Merge branch 'TinCanTech-remove-renew-req'
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme
commit
d7aa481587
@ -1,11 +1,13 @@
|
||||
Easy-RSA 3 ChangeLog
|
||||
|
||||
3.1.1 (TBD)
|
||||
* Remove renew-req (#684)
|
||||
* Re-enable use of '--vars=FILE init-pki' #640 (Revert #566)
|
||||
* Introduce --keep-tmp, keep temp files for debugging (#667)
|
||||
* Introduce Quiet mode option -q|--quiet, disable information output
|
||||
8b7e79096b18afc5c61bfbaee204c1f7401f0019
|
||||
* Introduce renew-req, create a new CSR for an existing key (#616)
|
||||
Superseded by #684
|
||||
* Add serialNumber (OID 2.5.4.5) to DN 'org' mode (#606)
|
||||
* Support ampersand and dollar-sign in vars file (#590)
|
||||
* Introduce 'rewind-renew' (#579)
|
||||
|
||||
109
easyrsa3/easyrsa
109
easyrsa3/easyrsa
@ -36,7 +36,6 @@ Here is the list of commands available with a short syntax reminder. Use the
|
||||
build-server-full <file_name_base> [ cmd-opts ]
|
||||
build-serverClient-full <file_name_base> [ cmd-opts ]
|
||||
revoke <file_name_base> [cmd-opts]
|
||||
renew-req <file_name_base> [cmd-opts]
|
||||
renew <file_name_base> [cmd-opts]
|
||||
renewable [ <file_name_base> ]
|
||||
revoke-renewed <file_name_base> [cmd-opts]
|
||||
@ -109,17 +108,6 @@ cmd_help() {
|
||||
* gen-dh
|
||||
|
||||
Generates DH (Diffie-Hellman) parameters"
|
||||
;;
|
||||
renew-req)
|
||||
text="
|
||||
* renew-req <file_name_base> [ cmd-opts ]
|
||||
|
||||
Generate a certificate signing request [CSR] from an existing private key.
|
||||
|
||||
This request is suitable for sending to a remote CA for signing."
|
||||
|
||||
opts="
|
||||
* text - Include certificate text in request"
|
||||
;;
|
||||
gen-req)
|
||||
text="
|
||||
@ -1860,100 +1848,6 @@ inline_creds ()
|
||||
} > "$inline_file"
|
||||
} # => inline_creds ()
|
||||
|
||||
# renew-req backend:
|
||||
# Create a new CSR with existing private key
|
||||
renew_req() {
|
||||
# pull filename base and use as default interactive CommonName:
|
||||
[ "$1" ] || die "\
|
||||
Error: gen-req must have a file base as the first argument.
|
||||
Run easyrsa without commands for usage and commands."
|
||||
|
||||
key_in="$EASYRSA_PKI/private/$1.key"
|
||||
req_out="$EASYRSA_PKI/reqs/$1.req"
|
||||
|
||||
# Set the request commonName
|
||||
EASYRSA_REQ_CN="$1"
|
||||
shift
|
||||
|
||||
# Verify PKI has been initialised
|
||||
verify_pki_init
|
||||
|
||||
# function opts support
|
||||
unset -v text nopass ssl_batch
|
||||
while [ "$1" ]; do
|
||||
case "$1" in
|
||||
text) text=1 ;;
|
||||
nopass) nopass=1 ;;
|
||||
*) warn "Ignoring unknown command option: '$1'"
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
# an existing private key must exist
|
||||
[ -f "$key_in" ] || die "Private key required: $key_in"
|
||||
|
||||
# don't wipe out an existing request without confirmation
|
||||
[ -f "$req_out" ] && confirm "Confirm request overwrite: " "yes" "\
|
||||
|
||||
WARNING!!!
|
||||
|
||||
An existing request file was found at $req_out
|
||||
Continuing with request generation will replace this request file."
|
||||
|
||||
# When EASYRSA_EXTRA_EXTS is defined, append it to openssl's [req] section:
|
||||
if [ "$EASYRSA_EXTRA_EXTS" ]; then
|
||||
# Setup & insert the extra ext data keyed by a magic line
|
||||
extra_exts="
|
||||
req_extensions = req_extra
|
||||
[ req_extra ]
|
||||
$EASYRSA_EXTRA_EXTS"
|
||||
# shellcheck disable=SC2016 # vars don't expand in single quote
|
||||
awkscript='
|
||||
{if ( match($0, "^#%EXTRA_EXTS%") )
|
||||
{ while ( getline<"/dev/stdin" ) {print} next }
|
||||
{print}
|
||||
}'
|
||||
conf_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
|
||||
print "$extra_exts" | \
|
||||
awk "$awkscript" "$EASYRSA_SSL_CONF" \
|
||||
> "$conf_tmp" \
|
||||
|| die "Copying SSL config to temp file failed"
|
||||
# Use this new SSL config for the rest of this function
|
||||
EASYRSA_SSL_CONF="$conf_tmp"
|
||||
fi
|
||||
|
||||
# Name temp files
|
||||
req_out_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
|
||||
|
||||
# Set Edwards curve name or elliptic curve parameters file
|
||||
algo_opts=""
|
||||
if [ "ed" = "$EASYRSA_ALGO" ]; then
|
||||
algo_opts="$EASYRSA_CURVE"
|
||||
else
|
||||
algo_opts="$EASYRSA_ALGO:$EASYRSA_ALGO_PARAMS"
|
||||
fi
|
||||
|
||||
# Generate request
|
||||
easyrsa_openssl req -utf8 -batch -new \
|
||||
-key "$key_in" -out "$req_out_tmp" \
|
||||
${nopass+ "$no_password"} \
|
||||
${text+ -text} \
|
||||
${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} \
|
||||
|| die "Failed to generate request"
|
||||
|
||||
# Move temp-files to target-files
|
||||
mv "$req_out_tmp" "$req_out"
|
||||
|
||||
# Success messages
|
||||
notice "\
|
||||
Certificate request completed. Your file is:
|
||||
req: $req_out
|
||||
|
||||
*Original* key: $key_in"
|
||||
|
||||
return 0
|
||||
} # => renew_req()
|
||||
|
||||
# revoke backend
|
||||
revoke() {
|
||||
# pull filename base:
|
||||
@ -4891,9 +4785,6 @@ case "$cmd" in
|
||||
gen-req)
|
||||
gen_req "$@"
|
||||
;;
|
||||
renew-req)
|
||||
renew_req "$@"
|
||||
;;
|
||||
sign|sign-req)
|
||||
[ "$alias_days" ] && export EASYRSA_CERT_EXPIRE="$alias_days"; :
|
||||
sign_req "$@"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user