easyrsa

Author	SHA1	Message	Date
Richard T Bonhomme	d0019deb25	Current 'set-X-pass' commands do not support Edwards Curve cryptography. Replace all 'set-X-pass' commands with single 'set-pass' command. The new EasyRSA 'set-pass' command uses OpenSSL command 'pkey' to manipulate private keys. OpenSSL 'pkey' command supports all EasyRSA cryptography. Retain compatibility with old commands. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-10 23:31:15 +00:00
Richard T Bonhomme	00e93d0abd	Require unique random serial number for certificate or fail Squashed commit of the following: commit 7bdc3cdfbf4ac11dc5ff6377b1b32306fc50bc66 Merge: 320a324 7fa4ec9 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Thu Nov 10 19:41:31 2022 +0000 Merge branch 'fix-random-cert-serial' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-fix-random-cert-serial Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 7fa4ec9e3155f8b54648226397ef73f9086779d1 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Thu Nov 10 19:27:37 2022 +0000 Require unique random serial number for certificate or fail This only effects Random certificate serial numbers: EASYRSA_RAND_SN (EASYRSA_RAND_SN is the Easy-RSA default mode) Previously, no matter if a _unique_ random serial number was generated, sign_req() would always use the last random number generated, as serial number for the new certificate. This behaviour also allowed _complete failure_ of the SSL serial number check to pass without error. This change allows signing a request to succeed ONLY when a unique serial number has been generated and validated. A failure of the SSL CA unique serial number check will NOT be ignored. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-10 20:41:55 +00:00
Richard T Bonhomme	320a324965	New function: easyrsa-random() - Generate random hexadecimal data Squashed commit of the following: commit cb68324306febcddf7ef03fe56fc1eddf06e7db7 Merge: 82483f1 2199d0c Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Wed Nov 9 21:19:41 2022 +0000 Merge branch 'f-easyrsa_random' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-f-easyrsa_random Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 2199d0c323e506df436a335375be9115a12d6b7f Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Wed Nov 9 21:05:17 2022 +0000 Minor improvements to temp-session and temp-file Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit aa15b74722632ecab14c07ba9f2158d121e55d4f Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Wed Nov 9 20:35:43 2022 +0000 New function: easyrsa-random() - Generate random hexadecimal data Replace the various random requirements with this new function. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-09 21:21:05 +00:00
Richard T Bonhomme	82483f103e	Improve detect_host() and show_host() Squashed commit of the following: commit 5d48d39891b8ecd8c34f6faef1de06d327ed2b18 Merge: c905f09 2cfc18c Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Thu Nov 3 21:56:48 2022 +0000 Merge branch 'restrain-detect_host' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-restrain-detect_host Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 2cfc18c46bb23d1a2e88502ee76faf373f848155 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Thu Nov 3 21:15:09 2022 +0000 Improve detect_host() and show_host() These changes make reductions to: - The effects of detect_host() - The output of show_host() detect_host: - Does not set an SSL library. - Is not essential, so can be run before all other essential code. show_host: - Only show extended details for -v 'verbose' output. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-03 21:59:56 +00:00
Richard T Bonhomme	c905f0929a	Introduce global option '--nopass\|--no-pass' Squashed commit of the following: commit 3bff869d3058b2d8d2e21b572dfed6bac773ffe8 Merge: dbb8517 1652f20 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Thu Nov 3 19:55:34 2022 +0000 Merge branch 'new-global-opt-nopass' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-new-global-opt-nopass Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 1652f20e88ae72e731d8e6001d561d10aebdb780 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Wed Nov 2 17:46:54 2022 +0000 Introduce global option '--nopass\|--no-pass' (#752) Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 7817324cbb31baf922724e46d5a50947b0b649d6 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Wed Nov 2 17:29:41 2022 +0000 Introduce global option '--nopass\|--no-pass' This change forces all commands where passwords are not desired, to internally rely on the specific EasyRSA variable 'EASYRSA_NO_PASS'. Current use of 'nopass' as a command option, is unchanged. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-03 19:56:34 +00:00
Richard T Bonhomme	dbb851736a	print_version(): Redirect stderr for "openssl" call Squashed commit of the following: commit 6ed16cd3860a1cf155c48809d11b55101ff66224 Merge: 4472516 94f6402 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Tue Nov 1 22:51:33 2022 +0000 Merge branch 'redir-stderr-version' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-redir-stderr-version Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 94f6402c64b9d11da34c93d06b62a00b2ad2fe40 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Tue Nov 1 20:51:26 2022 +0000 print_version(): Redirect stderr for "openssl" call This redirects stderr message generated by missing config file, specifically for LibreSSL. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-01 22:52:48 +00:00
Richard T Bonhomme	4472516e24	Reset option flag check 'number_only' per option Squashed commit of the following: commit 4aada5ffcd8cff893618bbbfe24f589f33665352 Merge: 439cdc1 6f8ba1e Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Mon Oct 31 00:31:56 2022 +0000 Merge branch 'bugfix-number-only' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-bugfix-number-only Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 6f8ba1e608d5223efa9dd296ed2c61418da991aa Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Sun Oct 30 23:56:46 2022 +0000 Reset option flag check 'number_only' per option Closes: #747 Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-31 00:34:42 +00:00
Richard T Bonhomme	439cdc15b7	Merge branch 'TinCanTech-case-int-sub-ca' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-30 23:23:47 +00:00
Richard T Bonhomme	94331a4ad0	Merge branch 'case-int-sub-ca' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-case-int-sub-ca Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-30 23:23:01 +00:00
Richard T Bonhomme	19b468c8f8	Minor style change Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-30 23:16:38 +00:00
Richard T Bonhomme	89a33bcbe0	Introduce global option '--notext\|--no-text' (#745 ) Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-30 20:02:10 +00:00
Richard T Bonhomme	57f418d8a1	Merge branch 'TinCanTech-add-global-notext' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-30 19:52:47 +00:00
Richard T Bonhomme	6ed6b910d7	Merge branch 'add-global-notext' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-add-global-notext Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-30 19:51:49 +00:00
Richard T Bonhomme	b6b909bbab	Introduce global option '--notext\|--no-text' Global option '--notext\|--no-text': Disable the output of human readable text into certificate files, when signing a request file. Closes: #624 Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-30 19:31:24 +00:00
Richard T Bonhomme	16f094c3b5	Merge branch 'TinCanTech-hard-reset-unset-found_vars' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-28 00:36:02 +01:00
Richard T Bonhomme	327469e518	Merge branch 'hard-reset-unset-found_vars' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-hard-reset-unset-found_vars Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-28 00:35:09 +01:00
Richard T Bonhomme	47e8eaa1b0	For 'init-pki hard' only, always try to create a new pki/vars file This simplifies the code for 'init-pki soft', which deliberately saves the 'pki/vars' file. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-28 00:05:10 +01:00
Richard T Bonhomme	e6638a902b	Merge branch 'TinCanTech-improve-find_x509_types_dir' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-27 23:32:32 +01:00
Richard T Bonhomme	81ed0497b0	Merge branch 'improve-find_x509_types_dir' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-improve-find_x509_types_dir Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-27 23:31:21 +01:00
Richard T Bonhomme	7eea5f35a5	Remove function find_x509_types_dir() Move the function purpose back to function install_data_to_pki(). This means that there is only one list of sources to maintain. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-27 22:54:25 +01:00
Richard T Bonhomme	fc856cc444	Merge branch 'TinCanTech-trim-find_x509_types_dir' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-27 17:44:42 +01:00
Richard T Bonhomme	cf489e3fb0	Merge branch 'trim-find_x509_types_dir' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-trim-find_x509_types_dir Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-27 17:43:58 +01:00
Richard T Bonhomme	c379603cfd	find_x509_types_dir(): Remove excess checks Remove check for '$EASYRSA_PKI' folder 'x509-types', because it is the first element on the subsequent 'for' list. Remove check for hard coded 'pki' folder 'x509-types', because it will over-ride option '--pki-dir=<DIR>'. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-27 03:08:43 +01:00
Richard T Bonhomme	5063eeb2a5	Merge branch 'TinCanTech-renew-remove-nopass' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-26 23:45:42 +01:00
Richard T Bonhomme	fdbe1d709e	Merge branch 'renew-remove-nopass' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-renew-remove-nopass Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-26 23:44:31 +01:00
Richard T Bonhomme	ada7bb41f6	Command 'renew': Remove option 'nopass' Command 'renew' no longer builds new keys, therefore, the option 'nopass' is not required. Closes: #740 Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-26 23:22:16 +01:00
Richard T Bonhomme	db33add56a	Command 'help': For unknown command, exit with error. Added ChangeLog notice. Squashed commit of the following: commit de8f9e689e6409b606f112067754c28e3eef1d1d Merge: ab7c480 0753241 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Wed Oct 26 21:45:29 2022 +0100 Merge branch 'help-err-exit' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-help-err-exit Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 0753241b0c45311475822d05ce492ef925423dad Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Tue Oct 25 21:52:49 2022 +0100 Command 'help': For unknown command, exit with error. Closes: #736 Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-26 21:48:45 +01:00
Richard T Bonhomme	ab7c4804fb	Minor refactor of secure_session() and easyrsa_mktemp() Squashed commit of the following: commit b93c8e60649d835b66fc4ab2c1d6050e6b1ca231 Merge: 17cbf07 130c161 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Wed Oct 26 21:08:00 2022 +0100 Merge branch 'easyrsa-mktemp' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-easyrsa-mktemp Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 130c161746d8e7885c7c3a86b8d29d28476b3890 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Wed Oct 26 20:00:56 2022 +0100 Minor refactor of secure_session() and easyrsa_mktemp() Return without error on successful completion of final command. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-26 21:08:54 +01:00
Richard T Bonhomme	17cbf07b29	ChangeLog: Find data-files in the correct order (#727 ) Squashed commit of the following: commit cd3ef9f218ba9e2862914ad9846dc674d5b89ea6 Merge: 368de14 8a8136b Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Tue Oct 25 21:04:16 2022 +0100 Merge branch 'changlog-725' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-changlog-725 Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 8a8136b20a4465b53d4bd59eff4b638af57a5d5b Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Tue Oct 25 20:03:49 2022 +0100 ChangeLog: Find data-files in the correct order (#727) Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-25 21:05:11 +01:00
Richard T Bonhomme	368de14fc1	vars.example: Remove EASYRSA_REQ_CN and EASYRSA_TEMP_FILE Squashed commit of the following: commit c27825c3bc5dddaeb3749d7a315a77239146ad22 Merge: 02f13f6 93da550 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Tue Oct 25 20:50:44 2022 +0100 Merge branch 'vars-remove-req-cn' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-vars-remove-req-cn Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 93da55003cee29695616d01243aecddcf7954c25 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Fri Oct 21 21:10:08 2022 +0100 vars.example: Minor corrections and formatting Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 9976f3f0d13a73827052f490438b95153a1b7576 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Fri Oct 21 20:57:07 2022 +0100 vars.example: Remove EASYRSA_TEMP_FILE Closes: #729 Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 8a35375f84ab88b6f009e5971ddb7358f6619a03 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Fri Oct 21 20:44:53 2022 +0100 vars.example: Remove EASYRSA_REQ_CN Closes: #730 Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-25 20:51:51 +01:00
Richard T Bonhomme	02f13f6064	Find data-files in the correct order (#727 ) Squashed commit of the following: commit 136484f3ed28d57bf4244d9c716b8daa1cd9a8a7 Merge: 2083fb2 cae6357 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Tue Oct 18 19:44:17 2022 +0100 Merge branch 'fix-order-725' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-fix-order-725 Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit cae6357c63b473e33e31620264bef4ede596ffac Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Sun Oct 16 22:52:44 2022 +0100 Find data-files in the correct order With this change the PKI becomes the 'preferred' location for data-files. All other supported locations are searched by specific order. While this new order is the correct 'preferred' order, the associated code install_data_to_pki() needs to be simplified. Closes: #725 Closes: #723 Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-18 19:44:56 +01:00
Eric F Crist	2083fb29b5	update ChangeLog for today's v3.1.1 release Signed-off-by: Eric F Crist <ecrist@secure-computing.net>	2022-10-13 06:28:23 -05:00
Richard T Bonhomme	72cfbd2cd0	Refactor option parser: Use $number_only to verify $val is numeric Compress repeated numeric checks. Reformat case statement. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-12 23:56:05 +01:00
Richard T Bonhomme	95af4f0a30	Documentation updates (No functional changes) Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-12 23:47:11 +01:00
Richard T Bonhomme	6472160152	Doc: Correct version requirements (Replace 3.1.2+ with 3.1.1+) Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-09 19:46:53 +01:00
Richard T Bonhomme	cb3859be70	Merge branch 'TinCanTech-init-pki-soft' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-09 18:47:48 +01:00
Richard T Bonhomme	d9268ca7eb	Merge branch 'init-pki-soft' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-init-pki-soft Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-09 18:47:03 +01:00
Richard T Bonhomme	829a098950	Merge branch 'TinCanTech-doc-contrib-update' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-09 18:45:29 +01:00
Richard T Bonhomme	fa0a8f3e77	Merge branch 'doc-contrib-update' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-doc-contrib-update Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-09 18:44:39 +01:00
Richard T Bonhomme	b7199ec19a	init-pki soft: Include delete of revoked and renewed sub-directories Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-08 20:58:22 +01:00
Richard T Bonhomme	9cda05613c	Doc: EasyRSA-Contributing.md - Update Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-08 18:17:31 +01:00
Richard T Bonhomme	fc39a6b425	doc: Add EasyRSA-Contributing.md Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-07 15:15:09 +01:00
Richard T Bonhomme	ec7aaaed1f	Merge branch 'mandree-master' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-03 19:31:21 +01:00
Richard T Bonhomme	586f237897	Squashed commit of the following: commit 5aa65657e2fdda455a8549ed4f4e60cad6cf2389 Author: Matthias Andree <matthias.andree@gmx.de> Date: Sun Oct 2 20:44:08 2022 +0200 Use POSIX [[:space:]] instead of \s for sed(1). 2nd half of fix for #714. Obtained from: topical@gmx.net URL: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266726 Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-03 19:30:39 +01:00
Richard T Bonhomme	71de656090	Merge branch 'TinCanTech-remove-renewable' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-02 18:54:58 +01:00
Richard T Bonhomme	03d974a064	Merge branch 'remove-renewable' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-remove-renewable Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-02 18:54:08 +01:00
Richard T Bonhomme	0d03a6f657	Remove obsolete command 'renewable' All valid certificates are renewable. Closes: #714 Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-02 17:56:39 +01:00
Richard T Bonhomme	781c40ea8b	Merge branch 'TinCanTech-doc-x509-types' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-09-28 16:46:29 +01:00
Richard T Bonhomme	70958e0f88	Merge branch 'doc-x509-types' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-doc-x509-types Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-09-28 16:45:36 +01:00
Richard T Bonhomme	4a04e5a5d9	Merge branch 'TinCanTech-update-ns-support' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-09-28 16:39:04 +01:00

... 3 4 5 6 7 ...

1518 Commits