nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Options: Expand alias '--days' to all suitable options with a period

Browse Source 
Option alias '--days=NUMBER' can now be used for all other options which
indicate a validity period.

* Option: --days

This global option is an alias for one of the following:
* Expiry days for a new CA.
  eg: '--days=3650 build-ca'
* Expiry days for new/renewed certificate.
  eg: '--days=1095 renew server'
* Expiry days for certificate revokation list.
  eg: '--days=180 gen-crl'
* Cutoff days for commands: show-expire or renewable.
  eg: '--days=90 show-expire'"

The alias '--days' is now ONLY applied to the variable which requires it.
eg: If building a certificate then the appropriate variable for that type
is set. The other possible uses are not set by the same use.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2022-08-31 20:56:35 +01:00
parent ace0a733a5
commit b71bfb478c
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 45 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
easyrsa3/easyrsa
View File

@ -372,8 +372,9 @@ cmd_help() {
* ca - Upgrade EasyRSA v3.0.5 CA or older to EasyRSA v3.0.6 CA or later." * ca - Upgrade EasyRSA v3.0.5 CA or older to EasyRSA v3.0.6 CA or later."
;; ;;
altname|subjectaltname|san) altname|subjectaltname|san)
opt_only=1
text=" text="
* --subject-alt-name=SAN_FORMAT_STRING * Option: --subject-alt-name=SAN_FORMAT_STRING
This global option adds a subjectAltName to the request or issued This global option adds a subjectAltName to the request or issued
certificate. It MUST be in a valid format accepted by openssl or certificate. It MUST be in a valid format accepted by openssl or
@ -387,6 +388,21 @@ cmd_help() {
* DNS:primary.example.net,DNS:alternate.example.net * DNS:primary.example.net,DNS:alternate.example.net
* IP:203.0.113.29 * IP:203.0.113.29
* email:alternate@example.net" * email:alternate@example.net"
;;
days)
opt_only=1
text="
* Option: --days
This global option is an alias for one of the following:
* Expiry days for a new CA.
eg: '--days=3650 build-ca'
* Expiry days for new/renewed certificate.
eg: '--days=1095 renew server'
* Expiry days for certificate revokation list.
eg: '--days=180 gen-crl'
* Cutoff days for commands: show-expire or renewable.
eg: '--days=90 show-expire'"
;; ;;
opts|options) opts|options)
opt_usage opt_usage
@ -400,7 +416,9 @@ cmd_help() {
# display the help text # display the help text
[ "$text" ] && print "${text}${NL}" [ "$text" ] && print "${text}${NL}"
if [ "$text" ] && [ "$opts" ]; then if [ "$text" ] && [ "$opt_only" ]; then
: # ok - No opts message required
elif [ "$text" ] && [ "$opts" ]; then
print "\ print "\
Available command-options (cmd-opts): Available command-options (cmd-opts):
$opts $opts
@ -447,9 +465,7 @@ General options:
Certificate & Request options: (these impact cert/req field values) Certificate & Request options: (these impact cert/req field values)
--days=# : sets the signing validity to the specified number of days --days=# : sets the signing validity to the specified number of days
--renew-days=# : Number of days grace to search for expiring certificates Also applies to renewal period. For details, see: 'help days'
Only effects reporting as a cut-off date for the commands
'renewable' and 'show-expire' (Default: 90 days)
--fix-offset=# : Generate certificate with fixed start and end dates. --fix-offset=# : Generate certificate with fixed start and end dates.
Range 1 to 365 Range 1 to 365
start-date is 01 January 00:00:01 of the current year start-date is 01 January 00:00:01 of the current year
@ -3629,7 +3645,8 @@ status() {
case "$report" in case "$report" in
expire) expire)
notice "\ notice "\
* Showing certificates which expire in less than $EASYRSA_CERT_RENEW days (--renew-days):" * Showing certificates which expire in less than \
$EASYRSA_CERT_RENEW days (--days):"
;; ;;
revoke) revoke)
notice "\ notice "\
@ -3900,7 +3917,7 @@ Priority should be given to your PKI vars file:
# $vars remains undefined .. no vars found # $vars remains undefined .. no vars found
# 'install_data_to_pki vars-setup' will NOT create a default PKI/vars # 'install_data_to_pki vars-setup' will NOT create a default PKI/vars
if [ -z "$vars" ]; then if [ -z "$vars" ]; then
information "No Easy-RSA configuration file exists!" information "No Easy-RSA 'vars' configuration file exists!"
no_new_vars=1 no_new_vars=1
else else
@ -4692,7 +4709,8 @@ trap "exit 14" 15
detect_host detect_host
# Initialisation requirements # Initialisation requirements
unset -v easyrsa_error_exit user_san_true user_vars_true unset -v easyrsa_error_exit user_san_true user_vars_true \
alias_days opt_only
# Parse options # Parse options
while :; do while :; do
@ -4709,28 +4727,19 @@ while :; do
case "$opt" in case "$opt" in
--days) --days)
export EASYRSA_CERT_EXPIRE="$val" case "$val" in
export EASYRSA_CA_EXPIRE="$val"
export EASYRSA_CRL_DAYS="$val"
case "$EASYRSA_CERT_EXPIRE" in
(*[!1234567890]*|0*) (*[!1234567890]*|0*)
print "--days - Number expected: $EASYRSA_CERT_EXPIRE" print "$opt - Number expected: '$val'"
exit 1 exit 1
esac esac
# Set the appropriate date variable when called by command later
alias_days="$val"
;; ;;
--fix-offset) --fix-offset)
export EASYRSA_FIX_OFFSET="$val" export EASYRSA_FIX_OFFSET="$val"
case "$EASYRSA_FIX_OFFSET" in case "$val" in
(*[!1234567890]*|0*) (*[!1234567890]*|0*)
print "--fix-offset - Number expected: $EASYRSA_FIX_OFFSET" print "$opt - Number expected: '$val'"
exit 1
esac
;;
--renew-days)
export EASYRSA_CERT_RENEW="$val"
case "$EASYRSA_CERT_RENEW" in
(*[!1234567890]*|0*)
print "--renew-days - Number expected: $EASYRSA_CERT_RENEW"
exit 1 exit 1
esac esac
;; ;;
@ -4744,9 +4753,9 @@ while :; do
export EASYRSA_ALGO="$val" ;; export EASYRSA_ALGO="$val" ;;
--keysize) --keysize)
export EASYRSA_KEY_SIZE="$val" export EASYRSA_KEY_SIZE="$val"
case "$EASYRSA_KEY_SIZE" in case "$val" in
(*[!1234567890]*|0*) (*[!1234567890]*|0*)
print "--keysize - Number expected: $EASYRSA_KEY_SIZE" print "$opt - Number expected: '$val'"
exit 1 exit 1
esac esac
;; ;;
@ -4803,9 +4812,9 @@ while :; do
export EASYRSA_PASSOUT="$val";; export EASYRSA_PASSOUT="$val";;
--subca-len) --subca-len)
export EASYRSA_SUBCA_LEN="$val" export EASYRSA_SUBCA_LEN="$val"
case "$EASYRSA_SUBCA_LEN" in case "$val" in
(*[!1234567890]*|0*) (*[!1234567890]*|0*)
print "--subca-len - Number expected: $EASYRSA_SUBCA_LEN" print "$opt - Number expected: '$val'"
exit 1 exit 1
esac esac
;; ;;
@ -4862,6 +4871,7 @@ case "$cmd" in
init_pki "$@" init_pki "$@"
;; ;;
build-ca) build-ca)
[ "$alias_days" ] && export EASYRSA_CA_EXPIRE="$alias_days"
build_ca "$@" build_ca "$@"
;; ;;
gen-dh) gen-dh)
@ -4874,18 +4884,23 @@ case "$cmd" in
renew_req "$@" renew_req "$@"
;; ;;
sign|sign-req) sign|sign-req)
[ "$alias_days" ] && export EASYRSA_CERT_EXPIRE="$alias_days"; :
sign_req "$@" sign_req "$@"
;; ;;
build-client-full) build-client-full)
[ "$alias_days" ] && export EASYRSA_CERT_EXPIRE="$alias_days"; :
build_full client "$@" build_full client "$@"
;; ;;
build-server-full) build-server-full)
[ "$alias_days" ] && export EASYRSA_CERT_EXPIRE="$alias_days"; :
build_full server "$@" build_full server "$@"
;; ;;
build-serverClient-full) build-serverClient-full)
[ "$alias_days" ] && export EASYRSA_CERT_EXPIRE="$alias_days"; :
build_full serverClient "$@" build_full serverClient "$@"
;; ;;
gen-crl) gen-crl)
[ "$alias_days" ] && export EASYRSA_CRL_DAYS="$alias_days"; :
gen_crl gen_crl
;; ;;
revoke) revoke)
@ -4895,9 +4910,11 @@ case "$cmd" in
revoke_renewed "$@" revoke_renewed "$@"
;; ;;
renew) renew)
[ "$alias_days" ] && export EASYRSA_CERT_EXPIRE="$alias_days"; :
renew "$@" renew "$@"
;; ;;
renewable) renewable)
[ "$alias_days" ] && export EASYRSA_CERT_RENEW="$alias_days"; :
renewable "$@" renewable "$@"
;; ;;
rewind-renew) rewind-renew)
@ -4946,6 +4963,7 @@ case "$cmd" in
verify_cert "$@" || : verify_cert "$@" || :
;; ;;
show-expire) show-expire)
[ "$alias_days" ] && export EASYRSA_CERT_RENEW="$alias_days"; :
status expire "$@" status expire "$@"
;; ;;
show-revoke) show-revoke)