nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

build-ca: Assign default sub-CA commonName and enable SSL interactive

Browse Source 
Squashed commit of the following:

commit 5e9609873a01dd358e3a4c6928fc553e5257d8ea
Merge: ed54b1a 42bfae4
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date:   Sun Aug 28 14:44:13 2022 +0100

    Merge branch 'subca-default-cn' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-subca-default-cn

    Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

commit 42bfae4673996307107964be0fc8b15883072d31
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date:   Sat Aug 27 13:20:41 2022 +0100

    build-ca: Assign default sub-CA commonName and enable SSL interactive

    When building a CA/SubCA, if a commonName has not been assigned by --req-cn
    then assign a default commonName, of either:
    * 'Easy-RSA CA' or 'Easy-RSA Sub-CA'.

    If a default commonName has been assigned then use SSL interactive mode
    to edit/confirm each of the subject fields individually. Otherwise, use
    EasyRSA to confirm all of the subject fields with a single prompt.

    Closes: #659

    Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2022-08-28 16:36:28 +01:00
parent ed54b1abd0
commit df37955f4a
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
easyrsa3/easyrsa
View File

@ -472,7 +472,7 @@ Distinguished Name mode:
--dn-mode=MODE : Distinguished Name mode to use 'cn_only' or 'org'
(Default: 'cn_only')
--req-cn=NAME : Set commonNama for CA/SubCA ONLY. Default 'Easy-RSA CA'
--req-cn=NAME : Set commonName for CA/SubCA ONLY. Default 'Easy-RSA CA'
Distinguished Name Organizational options: (only used with '--dn-mode=org')
--req-c=CC : country code (2-letters)
@ -1249,13 +1249,20 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
printf '%s\n' "01" > "$EASYRSA_PKI/serial" || die "$err_file"
# Default CA commonName
[ "$EASYRSA_REQ_CN" = ChangeMe ] && export EASYRSA_REQ_CN="Easy-RSA CA"
if [ "$EASYRSA_REQ_CN" = ChangeMe ]; then
if [ "$sub_ca" ]; then
export EASYRSA_REQ_CN="Easy-RSA Sub-CA"
else
export EASYRSA_REQ_CN="Easy-RSA CA"
fi
unsest -v ssl_batch
else
# Do not use prompting from SSL config
ssl_batch=1
fi
# Get user confirmation here, not while in SSL
if [ "$EASYRSA_BATCH" ]; then
if [ "$EASYRSA_BATCH" ] || [ -z "$ssl_batch" ]; then
: # ok
else
case "$EASYRSA_DN" in