easyrsa

Author	SHA1	Message	Date
Richard T Bonhomme	2f1fa20632	Merge branch 'bugfix-build-ca-openssl-easersa-cnf' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-bugfix-build-ca-openssl-easersa-cnf Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-21 21:15:51 +00:00
Richard T Bonhomme	4b3458b979	build-ca: Change FATAL error to warning for old openssl-easyrsa.cnf This will only effect a CA built with custom EASYRSA_EXTRA_EXTS; The solution being, to use the correct 'openssl-easyrsa.cnf'. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-21 13:49:54 +00:00
Richard T Bonhomme	fc8c1c4b2a	Merge branch 'TinCanTech-formalise-cleanup-exit' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-20 20:29:30 +00:00
Richard T Bonhomme	a320b291d6	Merge branch 'formalise-cleanup-exit' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-formalise-cleanup-exit Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-20 20:28:53 +00:00
Richard T Bonhomme	5ea6177338	Wrap more long lines Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-20 20:25:14 +00:00
Richard T Bonhomme	fc4bcb6184	cleanup(): General improvements - Create KNOWN error exit Where errors are known, exit via 'Known' branch. Allow preset error number to propagate. Long line wrapping. Shorten associated variable names. Move clearing traps to within cleanup(). Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-20 20:06:26 +00:00
Richard T Bonhomme	0fd88d65a3	Merge branch 'TinCanTech-renew-over-shift' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-18 21:53:51 +00:00
Richard T Bonhomme	902d8e18e5	Merge branch 'renew-over-shift' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-renew-over-shift Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-18 21:53:10 +00:00
Richard T Bonhomme	e4b02a1dcb	Function safe_set_var(): Hard exit for unexpected errors Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-17 22:40:56 +00:00
Richard T Bonhomme	6e0a9c78c4	Wrap long lines hide_read_pass() get_passphrase() Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-17 22:38:12 +00:00
Richard T Bonhomme	1cf4cce432	Renew: wrap long lines in related functions Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-17 22:35:13 +00:00
Richard T Bonhomme	a815f39847	Function renew_move(): Ignore non-essential file removal errors Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-17 22:27:39 +00:00
Richard T Bonhomme	4c8a4e8765	Command renew: Require CSR as input file and refactor verification Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-17 21:51:39 +00:00
Richard T Bonhomme	b4dc2ad0ea	Command renew: Process options correctly and minor improvements Process options correctly: * This removes an errant 'shift' when processing options. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-17 21:45:23 +00:00
Richard T Bonhomme	97fec2de61	Merge branch 'TinCanTech-win-build-ca' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-15 19:57:34 +00:00
Richard T Bonhomme	74e512252c	Merge branch 'win-build-ca' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-win-build-ca Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-15 19:56:55 +00:00
Richard T Bonhomme	0ce126a289	build-ca: Error-exit on failure to write temp-CA-passphrase files Also, prototype easyrsa_mktemp() errors. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-13 00:02:28 +00:00
Richard T Bonhomme	9a495f7bd3	build-ca: Use OpenSSL '-passout' with EasyRSA '--passout' correctly Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-12 21:22:44 +00:00
Richard T Bonhomme	0063de0d88	Allow default CA generation method to be unit-tested If 'easyrsa' is being run by the unit-test then allow the default method for 'build-ca' to be exercised. The default 'easyrsa' method is to use temp-files, generated by EasyRSA, to pass the CA passphrase, provided by the user, to the SSL command. The normal 'unit-test' method to use a passphrase is to configure EasyRSA ommand line options '--passin' and '--passout'. The change made here is to simulate user-interaction and to supply a default passphrase, as a user, to the SSL command. To NOT use EasyRSA command line options to set any passphrase. ONLY when being run by the unit-test. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-11 22:37:40 +00:00
Richard T Bonhomme	8ae6bca3dc	Windows, build-ca: Add input password to re-open private key Using OpenSSL 3.0.7, packaged by OpenVPN Windows installer, causes EasyRSA command 'build-ca' to fail, because it does not have an input password to re-open the private key, which is required to generate the CA certificate. Provide the user specified CA passphrase as input password for build-ca. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-11 22:29:35 +00:00
Richard T Bonhomme	bec781d3fe	Merge branch 'TinCanTech-sanatize_and_set_var' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-11 12:56:23 +00:00
Richard T Bonhomme	b5228f76d0	Merge branch 'sanatize_and_set_var' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-sanatize_and_set_var Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-11 12:55:38 +00:00
Richard T Bonhomme	d3f4cb4d02	ssl_cert_not_after_date(): Use safe_set_var() Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-10 14:26:46 +00:00
Richard T Bonhomme	ec184ca49e	ssl_cert_not_before_date(): Use safe_set_var() Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-10 14:14:19 +00:00
Richard T Bonhomme	8f71f71d8e	build-ca: Use safe_set_var() Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-10 13:29:56 +00:00
Richard T Bonhomme	b578efcb50	New function safe_set_var(): Safe wrapper for set_var() When using set_var() with a variable as in input for name of the variable, use this wrapper to verify the input is suitable as a variable name. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-10 13:17:39 +00:00
Richard T Bonhomme	8ca58f11ad	Merge branch 'TinCanTech-index-expire' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-10 00:22:13 +00:00
Richard T Bonhomme	fcac1fe499	Merge branch 'index-expire' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-index-expire Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-10 00:21:20 +00:00
Richard T Bonhomme	01ded61201	Wrap long lines for code close by to status report functions Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-09 22:48:11 +00:00
Richard T Bonhomme	abad51a4f3	Status reports: Recognise Expired certificates Command show-expire: Improve report outut to show 'expired: <date>' for expired certificates. Otherwise, show 'expires: <date>' for currently Valid certicates. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-09 22:26:58 +00:00
Richard T Bonhomme	3ce9272e3a	easyrs_openssl(): Correct comment only Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-08 02:03:29 +00:00
Richard T Bonhomme	808b025f8a	Merge branch 'TinCanTech-easyrsa_openssl-vs-debug' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-08 01:26:33 +00:00
Richard T Bonhomme	8ecdc349e9	Merge branch 'easyrsa_openssl-vs-debug' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-easyrsa_openssl-vs-debug Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-08 01:25:50 +00:00
Richard T Bonhomme	591924d631	Stop EASYRSA_DEBUG interfering with SSL output from subshells Some commands must capture the SSL output via a subshell. eg: ssl_cert_serial() and ssl_cert_not_before/after_date() To use easyrsa_openssl() for these commands, EASYRSA_DEBUG must be disabled. This patch unsets EASYRSA_DEBUG in the function subshells only. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-08 00:58:43 +00:00
Richard T Bonhomme	f97a3b7a93	Merge branch 'TinCanTech-reorder-easyrsa_openssl' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-08 00:51:30 +00:00
Richard T Bonhomme	2396ac21a2	Merge branch 'reorder-easyrsa_openssl' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-reorder-easyrsa_openssl Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-08 00:50:48 +00:00
Richard T Bonhomme	2b5150ea6c	Merge branch 'TinCanTech-ff-date-to-cert-date-v2' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-08 00:45:15 +00:00
Richard T Bonhomme	8b85a3a349	Merge branch 'ff-date-to-cert-date-v2' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-ff-date-to-cert-date-v2 Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-08 00:44:27 +00:00
Richard T Bonhomme	8ede536206	Re-order easyrsa_openssl() temp-file assignment Always assign the easyrsa_openssl() temp-file before escape_hazard(). In the event of failure, easyrsa_openssl() will try first. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-08 00:17:17 +00:00
Richard T Bonhomme	3c0d90799f	ff_date_to_cert_date(): Correct the input format for busybox date Also, correct alignment and indents with no functional change. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-07 23:15:04 +00:00
Richard T Bonhomme	9266caaf33	verify_ssl_lib(): short-circuit overload check; un-indent by one tab Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-07 02:15:01 +00:00
Richard T Bonhomme	aa85739b2e	Merge branch 'TinCanTech-no-safe-ssl-mode' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-06 22:53:33 +00:00
Richard T Bonhomme	f3b2f60678	Merge branch 'no-safe-ssl-mode' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-no-safe-ssl-mode Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-06 22:46:48 +00:00
Richard T Bonhomme	c5d401651c	Introduce OpenSSL only mode: No Safe SSL Config File Global option '--no-safe-ssl' disables generating a safe SSL config file. The default is to always generate a safe SSL config file. Can be used by OpenSSL ONLY. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-05 20:44:28 +00:00
Richard T Bonhomme	d167b517f7	Merge branch 'TinCanTech-always-use-easyrsa_openssl' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-04 20:35:39 +00:00
Richard T Bonhomme	4be21f8fd2	Merge branch 'always-use-easyrsa_openssl' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-always-use-easyrsa_openssl PLUS: Minor changes to error meesage output only, no functional changes. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-04 20:33:31 +00:00
Richard T Bonhomme	886002b089	Rename function variable fn_ is preferable to f_ This is to simulate 'local', which was not POSIX, until recently. Baseline: Windows sh.exe Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-04 12:17:04 +00:00
Richard T Bonhomme	c3943edd28	Replace use of $EASYRSA_OPENSSL with easyrsa_openssl() Use replaced in display_san() and display_dn(). verify_file(): Return status of SSL command. Wrap long lines x4. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-03 21:34:31 +00:00
Richard T Bonhomme	3caf0ec905	Replace SSL calls for serial number with function ssl_cert_serial() Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-03 19:21:21 +00:00
Richard T Bonhomme	ec56603b91	Merge branch 'TinCanTech-set-OPENSSL_CONF' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-03 13:09:03 +00:00

1 2 3 4 5 ...

1408 Commits