The input data, when a certificate is not found, was an unpunctuated
numerical representation of date. eg: '220613123456'.
Format this input to: '22-06-13 12:34:56' for use.
Also, disambiguate between certificate-data verses database-data
by renaming the database variables from 'crt_foo' to 'db_foo'.
Also, disambiguate between full-date verses epoch-date-seconds
by renaming epoch-date-seconds variables from 'foo' to 'foo_s'.
Also, improvements to status reports output format.
Also, improve related comments.
Closes: #568
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
New function: verify_algo_params()
Verify algorithm and parameters in a single function.
Remove verify_curve_ec() and verify_curve_ed()
Place verify_algo_params() at the end of vars_setup().
No longer use a dedicated directory for Elliptic curve
parameters file. Instead, use an easyrsa-temp file.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Flags are set when a 'vars' file is found:
eg. [ -e "$pki_vars" ] && e_pki_vars=1
Use flag '$e_pki_vars' not the target file variable '$pki_vars' for
subsequent code decisions. Unset '$pki_vars', once it us used.
The same goes for: '$prog_vars', '$pwd_vars' and '$easy_vars'.
Closes: #567
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This check ensures the a valid command does not sneak a missing but
expected 'vars' file through 'vars' detection phase.
Move detect_host() and expand the comment.
Minor reformatting, for readability.
Improve/update comments.
Stage-3-of: #566
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Undo changes made by 4922cae2637ff1d6247840a800f3c691aa7eb7ab
which allowed '--vars=FILE init-pki'.
Keep the changes to user output which suppress messages to "use PKI/vars".
Stage-2-of: #566
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Using option '--vars=file' now sets variable 'user_vars_true'.
When 'user_vars_true' then do not create a conflicting PKI/vars.
Also, remove vars-file warnings when 'user_vars_true'.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This allows verify_cert() to show the status and, optionally, return an
error (1) on "failure to verify" to a calling program.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Backport the patch from a4e37cfe54167cca2610aa401b06caae6fa4f724 to 3.0
that fixes the data arguments on Darwin and BSD. Patch originally
authored by @tincantech.
Update .gitignore to ignore macOS .DS_Store files.
Update ChangeLog for v3.0.9 release
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
Used with 'renew' to extend the grace period before allowing certificates
to be renewed.
Used with 'show-expire' to extend the period of the search for certificates
which are close to expiring.
Also, correct some comments and minor formatting changes.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Doesn't seem to work - Win7 is EOL and not really worth a lot of time
debugging. Users should use v3.0.9 of EasyRSA which includes OpenSSL
1.1.1o which should work.
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
Compiled OpenSSL 3.0.3 from github for both 64 and 32 bit Windows. Ran
the wop-test.sh script and passed tests:
* Easy-RSA Unit Tests:
* Windows, no OpenSSL-v3
* System SSL enabled
easyrsa-unit-tests.sh version: 2.3.0
* setup unit-test - ok
* shellcheck abandoned
* >>> BEGIN unit tests:
* >>>>>>: sh C:/Users/ecrist/Desktop/3.1.0-64/easy-rsa/easyrsa-unit-tests.sh -v
easyrsa-unit-tests.sh version: 2.3.0
easyrsa-unit-tests.sh source: localhost
easyrsa source: C:/Users/ecrist/Desktop/3.1.0-64/easy-rsa/easyrsa3/easyrsa
* EASYRSA_OPENSSL:
openssl (env)
OpenSSL 3.0.3 3 May 2022 (Library: OpenSSL 3.0.3 3 May 2022)
EasyRSA Version Information
Version: ~VER~
Generated: ~DATE~
SSL Lib: OpenSSL 3.0.3 3 May 2022 (Library: OpenSSL 3.0.3 3 May 2022)
Git Commit: ~GITHEAD~
Source Repo: https://github.com/OpenVPN/easy-rsa
Setup .. ok
>>>>> >>>>> Begin easyrsa rsa tests
... Lots of tests here.
<<<<< <<<<< End easyrsa ed tests
easyrsa-unit-tests.sh version: 2.3.0
easyrsa-unit-tests.sh source: localhost
easyrsa source: C:/Users/ecrist/Desktop/3.1.0-64/easy-rsa/easyrsa3/easyrsa
* EASYRSA_OPENSSL:
openssl (env)
OpenSSL 3.0.3 3 May 2022 (Library: OpenSSL 3.0.3 3 May 2022)
Unit-test: cleanup
Remove temp dir: C:/Users/ecrist/Desktop/3.1.0-64/easy-rsa/easyrsa3/unit tests
Completed Thu May 5 08:28:30 Central Daylight Time 2022 (Total errors: 0)
* OK
* <<< END unit tests:
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
Not all the places I want to build the distribution symlink python to
the python3 binary (namely macOS) so just call python3 directly.
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
