Update default certificate length, comments

- Resolve #57, set default certificate length to 1080 days, leaves CA certifcates at 3650 - Add EasyRSA version to certificate comment for later troubleshooting and identification. Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
2018-08-23 16:51:17 -05:00 · 2018-08-23 16:51:17 -05:00 · 97e1501424
commit 97e1501424
parent 6235086142
2 changed files with 7 additions and 3 deletions
--- a/build/build-dist.sh
+++ b/build/build-dist.sh
@ -73,9 +73,11 @@ stage_unix() {
 	src_files="easyrsa3/ Licensing/ COPYING.md ChangeLog README.md README.quickstart.md"
 	for f in $src_files
 	do
+		sed -i -e "s/~~~/$VERSION/" "$SRC_ROOT/$f"
 		cp -a "$SRC_ROOT/$f" "$DIST_ROOT/unix/$PV" || die "failed to copy $f"
 	done
 	
+	sed -i -e "s/~~~/$VERSION/" "$SRC_ROOT/$f"
 	cp -R "$SRC_ROOT/doc" "$DIST_ROOT/unix/$PV/" || die "failed to copy unix doc"

 	# files not included
@ -92,6 +94,7 @@ stage_win() {
 	for f in $SRC_ROOT/doc/*.md;
 	do
 		fname=$(basename "$f" .md)
+		sed -i -e "s/~~~/$VERSION/" "$SRC_ROOT/$f"
 		python -m markdown "$f" > "$DIST_ROOT/windows/$PV/doc/$fname.html"
 	done
 	
@ -103,6 +106,7 @@ stage_win() {
 	src_files="easyrsa3/ ChangeLog COPYING.md"
 	for f in $src_files
 	do
+		sed -i -e "s/~~~/$VERSION/" "$SRC_ROOT/$f"
 		cp -a "$SRC_ROOT/$f" "$DIST_ROOT/windows/$PV" || die "failed to copy $f"
 	done
 	
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@ -2,7 +2,7 @@

 # Easy-RSA 3 -- A Shell-based CA Utility
 #
-# Copyright (C) 2013 by the Open-Source OpenVPN development community.
+# Copyright (C) 2018 by the Open-Source OpenVPN development community.
 # A full list of contributors can be found in the ChangeLog.
 #
 # This code released under version 2 of the GNU GPL; see COPYING and the
@ -1169,10 +1169,10 @@ Note: using Easy-RSA configuration from: $vars"
 	set_var EASYRSA_CURVE		secp384r1
 	set_var EASYRSA_EC_DIR		"$EASYRSA_PKI/ecparams"
 	set_var EASYRSA_CA_EXPIRE	3650
-	set_var EASYRSA_CERT_EXPIRE	3650
+	set_var EASYRSA_CERT_EXPIRE	1080 # new default of 36 months
 	set_var EASYRSA_CRL_DAYS	180
 	set_var EASYRSA_NS_SUPPORT	no
-	set_var EASYRSA_NS_COMMENT	"Easy-RSA Generated Certificate"
+	set_var EASYRSA_NS_COMMENT	"Easy-RSA (~~~) Generated Certificate"
 	set_var EASYRSA_TEMP_CONF	"$EASYRSA_PKI/openssl-easyrsa.temp"
 	set_var EASYRSA_TEMP_EXT	"$EASYRSA_PKI/extensions.temp"
 	set_var EASYRSA_TEMP_FILE_2	""