nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Moved @ValdikSS's serial randomization to sign_req

Browse Source
This commit is contained in:
Martin Schmitt 2017-06-30 17:04:31 +02:00
parent 6436eaf8c1
commit e9e8e272e0
1 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
easyrsa3/easyrsa
View File

@ -569,6 +569,18 @@ sign_req() {
local req_in="$EASYRSA_PKI/reqs/$2.req" local req_in="$EASYRSA_PKI/reqs/$2.req"
local crt_out="$EASYRSA_PKI/issued/$2.crt" local crt_out="$EASYRSA_PKI/issued/$2.crt"
# Randomize Serial number
local i= serial= check_serial=
for i in 1 2 3 4 5; do
"$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial"
serial="$(cat "$EASYRSA_PKI/serial")"
check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)"
case "$check_serial" in
*"not present in db"*) break ;;
*) continue ;;
esac
done
# Support batch by internal caller: # Support batch by internal caller:
[ "$3" = "batch" ] && local EASYRSA_BATCH=1 [ "$3" = "batch" ] && local EASYRSA_BATCH=1
@ -661,17 +673,6 @@ Certificate created at: $crt_out
build_full() { build_full() {
verify_ca_init verify_ca_init
local i= serial= check_serial=
for i in 1 2 3 4 5; do
"$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial"
serial="$(cat "$EASYRSA_PKI/serial")"
check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)"
case "$check_serial" in
*"not present in db"*) break ;;
*) continue ;;
esac
done
# pull filename base: # pull filename base:
[ -n "$2" ] || die "\ [ -n "$2" ] || die "\
Error: didn't find a file base name as the first argument. Error: didn't find a file base name as the first argument.