nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move creating 'inline' folder from 'build-ca' to 'init-pki'

Browse Source 
This allows a client that has not built a CA to use 'inline'.

The CA and signed client certificate can be sent to the client,
allowing the client to create a complete X509 based inline file,
without creating a redundant CA.

Also, add 'inline' command to the list of commands which do not
require a CA.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2023-08-05 15:58:56 +01:00
parent 98e9f43be6
commit b637e9b695
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
easyrsa3/easyrsa
View File

@ -1335,7 +1335,7 @@ and initialize a fresh PKI here."
fi fi
# new dirs: # new dirs:
for i in private reqs; do for i in private reqs inline; do
mkdir -p "$EASYRSA_PKI/$i" || \ mkdir -p "$EASYRSA_PKI/$i" || \
die "\ die "\
Failed to create PKI file structure (permissions?)" Failed to create PKI file structure (permissions?)"
@ -1656,7 +1656,7 @@ current CA. To start a new CA, run init-pki first."
# create necessary dirs: # create necessary dirs:
err_msg="\ err_msg="\
Unable to create necessary PKI files (permissions?)" Unable to create necessary PKI files (permissions?)"
for i in issued inline certs_by_serial \ for i in issued certs_by_serial \
revoked/certs_by_serial revoked/private_by_serial \ revoked/certs_by_serial revoked/private_by_serial \
revoked/reqs_by_serial revoked/reqs_by_serial
do do
@ -7204,7 +7204,7 @@ case "$cmd" in
require_pki=1 require_pki=1
case "$cmd" in case "$cmd" in
gen-req|gen-dh|build-ca|show-req| \ gen-req|gen-dh|build-ca|show-req| \
make-safe-ssl|export-p*) make-safe-ssl|export-p*|inline)
unset -v require_ca unset -v require_ca
;; ;;
*) *)