diff --git a/ChangeLog b/ChangeLog index e84c089..023a17f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,11 +1,13 @@ Easy-RSA 3 ChangeLog 3.1.1 (TBD) + * Remove renew-req (#684) * Re-enable use of '--vars=FILE init-pki' #640 (Revert #566) * Introduce --keep-tmp, keep temp files for debugging (#667) * Introduce Quiet mode option -q|--quiet, disable information output 8b7e79096b18afc5c61bfbaee204c1f7401f0019 * Introduce renew-req, create a new CSR for an existing key (#616) + Superseded by #684 * Add serialNumber (OID 2.5.4.5) to DN 'org' mode (#606) * Support ampersand and dollar-sign in vars file (#590) * Introduce 'rewind-renew' (#579) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index fb578b4..ecb876c 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -36,7 +36,6 @@ Here is the list of commands available with a short syntax reminder. Use the build-server-full [ cmd-opts ] build-serverClient-full [ cmd-opts ] revoke [cmd-opts] - renew-req [cmd-opts] renew [cmd-opts] renewable [ ] revoke-renewed [cmd-opts] @@ -109,17 +108,6 @@ cmd_help() { * gen-dh Generates DH (Diffie-Hellman) parameters" - ;; - renew-req) - text=" -* renew-req [ cmd-opts ] - - Generate a certificate signing request [CSR] from an existing private key. - - This request is suitable for sending to a remote CA for signing." - - opts=" - * text - Include certificate text in request" ;; gen-req) text=" @@ -1860,100 +1848,6 @@ inline_creds () } > "$inline_file" } # => inline_creds () -# renew-req backend: -# Create a new CSR with existing private key -renew_req() { - # pull filename base and use as default interactive CommonName: - [ "$1" ] || die "\ -Error: gen-req must have a file base as the first argument. -Run easyrsa without commands for usage and commands." - - key_in="$EASYRSA_PKI/private/$1.key" - req_out="$EASYRSA_PKI/reqs/$1.req" - - # Set the request commonName - EASYRSA_REQ_CN="$1" - shift - - # Verify PKI has been initialised - verify_pki_init - - # function opts support - unset -v text nopass ssl_batch - while [ "$1" ]; do - case "$1" in - text) text=1 ;; - nopass) nopass=1 ;; - *) warn "Ignoring unknown command option: '$1'" - esac - shift - done - - # an existing private key must exist - [ -f "$key_in" ] || die "Private key required: $key_in" - - # don't wipe out an existing request without confirmation - [ -f "$req_out" ] && confirm "Confirm request overwrite: " "yes" "\ - -WARNING!!! - -An existing request file was found at $req_out -Continuing with request generation will replace this request file." - - # When EASYRSA_EXTRA_EXTS is defined, append it to openssl's [req] section: - if [ "$EASYRSA_EXTRA_EXTS" ]; then - # Setup & insert the extra ext data keyed by a magic line - extra_exts=" -req_extensions = req_extra -[ req_extra ] -$EASYRSA_EXTRA_EXTS" - # shellcheck disable=SC2016 # vars don't expand in single quote - awkscript=' -{if ( match($0, "^#%EXTRA_EXTS%") ) - { while ( getline<"/dev/stdin" ) {print} next } - {print} -}' - conf_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file" - print "$extra_exts" | \ - awk "$awkscript" "$EASYRSA_SSL_CONF" \ - > "$conf_tmp" \ - || die "Copying SSL config to temp file failed" - # Use this new SSL config for the rest of this function - EASYRSA_SSL_CONF="$conf_tmp" - fi - - # Name temp files - req_out_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file" - - # Set Edwards curve name or elliptic curve parameters file - algo_opts="" - if [ "ed" = "$EASYRSA_ALGO" ]; then - algo_opts="$EASYRSA_CURVE" - else - algo_opts="$EASYRSA_ALGO:$EASYRSA_ALGO_PARAMS" - fi - - # Generate request - easyrsa_openssl req -utf8 -batch -new \ - -key "$key_in" -out "$req_out_tmp" \ - ${nopass+ "$no_password"} \ - ${text+ -text} \ - ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} \ - || die "Failed to generate request" - - # Move temp-files to target-files - mv "$req_out_tmp" "$req_out" - - # Success messages - notice "\ -Certificate request completed. Your file is: -req: $req_out - -*Original* key: $key_in" - - return 0 -} # => renew_req() - # revoke backend revoke() { # pull filename base: @@ -4891,9 +4785,6 @@ case "$cmd" in gen-req) gen_req "$@" ;; - renew-req) - renew_req "$@" - ;; sign|sign-req) [ "$alias_days" ] && export EASYRSA_CERT_EXPIRE="$alias_days"; : sign_req "$@"