Use the flag as intended.
Also, improvements to layout and comments, in nearby functions.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Helps with preventing #571 again by removing the test pki that may
exist. The build script now removes it if present.
Update the python call the python3 so it works on macOS like in master.
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
The input data, when a certificate is not found, was an unpunctuated
numerical representation of date. eg: '220613123456'.
Format this input to: '22-06-13 12:34:56' for use.
Also, disambiguate between certificate-data verses database-data
by renaming the database variables from 'crt_foo' to 'db_foo'.
Also, disambiguate between full-date verses epoch-date-seconds
by renaming epoch-date-seconds variables from 'foo' to 'foo_s'.
Also, improvements to status reports output format.
Also, improve related comments.
Closes: #568
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
New function: verify_algo_params()
Verify algorithm and parameters in a single function.
Remove verify_curve_ec() and verify_curve_ed()
Place verify_algo_params() at the end of vars_setup().
No longer use a dedicated directory for Elliptic curve
parameters file. Instead, use an easyrsa-temp file.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Flags are set when a 'vars' file is found:
eg. [ -e "$pki_vars" ] && e_pki_vars=1
Use flag '$e_pki_vars' not the target file variable '$pki_vars' for
subsequent code decisions. Unset '$pki_vars', once it us used.
The same goes for: '$prog_vars', '$pwd_vars' and '$easy_vars'.
Closes: #567
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This check ensures the a valid command does not sneak a missing but
expected 'vars' file through 'vars' detection phase.
Move detect_host() and expand the comment.
Minor reformatting, for readability.
Improve/update comments.
Stage-3-of: #566
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Undo changes made by 4922cae2637ff1d6247840a800f3c691aa7eb7ab
which allowed '--vars=FILE init-pki'.
Keep the changes to user output which suppress messages to "use PKI/vars".
Stage-2-of: #566
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Using option '--vars=file' now sets variable 'user_vars_true'.
When 'user_vars_true' then do not create a conflicting PKI/vars.
Also, remove vars-file warnings when 'user_vars_true'.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This allows verify_cert() to show the status and, optionally, return an
error (1) on "failure to verify" to a calling program.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Backport the patch from a4e37cfe54167cca2610aa401b06caae6fa4f724 to 3.0
that fixes the data arguments on Darwin and BSD. Patch originally
authored by @tincantech.
Update .gitignore to ignore macOS .DS_Store files.
Update ChangeLog for v3.0.9 release
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
