* Remove SC2006 from shellcheck: bashism
* Put variable declarations on separate lines (SC1007)
* Remove "local" from Windows sh script (SC2039)
* Remove "x" variable define from read in Windows sh script (SC2034)
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
amkhiv was kind enough to point out I failed to fix the "local" syntax
removal from cmd_help(). tincantech has pointed this out and I intended
on fixing, but missed it.
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
Also, update the README to indicate master is development. People don't
seem to understand that.
Resolves#167
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
This is an alternative to the proposed patch in #154 and is easier to
read than the change.
Closes#154.
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
This clarifies the use of the file as specific to EasyRSA while also
closing the loop on the openssl version chase. No reason to have a
configuration file that is specific to openssl version at this point.
If the need arises, we'll do so in a sane fashion.
Resolves#159
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
Adding the --copy-ext option to copy request extension data. This will
resolve#60 and other Subject Alternative Name "issues" that have been
created.
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
The mv operation following the CRL creation isn't useful as there is no
temp file to move. Instead, create the temp file during CRL creation,
preventing a potential overwrite of a previous, valid, CRL.
Thanks go to matteo.guglielmi@epfl.ch for this patch (via email).
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
By default, field values are interpreted as ASCII but UTF-8 would be a
more reasonable default. Without the -utf8 flag, non-ASCII text gets
garbled without warning. ASCII text works fine either way.
When forming the OpenSSL config replacement text, gen_req() should not
alter the global variable as it is referred to again by sign_req() when
the wrapper-commands build-*-full are called.
This change localizes the replacement text to avoid competing over the
global variable.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Based-On: patch submitted by Joe Hu <i@sapika.ch>
Fixes: Issue #25
The command-line API for LibreSSL is currently identical to OpenSSL
1.0.1. This support is implemented in a case so any future version
distinctions can key off the features in the available implementation.
Such feature-specific support may become more important during the 3.1
development cycle where 0.9.x OpenSSL cannot handle newer features.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Fixes: #48
Adds the 'set-rsa-pass' and 'set-ec-pass' commands. Both are able to set
or remove a passphrase, and can optionally act on a direct file path
instead of a relative filename base name.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
The prior warn/fallback to rsa didn't work, and fallback is probably the
wrong thing to do, especially for batch callers. It is now an error to
supply an invalid value.
No need to export the EASYRSA_ALGO_PARAMS either.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
The --batch CLI arg now takes no options and enables batch-mode when
present.
init-pki no longer takes a 'force' value which did the same as --batch.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
