Support for clientServer

Merging PR #38 Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
2019-01-11 11:58:00 -06:00 · 2019-01-11 11:58:00 -06:00 · bebd71e76f
commit bebd71e76f
parent e71f2013c7
3 changed files with 25 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,4 @@
-easyrsa3/pki/*
+easyrsa3/pki
 easyrsa3/vars
 dist-staging
 easyrsa3/safessl-easyrsa.cnf
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@ -33,7 +33,12 @@ Here is the list of commands available with a short syntax reminder. Use the
  sign-req <type> <filename_base>
  build-client-full <filename_base> [ cmd-opts ]
  build-server-full <filename_base> [ cmd-opts ]
+<<<<<<< HEAD
  revoke <filename_base> [cmd-opts]
+=======
+  build-serverClient-full <filename_base> [ cmd-opts ]
+  revoke <filename_base>
+>>>>>>> 3ec93810e45d1e684f902a9847a1afe3ffc87a04
  gen-crl
  update-db
  show-req <filename_base> [ cmd-opts ]
@ -85,14 +90,15 @@ cmd_help() {
 		sign|sign-req) text="
  sign-req <type> <filename_base>
      Sign a certificate request of the defined type. <type> must be a known
-      type such as 'client', 'server', or 'ca' (or a user-added type.)
+      type such as 'client', 'server', 'serverClient', or 'ca' (or a user-added type.)

      This request file must exist in the reqs/ dir and have a .req file
      extension. See import-req below for importing reqs from other sources." ;;
-		build|build-client-full|build-server-full) text="
+		build|build-client-full|build-server-full|build-serverClient-full) text="
  build-client-full <filename_base> [ cmd-opts ]
  build-server-full <filename_base> [ cmd-opts ]
-      Generate a keypair and sign locally for a client or server
+  build-serverClient-full <filename_base> [ cmd-opts ]
+      Generate a keypair and sign locally for a client and/or server

      This mode uses the <filename_base> as the X509 CN."
 			opts="
@ -761,9 +767,10 @@ $(display_dn req "$req_in")
 			[ -n "$EASYRSA_NS_COMMENT" ] && \
 				print "nsComment = \"$EASYRSA_NS_COMMENT\""
 			case "$crt_type" in
-				server)	print "nsCertType = server" ;;
-				client)	print "nsCertType = client" ;;
-				ca)	print "nsCertType = sslCA" ;;
+				serverClient)	print "nsCertType = serverClient" ;;
+				server)		print "nsCertType = server" ;;
+				client)		print "nsCertType = client" ;;
+				ca)		print "nsCertType = sslCA" ;;
 			esac
 		fi

@ -1415,6 +1422,9 @@ case "$cmd" in
 	build-server-full)
 		build_full server "$@"
 		;;
+	build-serverClient-full)
+		build_full serverClient "$@"
+		;;
 	gen-crl)
 		gen_crl
 		;;
--- a/easyrsa3/x509-types/serverClient
+++ b/easyrsa3/x509-types/serverClient
@ -0,0 +1,8 @@
+# X509 extensions for a client/server
+
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = serverAuth,clientAuth
+keyUsage = digitalSignature,keyEncipherment
+