diff --git a/.gitignore b/.gitignore index 1148130..24b9c14 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,6 @@ easyrsa3/pki +easyrsa3/unit-tests-temp +easyrsa-unit-tests.sh easyrsa3/vars dist-staging easyrsa3/safessl-easyrsa.cnf diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index fded6f8..e6e243d 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -100,7 +100,8 @@ cmd_help() { This mode uses the as the X509 CN." opts=" - nopass - do not encrypt the private key (default is encrypted)" ;; + nopass - do not encrypt the private key (default is encrypted) + inline - create an inline credentials file for this node" ;; revoke) text=" revoke [reason] Revoke a certificate specified by the filename_base, with an optional @@ -914,6 +915,7 @@ Run easyrsa without commands for usage and commands." while [ -n "$1" ]; do case "$1" in nopass) req_opts="$req_opts nopass" ;; + inline) EASYRSA_INLINE=1 ;; *) warn "Ignoring unknown command option: '$1'" ;; esac shift @@ -939,8 +941,35 @@ Matching file found at: " die "Failed to sign '$name'" } + # inline it + if [ $EASYRSA_INLINE ]; then + inline_creds + fi } # => build_full() +# Create inline credentials file for this node +inline_creds () +{ + [ -f "$EASYRSA_PKI/$EASYRSA_REQ_CN.creds" ] \ + && die "Inline file exists: $EASYRSA_PKI/$EASYRSA_REQ_CN.creds" + { + printf "%s\n" "# $crt_type: $EASYRSA_REQ_CN" + printf "%s\n" "" + printf "%s\n" "" + cat "$EASYRSA_PKI/ca.crt" + printf "%s\n" "" + printf "%s\n" "" + printf "%s\n" "" + cat "$crt_out" + printf "%s\n" "" + printf "%s\n" "" + printf "%s\n" "" + cat "$key_out" + printf "%s\n" "" + printf "%s\n" "" + } > "$EASYRSA_PKI/$EASYRSA_REQ_CN.creds" +} # => inline_creds () + # revoke backend revoke() { verify_ca_init @@ -1865,8 +1894,8 @@ up23_create_new_pki () up23_verbose ">> Copy database to NEW PKI .." # Failure for these is not optional - # DO NOT DELETE - Files ignored: index.txt.old - for i in index.txt serial serial.old ca.crt index.txt.attr + # Files ignored: index.txt.old serial.old + for i in index.txt serial ca.crt index.txt.attr do cp "$KEY_DIR/$i" "$EASYRSA_PKI" \ || up23_fail_upgrade "Failed to copy $KEY_DIR/$i to $EASYRSA_PKI"