nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add new inline file to command 'revoke' processes

Browse Source 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2023-01-02 20:28:44 +00:00
parent f5da984c49
commit ef9b3b8192
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 29 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
easyrsa3/easyrsa
View File

@ -2023,6 +2023,7 @@ Run easyrsa without commands for usage and command help."
key_in="$in_dir/private/$file_name_base.key" key_in="$in_dir/private/$file_name_base.key"
req_in="$in_dir/reqs/$file_name_base.req" req_in="$in_dir/reqs/$file_name_base.req"
creds_in="$in_dir/$file_name_base.creds" creds_in="$in_dir/$file_name_base.creds"
inline_in="$in_dir/inline/$file_name_base.inline"
# Assign possible "crl_reason" # Assign possible "crl_reason"
if [ "$1" ]; then if [ "$1" ]; then
@ -2094,13 +2095,18 @@ Cannot revoke this certificate because a conflicting file exists.
warn "\ warn "\
This process is destructive! This process is destructive!
These files will be moved to the 'revoked' storage sub-directory: These files will be MOVED to the 'revoked' storage directory:
* $crt_in${if_exist_key_in}${if_exist_req_in} * $crt_in${if_exist_key_in}${if_exist_req_in}
These files will be DELETED: These files will be DELETED:
* All PKCS files for commonName : $file_name_base All PKCS files for commonName : $file_name_base
* The inline credentials file : $creds_in
* The duplicate certificate : $duplicate_crt_by_serial" The inline credentials files:
* $creds_in
* $inline_in
The duplicate certificate:
* $duplicate_crt_by_serial"
confirm " Continue with revocation: " "yes" "\ confirm " Continue with revocation: " "yes" "\
Please confirm you wish to revoke the certificate Please confirm you wish to revoke the certificate
@ -2116,12 +2122,15 @@ with the following subject:
easyrsa_openssl ca -utf8 -revoke "$crt_in" \ easyrsa_openssl ca -utf8 -revoke "$crt_in" \
${crl_reason+ -crl_reason "$crl_reason"} \ ${crl_reason+ -crl_reason "$crl_reason"} \
${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} \ ${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} \
|| die "Failed to revoke certificate: revocation command failed." || die "\
Failed to revoke certificate: revocation command failed."
# move revoked files so we can reissue certificates with the same name # move revoked files
# so we can reissue certificates with the same name
revoke_move revoke_move
notice " * IMPORTANT * notice "\
* IMPORTANT *
Revocation was successful. You must run 'gen-crl' and upload a new CRL to your Revocation was successful. You must run 'gen-crl' and upload a new CRL to your
infrastructure in order to prevent the revoked certificate from being accepted." infrastructure in order to prevent the revoked certificate from being accepted."
@ -2172,17 +2181,25 @@ revoke_move() {
fi fi
done done
# remove the duplicate certificate in the certs_by_serial folder # remove the duplicate certificate
if [ -e "$duplicate_crt_by_serial" ]; then if [ -e "$duplicate_crt_by_serial" ]; then
rm "$duplicate_crt_by_serial" || warn "\ rm "$duplicate_crt_by_serial" || warn "\
Failed to remove the duplicate certificate in the certs_by_serial folder" Failed to remove the duplicate certificate:
* $duplicate_crt_by_serial"
fi fi
# remove credentials file (if exists) # remove credentials file
if [ -e "$creds_in" ]; then if [ -e "$creds_in" ]; then
confirm "Remove inline file ? " "yes" "An inline file exists. $creds_in"
rm "$creds_in" || warn "\ rm "$creds_in" || warn "\
Failed to remove inline file: $creds_in" Failed to remove credentials file:
* $creds_in"
fi
# remove inline file
if [ -e "$inline_in" ]; then
rm "$inline_in" || warn "\
Failed to remove inline file:
* $inline_in"
fi fi
return 0 return 0