nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

renew: Use new ssl_cert_x509v3_eku()

Browse Source 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2023-08-05 15:58:25 +01:00
parent 77a0534347
commit 98e9f43be6
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 2 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
easyrsa3/easyrsa
View File

@ -2619,7 +2619,7 @@ inline_creds () {
# Generate data # Generate data
if [ -e "$crt_source" ]; then if [ -e "$crt_source" ]; then
# Get EasyRSA cert type # Get EasyRSA cert type
ssl_cert_x509v3_eku "$1" type_data ssl_cert_x509v3_eku "$crt_source" type_data
crt_data="\ crt_data="\
<cert> <cert>
@ -2971,23 +2971,7 @@ Cannot renew this certificate, a conflicting file exists:
die "Failed to create inline directoy." die "Failed to create inline directoy."
# Extract certificate usage from old cert # Extract certificate usage from old cert
cert_ext_key_usage="$( ssl_cert_x509v3_eku "$crt_in" cert_type
easyrsa_openssl x509 -in "$crt_in" -noout -text |
sed -n "/X509v3 Extended Key Usage:/{n;s/^ *//g;p;}"
)"
case "$cert_ext_key_usage" in
"TLS Web Client Authentication")
cert_type=client
;;
"TLS Web Server Authentication")
cert_type=server
;;
"TLS Web Server Auth"*", TLS Web Client Auth"*)
cert_type=serverClient
;;
*) die "Unknown key usage: $cert_ext_key_usage"
esac
# Use SAN from --san if set else use SAN from old cert # Use SAN from --san if set else use SAN from old cert
if echo "$EASYRSA_EXTRA_EXTS" | grep -q subjectAltName if echo "$EASYRSA_EXTRA_EXTS" | grep -q subjectAltName