diff --git a/ChangeLog b/ChangeLog index d065a8b..ad6fa69 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,22 +1,21 @@ Easy-RSA 3 ChangeLog 3.1.1 (TBD) - * Resolve long-standing issue with --subca-len=N (#691) + * Remove command 'renewable' (#715) * Expand 'show-renew', include 'renewed/certs_by_serial' (#700) - * Introduce 'renew' (version 3). Only renew cert (#688) + * Resolve long-standing issue with --subca-len=N (#691) + * ++ NOTICE: Add EasyRSA-Renew-and-Revoke.md (#690) * Require 'openssl-easyrsa.cnf' is up to date (#695} + * Introduce 'renew' (version 3). Only renew cert (#688) * Always ensure X509-types files exist (#581 #696) - * Remove renew-req (#684) - * Re-enable use of '--vars=FILE init-pki' #640 (Revert #566) + * Expand alias '--days' to all suitable options with a period (#674) * Introduce --keep-tmp, keep temp files for debugging (#667) - * Introduce Quiet mode option -q|--quiet, disable information output - 8b7e79096b18afc5c61bfbaee204c1f7401f0019 - * Introduce renew-req, create a new CSR for an existing key (#616) - Superseded by #684 + * Introduce Option -q|--quiet, disable information output (#703) * Add serialNumber (OID 2.5.4.5) to DN 'org' mode (#606) * Support ampersand and dollar-sign in vars file (#590) * Introduce 'rewind-renew' (#579) * Expand status reports to include checking a single cert (#577) + * Introduce 'revoke-renewed' (#547) * update OpenSSL for Windows to 3.0.5 3.1.0 (2022-05-18) @@ -27,7 +26,6 @@ Easy-RSA 3 ChangeLog * Allow certificates to be created with fixed date offset (#550) * Add 'verify' to verify certificate against CA (#549) * Add PKCS#12 alias 'friendlyName' (#544) - * Disallow use of '--vars=FILE init-pki' (#566) * Support multiple IP-Addresses in SAN (#564) * Add option '--renew-days=NN', custom renew grace period (#557) * Add 'nopass' option to the 'export-pkcs' functions (#411) diff --git a/doc/EasyRSA-Contributing.md b/doc/EasyRSA-Contributing.md index 35b2cbb..b4becec 100644 --- a/doc/EasyRSA-Contributing.md +++ b/doc/EasyRSA-Contributing.md @@ -53,6 +53,8 @@ Contributing Guide git commit -sS ``` + Please write a detailed commit message. + github `help` has details of creating a private key. Using github `no-reply` email address is suitable for the `Signed-off-by:` diff --git a/doc/EasyRSA-Renew-and-Revoke.md b/doc/EasyRSA-Renew-and-Revoke.md index 371b58c..7b338d0 100644 --- a/doc/EasyRSA-Renew-and-Revoke.md +++ b/doc/EasyRSA-Renew-and-Revoke.md @@ -120,3 +120,11 @@ The follow is an exhaustive list of available `reason` codes: - `certificateHold` `reason` must be one of these codes, otherwise not be used. + + +About command `rebuild` +----------------------- + +If `rebuild` is used then the output directory of old certificate, key and +request is also the `renewed` directory. Use **`revoke-renewed`** to revoke +an old certificate/key pair, which has been _rebuilt_ by command `rebuild`. diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 71f7110..e74ab98 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -1141,7 +1141,9 @@ install_data_to_pki () { # Currently, *if* 'vars' is copied to the PKI then the PKI 'vars' will take # priority over './vars'. But it will not be updated if './vars' is changed. # -# Copying 'vars' to the PKI is complicated, code is included but DISABLED. +# For that reason a vars file in the PKI is only created during init-pki. +# For old PKIs where vars is elsewhere a warning is issued that the PKI +# folder is the preferred location of vars. # debug log on if [ "$EASYRSA_DEBUG" ]; then print ">> DEBUG-ON <<"; set -x; fi