Merge branch 'sanatize_and_set_var' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-sanatize_and_set_var
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme
commit
b5228f76d0
@ -1256,8 +1256,7 @@ get_passphrase() {
|
|||||||
if [ "${#r}" -lt 4 ]; then
|
if [ "${#r}" -lt 4 ]; then
|
||||||
printf '\n%s\n' "Passphrase must be at least 4 characters!"
|
printf '\n%s\n' "Passphrase must be at least 4 characters!"
|
||||||
else
|
else
|
||||||
unset -v "$@"
|
safe_set_var "$*" "$r" || die "Passphrase error!"
|
||||||
set_var "$@" "$r" || die "Passphrase error!"
|
|
||||||
unset -v r
|
unset -v r
|
||||||
print
|
print
|
||||||
return 0
|
return 0
|
||||||
@ -3714,48 +3713,72 @@ db_date_to_ff_date() {
|
|||||||
ff_date="${yy}-${mm}-${dd} ${HH}:${MM}:${SS}${TZ}"
|
ff_date="${yy}-${mm}-${dd} ${HH}:${MM}:${SS}${TZ}"
|
||||||
} # => build_ff_date_string()
|
} # => build_ff_date_string()
|
||||||
|
|
||||||
|
# sanatize and set var
|
||||||
|
safe_set_var() {
|
||||||
|
[ "$#" -eq 2 ] || return 1
|
||||||
|
# check for simple errors
|
||||||
|
case "$1" in
|
||||||
|
[1234567890]*|*-*|"* *") return 1
|
||||||
|
esac
|
||||||
|
eval "$1"=1 || return 1
|
||||||
|
unset -v "$1" || return 1
|
||||||
|
set_var "$1" "$2" || return 1
|
||||||
|
} # => safe_set_var()
|
||||||
|
|
||||||
# get the serial number of the certificate -> serial=XXXX
|
# get the serial number of the certificate -> serial=XXXX
|
||||||
ssl_cert_serial() {
|
ssl_cert_serial() {
|
||||||
[ "$#" = 2 ] || die "ssl_cert_serial - invalid input"
|
[ "$#" = 2 ] || die "ssl_cert_serial - invalid input"
|
||||||
[ -f "$1" ] || die "ssl_cert_serial - missing cert"
|
[ -f "$1" ] || die "ssl_cert_serial - missing cert"
|
||||||
verify_file x509 "$1" || die "ssl_cert_serial - invalid cert"
|
|
||||||
|
|
||||||
fn_ssl_out="$(
|
fn_ssl_out="$(
|
||||||
unset -v EASYRSA_DEBUG
|
unset -v EASYRSA_DEBUG
|
||||||
easyrsa_openssl x509 -in "$1" -noout -serial
|
easyrsa_openssl x509 -in "$1" -noout -serial
|
||||||
)" || die "ssl_cert_serial - failed to get serial"
|
)" || die "ssl_cert_serial - failed: -serial"
|
||||||
shift
|
|
||||||
|
|
||||||
# remove the serial= part -> we only need the XXXX part
|
# remove the serial= part -> we only need the XXXX part
|
||||||
fn_ssl_out="${fn_ssl_out##*=}"
|
fn_ssl_out="${fn_ssl_out##*=}"
|
||||||
|
|
||||||
unset -v "$@"
|
shift
|
||||||
set_var "$@" "$fn_ssl_out" || \
|
safe_set_var "$*" "$fn_ssl_out" || \
|
||||||
die "ssl_cert_serial - failed to set variable '$*'"
|
die "ssl_cert_serial - failed to set var '$*'"
|
||||||
|
|
||||||
unset -v fn_ssl_out
|
unset -v fn_ssl_out
|
||||||
} # => ssl_cert_serial()
|
} # => ssl_cert_serial()
|
||||||
|
|
||||||
# Get certificate start date
|
# Get certificate start date
|
||||||
ssl_cert_not_before_date() {
|
ssl_cert_not_before_date() {
|
||||||
[ "$1" ] || die "ssl_cert_not_before_date - Invalid input"
|
[ "$#" = 2 ] || die "ssl_cert_not_before_date - invalid input"
|
||||||
|
[ -f "$1" ] || die "ssl_cert_not_before_date - missing cert"
|
||||||
|
|
||||||
fn_ssl_out="$(
|
fn_ssl_out="$(
|
||||||
unset -v EASYRSA_DEBUG
|
unset -v EASYRSA_DEBUG
|
||||||
easyrsa_openssl x509 -in "$1" -noout -startdate
|
easyrsa_openssl x509 -in "$1" -noout -startdate
|
||||||
)" || die "ssl_cert_not_before_date - failed: -startdate"
|
)" || die "ssl_cert_not_before_date - failed: -startdate"
|
||||||
# 'cert_not_before_date' is *not* used, at this time..
|
|
||||||
# disable #shellcheck disable=SC2034 # Prefer to keep warning
|
fn_ssl_out="${fn_ssl_out#*=}"
|
||||||
cert_not_before_date="${fn_ssl_out#*=}"
|
|
||||||
|
shift
|
||||||
|
safe_set_var "$*" "$fn_ssl_out" || \
|
||||||
|
die "ssl_cert_not_before_date - failed to set var '$*'"
|
||||||
|
|
||||||
unset -v fn_ssl_out
|
unset -v fn_ssl_out
|
||||||
} # => ssl_cert_not_before_date()
|
} # => ssl_cert_not_before_date()
|
||||||
|
|
||||||
# Get certificate end date
|
# Get certificate end date
|
||||||
ssl_cert_not_after_date() {
|
ssl_cert_not_after_date() {
|
||||||
[ "$1" ] || die "ssl_cert_not_after_date - Invalid input"
|
[ "$#" = 2 ] || die "ssl_cert_not_after_date - invalid input"
|
||||||
|
[ -f "$1" ] || die "ssl_cert_not_after_date - missing cert"
|
||||||
|
|
||||||
fn_ssl_out="$(
|
fn_ssl_out="$(
|
||||||
unset -v EASYRSA_DEBUG
|
unset -v EASYRSA_DEBUG
|
||||||
easyrsa_openssl x509 -in "$1" -noout -enddate
|
easyrsa_openssl x509 -in "$1" -noout -enddate
|
||||||
)" || die "ssl_cert_not_after_date - failed: -enddate"
|
)" || die "ssl_cert_not_after_date - failed: -enddate"
|
||||||
cert_not_after_date="${fn_ssl_out#*=}"
|
|
||||||
|
fn_ssl_out="${fn_ssl_out#*=}"
|
||||||
|
|
||||||
|
shift
|
||||||
|
safe_set_var "$*" "$fn_ssl_out" || \
|
||||||
|
die "ssl_cert_not_after_date - failed to set var '$*'"
|
||||||
|
|
||||||
unset -v fn_ssl_out
|
unset -v fn_ssl_out
|
||||||
} # => ssl_cert_not_after_date()
|
} # => ssl_cert_not_after_date()
|
||||||
|
|
||||||
@ -3862,7 +3885,7 @@ serial mismatch:
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
#cert_source=issued
|
#cert_source=issued
|
||||||
ssl_cert_not_after_date "$cert_issued" # Assigns cert_not_after_date
|
ssl_cert_not_after_date "$cert_issued" cert_not_after_date
|
||||||
|
|
||||||
else
|
else
|
||||||
# Translate db date to usable date
|
# Translate db date to usable date
|
||||||
@ -3961,7 +3984,7 @@ serial mismatch:
|
|||||||
|
|
||||||
# Use cert date
|
# Use cert date
|
||||||
# Assigns cert_not_after_date
|
# Assigns cert_not_after_date
|
||||||
ssl_cert_not_after_date "$cert_file_in"
|
ssl_cert_not_after_date "$cert_file_in" cert_not_after_date
|
||||||
|
|
||||||
# Highlight renewed/cert_by_serial
|
# Highlight renewed/cert_by_serial
|
||||||
if [ "$renew_is_old" ]; then
|
if [ "$renew_is_old" ]; then
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user