Upgrade script bug fixes
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
This commit is contained in:
Eric F Crist
commit
d91486b4f4
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,4 +1,6 @@
|
||||
easyrsa3/pki
|
||||
easyrsa3/unit-tests-temp
|
||||
easyrsa-unit-tests.sh
|
||||
easyrsa3/vars
|
||||
dist-staging
|
||||
easyrsa3/safessl-easyrsa.cnf
|
||||
|
||||
@ -100,7 +100,8 @@ cmd_help() {
|
||||
|
||||
This mode uses the <filename_base> as the X509 CN."
|
||||
opts="
|
||||
nopass - do not encrypt the private key (default is encrypted)" ;;
|
||||
nopass - do not encrypt the private key (default is encrypted)
|
||||
inline - create an inline credentials file for this node" ;;
|
||||
revoke) text="
|
||||
revoke <filename_base> [reason]
|
||||
Revoke a certificate specified by the filename_base, with an optional
|
||||
@ -914,6 +915,7 @@ Run easyrsa without commands for usage and commands."
|
||||
while [ -n "$1" ]; do
|
||||
case "$1" in
|
||||
nopass) req_opts="$req_opts nopass" ;;
|
||||
inline) EASYRSA_INLINE=1 ;;
|
||||
*) warn "Ignoring unknown command option: '$1'" ;;
|
||||
esac
|
||||
shift
|
||||
@ -939,8 +941,35 @@ Matching file found at: "
|
||||
die "Failed to sign '$name'"
|
||||
}
|
||||
|
||||
# inline it
|
||||
if [ $EASYRSA_INLINE ]; then
|
||||
inline_creds
|
||||
fi
|
||||
} # => build_full()
|
||||
|
||||
# Create inline credentials file for this node
|
||||
inline_creds ()
|
||||
{
|
||||
[ -f "$EASYRSA_PKI/$EASYRSA_REQ_CN.creds" ] \
|
||||
&& die "Inline file exists: $EASYRSA_PKI/$EASYRSA_REQ_CN.creds"
|
||||
{
|
||||
printf "%s\n" "# $crt_type: $EASYRSA_REQ_CN"
|
||||
printf "%s\n" ""
|
||||
printf "%s\n" "<ca>"
|
||||
cat "$EASYRSA_PKI/ca.crt"
|
||||
printf "%s\n" "</ca>"
|
||||
printf "%s\n" ""
|
||||
printf "%s\n" "<cert>"
|
||||
cat "$crt_out"
|
||||
printf "%s\n" "</cert>"
|
||||
printf "%s\n" ""
|
||||
printf "%s\n" "<key>"
|
||||
cat "$key_out"
|
||||
printf "%s\n" "</key>"
|
||||
printf "%s\n" ""
|
||||
} > "$EASYRSA_PKI/$EASYRSA_REQ_CN.creds"
|
||||
} # => inline_creds ()
|
||||
|
||||
# revoke backend
|
||||
revoke() {
|
||||
verify_ca_init
|
||||
@ -1865,8 +1894,8 @@ up23_create_new_pki ()
|
||||
|
||||
up23_verbose ">> Copy database to NEW PKI .."
|
||||
# Failure for these is not optional
|
||||
# DO NOT DELETE - Files ignored: index.txt.old
|
||||
for i in index.txt serial serial.old ca.crt index.txt.attr
|
||||
# Files ignored: index.txt.old serial.old
|
||||
for i in index.txt serial ca.crt index.txt.attr
|
||||
do
|
||||
cp "$KEY_DIR/$i" "$EASYRSA_PKI" \
|
||||
|| up23_fail_upgrade "Failed to copy $KEY_DIR/$i to $EASYRSA_PKI"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user