commit 5aa65657e2fdda455a8549ed4f4e60cad6cf2389
Author: Matthias Andree <matthias.andree@gmx.de>
Date: Sun Oct 2 20:44:08 2022 +0200
Use POSIX [[:space:]] instead of \s for sed(1).
2nd half of fix for #714.
Obtained from: topical@gmx.net
URL: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266726
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Do not allow a known PKI folder <NAME> as --keep-tmp=<NAME>
Remove unnecessary random number extension.
Move all snapshots to sub-directory: $EASYRSA_TEMP_DIR/tmp/<NAME>
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Append the random 32bit number generated for temporary session directory
to the '--keep-tmp=NAME' directory NAME specified by the user.
This avoids obliterating a private keys directory.
Example:
With default settings, '--keep-tmp=private' will delete "$PKI/private".
This will now destroy any directory with the name:
* "$temp_dir/$NAME.$rand"
Closes: #707
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Do not require '--ns-cert=yes' (or no):
If '--ns-cert' is specified then Netscape support is being requested.
However, '--ns-cert=no' (or yes) will still work as expected.
if '--ns-cert' is used then '--ns-cert=yes' is the new default.
Remove 'awk_yesno()': Unnecessary complexity.
Reword 'help': The behavior is simplified and so is the help.
Closes: #698Closes: #709
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Move show_host() to cleanup() and only call it when die() was called.
This allows for confirm() Aborted to exit without extended error data.
Move detect_host after options processing. Allows for use of options.
eg: --verbose
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
When signing a request for an intermediate CA using --subca-len=N:
For a Sub-CA, the current method to apply 'pathlen:N' to CA basicConstraints
over-writes all user set basicConstraints.
Replace that with an awk script which reads the current x509-types/ca file;
selects the last occurence of 'basicConstraints' (As does OpenSSL) and then
prints that line, with ", pathlen:$EASYRSA_SUBCA_LEN" appended, into the
temporary x509-types/ca file.
If no CA basicConstraint is found then exit with an error. Reason:
Easy-RSA default CA basicConstrain will always be defined. If that is changed
by the user, who then attempts to use Easy-RSA to append 'pathlen' then that
is an error. Easy-RSA must not insert a default when the default has been
deliberately removed.
Closes: #691 - Original bug report.
Closes: #692 - First use of awk as a solution. [Credit]
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
build-x-full uses a subshell to detect errors and cleanup the files
if an error occurs. This does not work if Ctrl-C is pressed during
the confirmation yes/no dialog.
Replace the subshell with an indicator, $on_error_build_full_cleanup,
to force cleanup() to remove the CSR, key and certificate files when
an error occurs or user presses Ctrl-C.
Closes: #680
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
