6b4c0d41e1d63e5c29b8131bb67bc07186 Mon Sep 17 00:00:00 2001 From: Bob Vincent Date: Tue, 2 Jan 2018 16:50:14 -0500 Subject: [PATCH 2/3] Fix the --subject-alt-name option. --- easyrsa3/easyrsa | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 3deed0c..406da01 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -279,7 +279,7 @@ Type the word '$value' to continue, or any other input to abort." # remove temp files clean_temp() { - for f in "$EASYRSA_TEMP_FILE" "$EASYRSA_TEMP_FILE_2" "$EASYRSA_TEMP_FILE_3" + for f in "$EASYRSA_TEMP_CONF" "$EASYRSA_TEMP_EXT" "$EASYRSA_TEMP_FILE_2" "$EASYRSA_TEMP_FILE_3" do [ -f "$f" ] && rm "$f" 2>/dev/null done } # => clean_temp() @@ -546,10 +546,10 @@ $EASYRSA_EXTRA_EXTS" }' print "$extra_exts" | \ awk "$awkscript" "$EASYRSA_SSL_CONF" \ - > "$EASYRSA_TEMP_FILE" \ + > "$EASYRSA_TEMP_CONF" \ || die "Copying SSL config to temp file failed" # Use this new SSL config for the rest of this function - EASYRSA_SSL_CONF="$EASYRSA_TEMP_FILE" + EASYRSA_SSL_CONF="$EASYRSA_TEMP_CONF" fi key_out_tmp="$(mktemp "$key_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$key_out_tmp" @@ -662,14 +662,14 @@ $(display_dn req "$req_in") [ -n "$EASYRSA_EXTRA_EXTS" ] && print "$EASYRSA_EXTRA_EXTS" : # needed to keep die from inherting the above test - } > "$EASYRSA_TEMP_FILE" || die "\ + } > "$EASYRSA_TEMP_EXT" || die "\ Failed to create temp extension file (bad permissions?) at: -$EASYRSA_TEMP_FILE" +$EASYRSA_TEMP_EXT" # sign request crt_out_tmp="$(mktemp "$crt_out.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_2="$crt_out_tmp" "$EASYRSA_OPENSSL" ca -utf8 -in "$req_in" -out "$crt_out_tmp" -config "$EASYRSA_SSL_CONF" \ - -extfile "$EASYRSA_TEMP_FILE" -days $EASYRSA_CERT_EXPIRE -batch $opts \ + -extfile "$EASYRSA_TEMP_EXT" -days $EASYRSA_CERT_EXPIRE -batch $opts \ || die "signing failed (openssl output above may have more detail)" mv "$crt_out_tmp" "$crt_out"; EASYRSA_TEMP_FILE_2= notice "\ @@ -1077,7 +1077,8 @@ Note: using Easy-RSA configuration from: $vars" set_var EASYRSA_CRL_DAYS 180 set_var EASYRSA_NS_SUPPORT no set_var EASYRSA_NS_COMMENT "Easy-RSA Generated Certificate" - set_var EASYRSA_TEMP_FILE "$EASYRSA_PKI/extensions.temp" + set_var EASYRSA_TEMP_CONF "$EASYRSA_PKI/openssl-easyrsa.temp" + set_var EASYRSA_TEMP_EXT "$EASYRSA_PKI/extensions.temp" set_var EASYRSA_TEMP_FILE_2 "" set_var EASYRSA_TEMP_FILE_3 "" set_var EASYRSA_REQ_CN ChangeMe From 06fd217ff38e2071b2cc3772308cfb4aa00a6095 Mon Sep 17 00:00:00 2001 From: Bob Vincent Date: Tue, 2 Jan 2018 16:52:16 -0500 Subject: [PATCH 3/3] Allow "--copy-ext" without a value. (https://github.com/OpenVPN/easy-rsa/pull/153) --- easyrsa3/easyrsa | 1 + 1 file changed, 1 insertion(+) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 406da01..4eadf1b 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -1186,6 +1186,7 @@ while :; do --vars) export EASYRSA_VARS_FILE="$val" ;; --copy-ext) + empty_ok=1 export EASYRSA_CP_EXT=1 ;; --subject-alt-name) export EASYRSA_EXTRA_EXTS="\