nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'new-date-functions' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-new-date-functions

Browse Source 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2023-01-18 21:32:22 +00:00
commit ce16ee77a3
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 266 additions and 159 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

405
easyrsa3/easyrsa
View File

@ -1756,15 +1756,8 @@ File Path: $req_in"
# Get fixed dates by --fix-offset # Get fixed dates by --fix-offset
if [ "$EASYRSA_FIX_OFFSET" ]; then if [ "$EASYRSA_FIX_OFFSET" ]; then
fixed_dates="$( # subshell for debug fixed_cert_dates "$EASYRSA_FIX_OFFSET" \
[ "$EASYRSA_DEBUG" ] && set -x start_fixdate end_fixdate
fixed_cert_dates "$EASYRSA_FIX_OFFSET"
)" # Close subshell
start_fixdate="${fixed_dates% *}"
end_fixdate="${fixed_dates#* }"
unset -v fixed_dates
else
unset -v start_fixdate end_fixdate
fi fi
# When EASYRSA_CP_EXT is defined, adjust openssl's [default_ca] section: # When EASYRSA_CP_EXT is defined, adjust openssl's [default_ca] section:
@ -3447,7 +3440,8 @@ No certificate found for the input: '$crt_in'"
Input is not a valid certificate: $crt_in" Input is not a valid certificate: $crt_in"
# Test SSL out # Test SSL out
if easyrsa_openssl verify -CAfile "$ca_crt" "$crt_in" 1>/dev/null if easyrsa_openssl verify -CAfile "$ca_crt" \
"$crt_in" 1>/dev/null
then then
notice "\ notice "\
Certificate name: $file_name_base Certificate name: $file_name_base
@ -3458,10 +3452,13 @@ Input is not a valid certificate: $crt_in"
Certificate name: $file_name_base Certificate name: $file_name_base
Verfication status: FAILED" Verfication status: FAILED"
# Exit with error (batch mode), otherwise term msg only # Exit with error (batch mode), otherwise term msg only
[ "$exit_with_error" ] && easyrsa_error_exit=1 if [ "$exit_with_error" ]; then
easyrsa_error_exit=1
# Return error for internal callers (status reports) # Return error for internal callers (status reports)
# or command line in --batch mode
return 1 return 1
fi fi
fi
} # => verify_cert() } # => verify_cert()
# verify a file seems to be a valid req/X509 # verify a file seems to be a valid req/X509
@ -3584,54 +3581,62 @@ OpenSSL failure to process the input"
# Set fixed offset dates # Set fixed offset dates
fixed_cert_dates() { fixed_cert_dates() {
# check input
[ "$#" -eq 3 ] || die "fixed_cert_dates - input error"
# Set the start fixed day-number of the Year # Set the start fixed day-number of the Year
start_fix_day_n="$1" start_fix_day_n="$1"
# Check offset is numeric
case "$start_fix_day_n" in
(''|*[!1234567890]*|0*)
die "fixed_cert_dates - Number expected: $start_fix_day_n"
esac
# Check offset range # Check offset range
if [ 1 -gt "$start_fix_day_n" ] || [ 365 -lt "$start_fix_day_n" ] if [ "$start_fix_day_n" -lt 1 ] || \
[ "$start_fix_day_n" -gt 365 ]
then then
die "Fixed off-set range [1-365 days]: $start_fix_day_n" die "\
Fixed off-set range [1-365 days]: $start_fix_day_n"
fi fi
# Final offset is off-by-one, adjust now # Final offset is off-by-one, adjust now
start_fix_day_n="$(( start_fix_day_n - 1 ))" start_fix_day_n="$(( start_fix_day_n - 1 ))"
# Set the end fixed day-number of the Year # Set the end fixed day-number of the Year
end_fix_day_n="$(( start_fix_day_n + EASYRSA_CERT_EXPIRE ))" end_fix_day_n="$((
start_fix_day_n + EASYRSA_CERT_EXPIRE
))"
# OS dependencies # OS dependencies
# busybox - Works best with seconds since epoch # busybox
# busybox can probably do this better, this was writen for 'date'
if busybox date --help > /dev/null 2>&1; then if busybox date --help > /dev/null 2>&1; then
this_year_n="$(busybox date -u +%y)" this_year_n="$(busybox date -u +%y)"
#today_n="$(busybox date -u +%j)" #today_n="$(busybox date -u +%j)"
New_Year_day_s="$( New_Year_day_s="$(
busybox date -u -d "${this_year_n}01010000.01" '+%s' busybox date -u -d \
)" "${this_year_n}01010000.01" '+%s'
)" || die "\
fixed_cert_dates - New_Year_day_s - busybox"
start_fix_day_s="$(( start_fix_day_s="$((
New_Year_day_s + start_fix_day_n * 86400 New_Year_day_s + start_fix_day_n * 86400
))" ))"
end_fix_day_s="$(( end_fix_day_s="$((
start_fix_day_s + EASYRSA_CERT_EXPIRE * 86400 start_fix_day_s + EASYRSA_CERT_EXPIRE * 86400
))" ))"
# Convert to date-stamps for SSL input # Convert to date-stamps for SSL input
start_fix_day_d="$( start_fix_day_d="$(
busybox date -u -d @"${start_fix_day_s}" +%Y%m%d%H%M%SZ busybox date -u -d @"${start_fix_day_s}" \
)" +%Y%m%d%H%M%SZ
)" || die "\
fixed_cert_dates - start_fix_day_d - busybox"
end_fix_day_d="$( end_fix_day_d="$(
busybox date -u -d @"${end_fix_day_s}" +%Y%m%d%H%M%SZ busybox date -u -d @"${end_fix_day_s}" \
)" +%Y%m%d%H%M%SZ
)" || die "\
fixed_cert_dates - end_fix_day_d - busybox"
# Darwin, BSD # Darwin, BSD
elif date -j > /dev/null 2>&1; then elif date -j > /dev/null 2>&1; then
@ -3640,25 +3645,36 @@ fixed_cert_dates() {
#today_n="$(date -u -j +%j)" #today_n="$(date -u -j +%j)"
New_Year_day_d="$( New_Year_day_d="$(
date -u -j -f %y%m%d%H%M%S "${this_year_n}0101000001" \ date -u -j -f %y%m%d%H%M%S \
"${this_year_n}0101000001" \
+%Y%m%d%H%M.%SZ +%Y%m%d%H%M.%SZ
)" )" || die "\
fixed_cert_dates - New_Year_day_d - Darwin"
# Convert to date-stamps for SSL input # Convert to date-stamps for SSL input
start_fix_day_d="$( start_fix_day_d="$(
date -u -j -f %Y%m%d%H%M.%SZ -v "+${start_fix_day_n}d" \ date -u -j -f %Y%m%d%H%M.%SZ -v \
"+${start_fix_day_n}d" \
"$New_Year_day_d" +%Y%m%d%H%M%SZ "$New_Year_day_d" +%Y%m%d%H%M%SZ
)" )" || die "\
end_fix_day_d="$( fixed_cert_dates - start_fix_day_d - Darwin"
date -u -j -f %Y%m%d%H%M.%SZ -v "+${end_fix_day_n}d" \
"$New_Year_day_d" +%Y%m%d%H%M%SZ
)"
end_fix_day_s="$(
date -u -j -f %Y%m%d%H%M.%SZ -v "+${end_fix_day_n}d" \
"$New_Year_day_d" +%s
)"
# Linux and Windows: date.exe does not allow +%s as input end_fix_day_d="$(
date -u -j -f %Y%m%d%H%M.%SZ -v \
"+${end_fix_day_n}d" \
"$New_Year_day_d" +%Y%m%d%H%M%SZ
)" || die "\
fixed_cert_dates - end_fix_day_d - Darwin"
end_fix_day_s="$(
date -u -j -f %Y%m%d%H%M.%SZ -v \
"+${end_fix_day_n}d" \
"$New_Year_day_d" +%s
)" || die "\
fixed_cert_dates - end_fix_day_s - Darwin"
# Linux and Windows
# date.exe does not allow +%s as input
# MacPorts GNU date # MacPorts GNU date
elif this_year_n="$(date -u +%y)"; then elif this_year_n="$(date -u +%y)"; then
@ -3667,33 +3683,57 @@ fixed_cert_dates() {
# New Years day date # New Years day date
New_Year_day_d="$( New_Year_day_d="$(
date -u -d "${this_year_n}-01-01 00:00:01Z" \ date -u -d \
"${this_year_n}-01-01 00:00:01Z" \
'+%Y-%m-%d %H:%M:%SZ' '+%Y-%m-%d %H:%M:%SZ'
)" )" || die "\
fixed_cert_dates - New_Year_day_d - Linux"
# Convert to date-stamps for SSL input # Convert to date-stamps for SSL input
start_fix_day_d="$( start_fix_day_d="$(
date -u -d "$New_Year_day_d +${start_fix_day_n}days" \ date -u -d "$New_Year_day_d \
+${start_fix_day_n}days" \
+%Y%m%d%H%M%SZ +%Y%m%d%H%M%SZ
)" )" || die "\
fixed_cert_dates - start_fix_day_d - Linux"
end_fix_day_d="$( end_fix_day_d="$(
date -u -d "$New_Year_day_d +${end_fix_day_n}days" \ date -u -d "$New_Year_day_d \
+${end_fix_day_n}days" \
+%Y%m%d%H%M%SZ +%Y%m%d%H%M%SZ
)" )" || die "\
fixed_cert_dates - end_fix_day_d - Linux"
end_fix_day_s="$( end_fix_day_s="$(
date -u -d "$New_Year_day_d +${end_fix_day_n}days" +%s date -u -d "$New_Year_day_d \
)" +${end_fix_day_n}days" +%s
)" || die "\
fixed_cert_dates - end_fix_day_s - Linux"
else else
die "Unsupported 'date' program, upgrade your Matrix." die "\
Unsupported 'date' program, upgrade your Matrix."
fi fi
# Return FINAL dates for use in the certificate # Return FINAL dates for use in the certificate
print "$start_fix_day_d $end_fix_day_d" safe_set_var "$2" "$start_fix_day_d" || die "\
fixed_cert_dates - safe_set_var - $2 - $start_fix_day_d"
safe_set_var "$3" "$end_fix_day_d" || die "\
fixed_cert_dates - safe_set_var - $3 - $end_fix_day_d"
# cleanup
unset -v start_fix_day_n start_fix_day_d \
end_fix_day_d end_fix_day_s \
this_year_n New_Year_day_d
} # => fixed_cert_dates() } # => fixed_cert_dates()
# Convert certificate date to timestamp seconds since epoch # Convert certificate date to timestamp seconds since epoch
cert_date_to_timestamp_s() { cert_date_to_timestamp_s() {
# check input
[ "$#" -eq 2 ] || die "\
cert_date_to_timestamp_s - input error"
in_date="$1" in_date="$1"
@ -3701,26 +3741,27 @@ cert_date_to_timestamp_s() {
if busybox date --help > /dev/null 2>&1 if busybox date --help > /dev/null 2>&1
then then
timestamp_s="$( timestamp_s="$(
busybox date -D "%b %e %H:%M:%S %Y" -d "$in_date" +%s \ busybox date -D "%b %e %H:%M:%S %Y" \
2>/dev/null -d "$in_date" +%s 2>/dev/null
)" )" || die "\
return cert_date_to_timestamp_s - out_date_s - busybox"
# Darwin, BSD # Darwin, BSD
elif timestamp_s="$( elif timestamp_s="$(
date -j -f '%b %d %T %Y %Z' "$in_date" +%s \ date -j -f '%b %d %T %Y %Z' \
2>/dev/null "$in_date" +%s 2>/dev/null
)" )"
then return then : # ok
# OS dependencies # OS dependencies
# Linux and Windows: date.exe does not allow +%s as input # Linux and Windows
# date.exe does not allow +%s as input
# MacPorts GNU date # MacPorts GNU date
elif timestamp_s="$( elif timestamp_s="$(
date -d "$in_date" +%s \ date -d "$in_date" +%s \
2>/dev/null 2>/dev/null
)" )"
then return then : # ok
# Something else # Something else
else else
@ -3728,79 +3769,106 @@ cert_date_to_timestamp_s() {
cert_date_to_timestamp_s: cert_date_to_timestamp_s:
'date' failed for 'in_date': $in_date" 'date' failed for 'in_date': $in_date"
fi fi
# Return timestamp_s
safe_set_var "$2" "$timestamp_s" || die "\
cert_date_to_timestamp_s - safe_set_var - $2 - $timestamp_s"
unset -v in_date timestamp_s
} # => cert_date_to_timestamp_s() } # => cert_date_to_timestamp_s()
# Convert system date to X509 certificate style date (+)offset # Convert system date plus offset days
# TODO minus (-)offset # to X509 certificate style date (+)offset
offset_days_to_cert_date() { offset_days_to_cert_date() {
# check input
[ "$#" -eq 2 ] || die "\
offset_days_to_cert_date - input error"
offset="$1" in_offset="$1"
# busybox (Alpine) # busybox (Alpine)
if busybox date --help > /dev/null 2>&1 if busybox date --help > /dev/null 2>&1
then then
cert_type_date="$( offset_date="$(
busybox date -u -d \ busybox date -u -d \
"@$(( $(busybox date +%s) + offset * 86400 ))" \ "@$(( $(busybox date +%s) \
"+%b %d %H:%M:%S %Y %Z" 2>/dev/null + in_offset * 86400 ))" \
)" "+%b %d %H:%M:%S %Y %Z" \
return 2>/dev/null
)" || die "\
offset_days_to_cert_date - offset_date - busybox"
# Darwin, BSD # Darwin, BSD
elif cert_type_date="$( elif offset_date="$(
date -u -j -v "+${offset}d" "+%b %d %H:%M:%S %Y %Z" \ date -u -j -v "+${in_offset}d" \
"+%b %d %H:%M:%S %Y %Z" \
2>/dev/null 2>/dev/null
)" )"
then return then : # ok
# OS dependencies # OS dependencies
# Linux and Windows: date.exe does not allow +%s as input # Linux and Windows
# date.exe does not allow +%s as input
# MacPorts GNU date # MacPorts GNU date
elif cert_type_date="$( elif offset_date="$(
date -u -d "+${offset}days" "+%b %d %H:%M:%S %Y %Z" \ date -u -d "+${in_offset}days" \
"+%b %d %H:%M:%S %Y %Z" \
2>/dev/null 2>/dev/null
)" )"
then return then : # ok
# Something else # Something else
else else
die "\ die "\
offset_days_to_cert_date: offset_days_to_cert_date:
'date' failed for 'offset': $offset" 'date' failed for 'in_offset': $in_offset"
fi fi
# Return offset_date
safe_set_var "$2" "$offset_date" || die "\
offset_days_to_cert_date \
- safe_set_var - $2 - $offset_date"
unset -v in_offset offset_date
} # => offset_days_to_cert_date() } # => offset_days_to_cert_date()
# Convert fixed format date to X509 certificate style date # Convert fixed format date to X509 certificate style date
ff_date_to_cert_date() { ff_date_to_cert_date() {
# check input
[ "$#" -eq 2 ] || die "\
ff_date_to_cert_date - input error"
in_date="$1" in_date="$1"
# busybox # busybox
if busybox date --help > /dev/null 2>&1 if busybox date --help > /dev/null 2>&1
then then
cert_type_date="$( out_date="$(
busybox date -u -D "%y-%m-%d %H:%M:%S%Z" \ busybox date -u \
-d "$in_date" \ -D "%y-%m-%d %H:%M:%S%Z" \
"+%b %d %H:%M:%S %Y %Z" 2>/dev/null -d "$in_date" "+%b %d %H:%M:%S %Y %Z" \
)" 2>/dev/null
return )" || die "\
ff_date_to_cert_date - out_date - busybox"
# Darwin, BSD # Darwin, BSD
elif cert_type_date="$( elif out_date="$(
date -u -j -f '%y-%m-%d %TZ' "$in_date" \ date -u -j -f '%y-%m-%d %TZ' \
"+%b %d %H:%M:%S %Y %Z" 2>/dev/null "$in_date" "+%b %d %H:%M:%S %Y %Z" \
2>/dev/null
)" )"
then return then : # ok
# OS dependencies # OS dependencies
# Linux and Windows # Linux and Windows
# * date.exe does not support format +%s as input # * date.exe does not support format +%s as input
# MacPorts GNU date # MacPorts GNU date
elif cert_type_date="$( elif out_date="$(
date -u -d "$in_date" \ date -u -d "$in_date" \
"+%b %d %H:%M:%S %Y %Z" 2>/dev/null "+%b %d %H:%M:%S %Y %Z" \
2>/dev/null
)" )"
then return then : # ok
# Something else # Something else
else else
@ -3808,29 +3876,46 @@ ff_date_to_cert_date() {
ff_date_to_cert_date: ff_date_to_cert_date:
'date' failed for 'in_date': $in_date" 'date' failed for 'in_date': $in_date"
fi fi
# Return out_date
safe_set_var "$2" "$out_date" || die "\
ff_date_to_cert_date \
- safe_set_var - $2 - $out_date"
unset -v in_date out_date
} # => ff_date_to_cert_date() } # => ff_date_to_cert_date()
# Fixed format date # Fixed format date
# Build a Windows date.exe compatible input field # Build a Windows date.exe compatible input field
db_date_to_ff_date() { db_date_to_ff_date() {
unset -v ff_date # check input
ff_date="$1" [ "$#" -eq 2 ] || die "\
[ "$ff_date" ] || die "ff_date: '$ff_date'" db_date_to_ff_date - input error"
yy="${ff_date%???????????}"
ff_date="${ff_date#"$yy"}" in_date="$1"
mm="${ff_date%?????????}"
ff_date="${ff_date#"$mm"}" yy="${in_date%???????????}"
dd="${ff_date%???????}" in_date="${in_date#"$yy"}"
ff_date="${ff_date#"$dd"}" mm="${in_date%?????????}"
HH="${ff_date%?????}" in_date="${in_date#"$mm"}"
ff_date="${ff_date#"$HH"}" dd="${in_date%???????}"
MM="${ff_date%???}" in_date="${in_date#"$dd"}"
ff_date="${ff_date#"$MM"}" HH="${in_date%?????}"
SS="${ff_date%?}" in_date="${in_date#"$HH"}"
ff_date="${ff_date#"$SS"}" MM="${in_date%???}"
TZ="$ff_date" in_date="${in_date#"$MM"}"
ff_date="${yy}-${mm}-${dd} ${HH}:${MM}:${SS}${TZ}" SS="${in_date%?}"
} # => build_ff_date_string() in_date="${in_date#"$SS"}"
TZ="$in_date"
out_date="${yy}-${mm}-${dd} ${HH}:${MM}:${SS}${TZ}"
# Return out_date
safe_set_var "$2" "$out_date" || die "\
db_date_to_ff_date \
- safe_set_var - $2 - $out_date"
unset -v in_date out_date yy mm dd HH MM SS TZ
} # => db_date_to_ff_date()
# sanatize and set var # sanatize and set var
safe_set_var() { safe_set_var() {
@ -3838,7 +3923,7 @@ safe_set_var() {
# check for simple errors # check for simple errors
case "$1" in case "$1" in
[1234567890]*|*[-.\ ]*) [1234567890]*|*[-.\ ]*)
die "safe_set_var - var" die "safe_set_var - $1"
esac esac
eval "$1"=1 || die "safe_set_var - eval" eval "$1"=1 || die "safe_set_var - eval"
unset -v "$1" || die "safe_set_var - unset" unset -v "$1" || die "safe_set_var - unset"
@ -3857,8 +3942,7 @@ ssl_cert_serial() {
# remove the serial= part -> we only need the XXXX part # remove the serial= part -> we only need the XXXX part
fn_ssl_out="${fn_ssl_out##*=}" fn_ssl_out="${fn_ssl_out##*=}"
shift safe_set_var "$2" "$fn_ssl_out" || \
safe_set_var "$*" "$fn_ssl_out" || \
die "ssl_cert_serial - failed to set var '$*'" die "ssl_cert_serial - failed to set var '$*'"
unset -v fn_ssl_out unset -v fn_ssl_out
@ -3866,38 +3950,42 @@ ssl_cert_serial() {
# Get certificate start date # Get certificate start date
ssl_cert_not_before_date() { ssl_cert_not_before_date() {
[ "$#" = 2 ] || die "ssl_cert_not_before_date - invalid input" [ "$#" = 2 ] || die "\
[ -f "$1" ] || die "ssl_cert_not_before_date - missing cert" ssl_cert_not_before_date - invalid input"
[ -f "$1" ] || die "\
ssl_cert_not_before_date - missing cert"
fn_ssl_out="$( fn_ssl_out="$(
unset -v EASYRSA_DEBUG unset -v EASYRSA_DEBUG
easyrsa_openssl x509 -in "$1" -noout -startdate easyrsa_openssl x509 -in "$1" -noout -startdate
)" || die "ssl_cert_not_before_date - failed: -startdate" )" || die "\
ssl_cert_not_before_date - failed: -startdate"
fn_ssl_out="${fn_ssl_out#*=}" fn_ssl_out="${fn_ssl_out#*=}"
shift safe_set_var "$2" "$fn_ssl_out" || die "\
safe_set_var "$*" "$fn_ssl_out" || \ ssl_cert_not_before_date - failed to set var '$*'"
die "ssl_cert_not_before_date - failed to set var '$*'"
unset -v fn_ssl_out unset -v fn_ssl_out
} # => ssl_cert_not_before_date() } # => ssl_cert_not_before_date()
# Get certificate end date # Get certificate end date
ssl_cert_not_after_date() { ssl_cert_not_after_date() {
[ "$#" = 2 ] || die "ssl_cert_not_after_date - invalid input" [ "$#" = 2 ] || die "\
[ -f "$1" ] || die "ssl_cert_not_after_date - missing cert" ssl_cert_not_after_date - invalid input"
[ -f "$1" ] || die "\
ssl_cert_not_after_date - missing cert"
fn_ssl_out="$( fn_ssl_out="$(
unset -v EASYRSA_DEBUG unset -v EASYRSA_DEBUG
easyrsa_openssl x509 -in "$1" -noout -enddate easyrsa_openssl x509 -in "$1" -noout -enddate
)" || die "ssl_cert_not_after_date - failed: -enddate" )" || die "\
ssl_cert_not_after_date - failed: -enddate"
fn_ssl_out="${fn_ssl_out#*=}" fn_ssl_out="${fn_ssl_out#*=}"
shift safe_set_var "$2" "$fn_ssl_out" || die "\
safe_set_var "$*" "$fn_ssl_out" || \ ssl_cert_not_after_date - failed to set var '$*'"
die "ssl_cert_not_after_date - failed to set var '$*'"
unset -v fn_ssl_out unset -v fn_ssl_out
} # => ssl_cert_not_after_date() } # => ssl_cert_not_after_date()
@ -4005,30 +4093,40 @@ serial mismatch:
fi fi
#cert_source=issued #cert_source=issued
ssl_cert_not_after_date "$cert_issued" cert_not_after_date ssl_cert_not_after_date \
"$cert_issued" cert_not_after_date
else else
# Translate db date to usable date # Translate db date to usable date
#cert_source=database #cert_source=database
db_date_to_ff_date "$db_notAfter" # Assigns ff_date ff_date=
ff_date_to_cert_date "$ff_date" # Assigns cert_type_date db_date_to_ff_date "$db_notAfter" ff_date
cert_type_date=
ff_date_to_cert_date "$ff_date" cert_type_date
# Use db translated date # Use db translated date
cert_not_after_date="$cert_type_date" cert_not_after_date="$cert_type_date"
fi fi
# Get timestamp seconds for certificate expiry date # Get timestamp seconds for certificate expiry date
cert_date_to_timestamp_s "$cert_not_after_date" # Assigns timestamp_s cert_expire_date_s=
cert_expire_date_s="$timestamp_s" cert_date_to_timestamp_s \
"$cert_not_after_date" cert_expire_date_s
# Set the cutoff date for expiry comparison # Set the cutoff date for expiry comparison
offset_days_to_cert_date "$EASYRSA_CERT_RENEW" # Assigns cert_type_date cert_type_date=
cert_date_to_timestamp_s "$cert_type_date" # Assigns timestamp_s offset_days_to_cert_date \
cutoff_date_s="$timestamp_s" "$EASYRSA_CERT_RENEW" cert_type_date
cutoff_date_s=
cert_date_to_timestamp_s \
"$cert_type_date" cutoff_date_s
# Set NOW date for expiry comparison # Set NOW date for expiry comparison
offset_days_to_cert_date 0 # Assigns cert_type_date cert_type_date=
cert_date_to_timestamp_s "$cert_type_date" # Assigns timestamp_s offset_days_to_cert_date \
now_date_s="$timestamp_s" 0 cert_type_date
now_date_s=
cert_date_to_timestamp_s \
"$cert_type_date" now_date_s
if [ "$cert_expire_date_s" -lt "$cutoff_date_s" ]; then if [ "$cert_expire_date_s" -lt "$cutoff_date_s" ]; then
# Cert expires in less than grace period # Cert expires in less than grace period
@ -4048,8 +4146,10 @@ serial mismatch:
revoke_status() { revoke_status() {
# Translate db date to usable date # Translate db date to usable date
#source_date=database #source_date=database
db_date_to_ff_date "$db_revoke_date" # Assigns ff_date ff_date=
ff_date_to_cert_date "$ff_date" # Assigns cert_type_date db_date_to_ff_date "$db_revoke_date" ff_date
cert_type_date=
ff_date_to_cert_date "$ff_date" cert_type_date
# Use db translated date # Use db translated date
cert_revoke_date="$cert_type_date" cert_revoke_date="$cert_type_date"
@ -5427,7 +5527,8 @@ case "$cmd" in
init_pki "$@" init_pki "$@"
;; ;;
build-ca) build-ca)
[ "$alias_days" ] && export EASYRSA_CA_EXPIRE="$alias_days"; : [ -z "$alias_days" ] || \
export EASYRSA_CA_EXPIRE="$alias_days"
build_ca "$@" build_ca "$@"
;; ;;
gen-dh) gen-dh)
@ -5437,23 +5538,28 @@ case "$cmd" in
gen_req "$@" gen_req "$@"
;; ;;
sign|sign-req) sign|sign-req)
[ "$alias_days" ] && export EASYRSA_CERT_EXPIRE="$alias_days"; : [ -z "$alias_days" ] || \
export EASYRSA_CERT_EXPIRE="$alias_days"
sign_req "$@" sign_req "$@"
;; ;;
build-client-full) build-client-full)
[ "$alias_days" ] && export EASYRSA_CERT_EXPIRE="$alias_days"; : [ -z "$alias_days" ] || \
export EASYRSA_CERT_EXPIRE="$alias_days"
build_full client "$@" build_full client "$@"
;; ;;
build-server-full) build-server-full)
[ "$alias_days" ] && export EASYRSA_CERT_EXPIRE="$alias_days"; : [ -z "$alias_days" ] || \
export EASYRSA_CERT_EXPIRE="$alias_days"
build_full server "$@" build_full server "$@"
;; ;;
build-serverClient-full) build-serverClient-full)
[ "$alias_days" ] && export EASYRSA_CERT_EXPIRE="$alias_days"; : [ -z "$alias_days" ] || \
export EASYRSA_CERT_EXPIRE="$alias_days"
build_full serverClient "$@" build_full serverClient "$@"
;; ;;
gen-crl) gen-crl)
[ "$alias_days" ] && export EASYRSA_CRL_DAYS="$alias_days"; : [ -z "$alias_days" ] || \
export EASYRSA_CRL_DAYS="$alias_days"
gen_crl gen_crl
;; ;;
revoke) revoke)
@ -5463,14 +5569,16 @@ case "$cmd" in
revoke_renewed "$@" revoke_renewed "$@"
;; ;;
renew) renew)
[ "$alias_days" ] && export EASYRSA_CERT_EXPIRE="$alias_days"; : [ -z "$alias_days" ] || \
export EASYRSA_CERT_EXPIRE="$alias_days"
renew "$@" renew "$@"
;; ;;
rewind-renew) rewind-renew)
rewind_renew "$@" rewind_renew "$@"
;; ;;
rebuild) rebuild)
[ "$alias_days" ] && export EASYRSA_CERT_EXPIRE="$alias_days"; : [ -z "$alias_days" ] || \
export EASYRSA_CERT_EXPIRE="$alias_days"
rebuild "$@" rebuild "$@"
;; ;;
import-req) import-req)
@ -5513,13 +5621,11 @@ case "$cmd" in
show_ca "$@" show_ca "$@"
;; ;;
verify) verify)
# using internal 'batch' mode, this can return an error verify_cert "$@"
# Ignore the error here, catch the error if used internally
# eg. show-expire/expire_status
verify_cert "$@" || :
;; ;;
show-expire) show-expire)
[ "$alias_days" ] && export EASYRSA_CERT_RENEW="$alias_days"; : [ -z "$alias_days" ] || \
export EASYRSA_CERT_RENEW="$alias_days"
status expire "$@" status expire "$@"
;; ;;
show-revoke) show-revoke)
@ -5544,7 +5650,8 @@ case "$cmd" in
print_version print_version
;; ;;
*) *)
die "Unknown command '$cmd'. Run without commands for usage help." die "\
Unknown command '$cmd'. Run without commands for usage help."
esac esac
# Check for untrapped errors # Check for untrapped errors