Adds the 'set-rsa-pass' and 'set-ec-pass' commands. Both are able to set
or remove a passphrase, and can optionally act on a direct file path
instead of a relative filename base name.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Upgrade-Notes includes v2 to v3 upgrade changes that users should be
aware of.
The updated top-level README helps point users to online support
locations.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
This initial packaging script creates a release-ready tarball for
Unix-alikes. Windows support will be added in a separate commit.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Updates include listing project dir layout, git conventions on
commits/merges/tags, and code spacing/indent recommendations.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
The prior warn/fallback to rsa didn't work, and fallback is probably the
wrong thing to do, especially for batch callers. It is now an error to
supply an invalid value.
No need to export the EASYRSA_ALGO_PARAMS either.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
The --batch CLI arg now takes no options and enables batch-mode when
present.
init-pki no longer takes a 'force' value which did the same as --batch.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
This adds export support for PKCS#7 bundles, and adds the option to
export PKCS#12 without private keys
Author: Luiz Angelo Daros de Luca <luizluca@tre-sc.gov.br>
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
OpenSSL-0.9.8 cannot handle an empty extensions section. This change has
the dynamic extensions support place the section reference in the
temporary file at runtime, supporting both 0.9.8 and 1.0.* versions.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
The GPG/PGP keys listed in this file are used to sign official releases
of Easy-RSA 3. The keys themselves can be downloaded from the many
public keyserver mirrors.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Add documentation & help output; add quoting; add error messages; put
the ecparams dir under PKI dir with env-var tunable.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
This commit adds the possibility to specify the algorithm used by openssl
by adding the --use-algo and --curve parameters.
Signed-off-by: Steffan Karger <steffan@karger.me>
Change keysize defaults from 1024 to 2048 bits and change the default
hash from md5 to sha256. Also, removed an oddly-specific call for sha1
in one instance.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
* Removed duplicate KEY_EMAIL var
* Commented out KEY_PCS11 vars [1]
* Commented out KEY_CN with explanation
* Set saner defaults
* reorganized vars, "required" fields first
[1] I commented these out because they're already set to dummy and you only need to change them if you're indeed going to use them. This makes it a little less confusing to newbies who may not be interested in PKCS11 and get confused when reading that they should now "leave any of these fields blank".
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
This is required to allow applying Alon's autotools/rpm/documentation patches
from GitHub OpenVPN/easy-rsa-old tree.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
whichopensslcnf failed to return the right cnf for:
$ openssl version
OpenSSL 1.0.1 14 Mar 2012
Signed-off-by: Simon Deziel <simon.deziel@gmail.com>
Acked-by: Alon Bar-Lev <alon.barlev@gmail.com>
Message-Id: 4FAE87C1.6000509@gmail.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/6534
Signed-off-by: David Sommerseth <davids@redhat.com>
In the master branch of openvpn.git/openvpn-testing.git commit
26abb83cb1cf0c331db875186250b0c8d55d6013 removes easy-rsa from the
core OpenVPN tree.
This commit is the import of the easy-rsa based on the commit
mentioned. The history before this import of easy-rsa can be found
in the openvpn.git/openvpn-testing.git trees.
Signed-off-by: David Sommerseth <davids@redhat.com>
