easyrsa

Author	SHA1	Message	Date
Richard T Bonhomme	35dd0d919c	Remove unused variable EASYRSA_EC_DIR This was used to define a temp-dir for a temp-file for EC params. This was replaced by standard temp-file EASYRSA_ALGO_PARAMS. The replacement was due to EasyRSA support for OpenSSL version 3, where SSL command 'genpkey' replaced the previous commands. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-02-11 02:51:24 +00:00
Richard T Bonhomme	d4a1caa394	Rename variable EASYRSA_TEMP_DIR_session to secured_session Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-02-09 01:21:55 +00:00
Richard T Bonhomme	9a4b98246b	secure_session(): Wrap long lines Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-02-09 00:41:45 +00:00
Richard T Bonhomme	f762627e2d	easyrsa_mktemp(): Drop redundant test of temp-session existence Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-02-09 00:21:35 +00:00
Richard T Bonhomme	043448503f	easyrsa_mktemp(): Correct logic for file creation Each try is now aimed at creating a unique target file. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-02-09 00:20:28 +00:00
Richard T Bonhomme	b52f6cbd8b	easyrsa_mktemp(): Pre-assign empty value to temp-file name Satisfy shellcheck SC2154, var is referenced but not assigned. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-02-07 23:32:48 +00:00
Richard T Bonhomme	fba0cf1986	easyrsa_mktemp(): Use sequentially numbered temp-files This drops use of SSL to generate randomly numbered files. The temp-session is still randomly named. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-02-07 19:49:24 +00:00
Richard T Bonhomme	c2b20731d5	Merge branch 'remove-debug' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-remove-debug Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-02-04 19:53:14 +00:00
Richard T Bonhomme	4ad288ef5b	Merge branch 'remove-extra-output-lines' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-remove-extra-output-lines Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-02-04 19:49:05 +00:00
Richard T Bonhomme	84f6a3775c	init-pki soft: Add crl.pem to file delete list Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-02-04 14:47:31 +00:00
Richard T Bonhomme	0d404360c5	show-ca: Remove undefined '$type' variable from output Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-02-04 14:33:45 +00:00
Richard T Bonhomme	d1063e0ad0	Remove redundant separator lines Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-02-04 00:55:36 +00:00
Richard T Bonhomme	3b5ff50bf7	Remove ineffectual redirector Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-02-04 00:43:40 +00:00
Richard T Bonhomme	d5c28f6ec2	Move calling show_host() to function die(), where it belongs Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-02-03 23:51:06 +00:00
Richard T Bonhomme	1f80065917	Remove debug symbols Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-02-03 00:02:50 +00:00
Richard T Bonhomme	50174317bc	Wrap long lines: easyrsa_openssl(), sed command Move the sed command to a function and wrap long lines. New function: easyrsa_rewrite_ssl_config() Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-02-02 20:56:26 +00:00
Richard T Bonhomme	9a46aefc3c	Merge branch 'aesthetics-build-ca-create-dirs-files' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-aesthetics-build-ca-create-dirs-files Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-26 19:39:36 +00:00
Richard T Bonhomme	9047c95850	build-ca: Minor code reformat (aesthetics) Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-26 00:37:26 +00:00
Richard T Bonhomme	9a8bf39b75	Rename safe_set_var() to force_set_var() force_set_var() is intended to deliberately over-write all prior values. This also drops an unnecessary 'eval'. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-25 03:53:20 +00:00
Richard T Bonhomme	81ab139ebb	Remove hard-coded unit-test password from build-ca Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-24 16:05:02 +00:00
Richard T Bonhomme	c4eeff9201	build-ca: Write 'unique_subject = no' to index.txt.attr file EasyRSA version 3.1x 'renew' command requires this attribute. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-22 19:20:24 +00:00
Richard T Bonhomme	91bcabeaf0	build_ca(): Wrap long lines Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-21 23:59:27 +00:00
Richard T Bonhomme	00d7a69788	sign_req(): Wrap long lines, improve error messages and comments Add extra check for successfully moving of temp-file to certificate. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-20 17:21:52 +00:00
Richard T Bonhomme	e6aa6f6393	gen_dh(): Wrap long lines Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-20 16:23:04 +00:00
Richard T Bonhomme	b3e4c638bf	Re-order output messages and subsequent newlines for aesthetics Remove unused EASYRSA_ININE, satisfy shellcheck. Wrap long lines. Minor improvements to comments and error messages. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-20 15:48:28 +00:00
Richard T Bonhomme	ffd63b6cc4	Add 'verify-cert' command to current 'verify' command This should have always been 'verify-cert' because it only verifies to certificates. (Also change 'help' text) Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-19 02:14:39 +00:00
Richard T Bonhomme	ae10aee413	Wrap long lines in "Main" function and verify_cert() Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-18 21:00:11 +00:00
Richard T Bonhomme	8afd07b20d	Minor related improvements safe_set_var(): Show offending input value in error output Standardise similar functions: * ssl_cert_serial() * ssl_cert_not_before_date() * ssl_cert_not_after_date Wrap more long lines. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-15 23:01:21 +00:00
Richard T Bonhomme	c83a26d8ac	db_date_to_ff_date(): Return ff_date via safe_set_var() Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-15 22:13:32 +00:00
Richard T Bonhomme	587ba1aa41	ff_date_to_cert_date(): Return cert_type_date via safe_set_var() Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-15 21:53:26 +00:00
Richard T Bonhomme	159aa15cd4	offset_days_to_cert_date(): Return cert_type_date via safe_set_var() Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-15 21:21:57 +00:00
Richard T Bonhomme	b0f3d8bf90	cert_date_to_timestamp_s(): Return timestamp_s via safe_set_var() This only effects status_expire(), show-expire. Add error detection for 'date' usage. Wrap long lines. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-15 20:38:51 +00:00
Richard T Bonhomme	7492097110	fixed_cert_dates(): Remove subshell fixed_cert_dates(): Replace capturing subshell-output by setting variables via safe_set_var(). Add error detection for 'date' usage. Wrap long lines. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-15 19:01:09 +00:00
Richard T Bonhomme	8dc2064880	Option --fix-offset: Adjust off-by-one day The current code calculates --fix-offset=1 as January 2nd. This decreases the input value by one, which results in --fix-offset=1 being January 1st. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-13 17:15:18 +00:00
Richard T Bonhomme	0699393324	Status Reports: Set 'LC_TIME=C.UTF-8', only used for reports Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-05 13:26:46 +00:00
Richard T Bonhomme	b7f8d9f79a	Global option '--passout' always take priority ONLY Option '--passout' MUST take priority over '--nopass' and 'nopass'. Otherwise, the private key is unintentionally created unencrypted. Option '--passin' must NOT take priority. Otherwise, it is not possible to automatically create an entity key without a password, if the CA key is created with a password. Initialisation: Wrap long lines Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-04 02:34:04 +00:00
Richard T Bonhomme	e27ab41dad	Refactor manual CA passphrase input This is a personal preference only. No functional change. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-04 00:28:50 +00:00
Richard T Bonhomme	866557a589	install_data_to_pki(): Wrap long lines, no functional changes Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-03 20:23:50 +00:00
Richard T Bonhomme	5d59605365	init-pki: Add new inline directory (Wrap long lines) Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-03 19:19:30 +00:00
Richard T Bonhomme	ae0020acdc	Create new 'inline' directory as required Require creation during init-pki, renew and rebuild. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-03 16:08:16 +00:00
Richard T Bonhomme	a7f5044c0d	Add new inline file to command 'rebuild' processes Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-02 22:01:27 +00:00
Richard T Bonhomme	0072f5171c	Add new inline file to command 'renew' processes Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-02 21:38:39 +00:00
Richard T Bonhomme	ef9b3b8192	Add new inline file to command 'revoke' processes Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-02 20:28:44 +00:00
Richard T Bonhomme	f5da984c49	build-full: Always enable inline file creation Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-02 20:07:36 +00:00
Richard T Bonhomme	5f85068558	init-pki(): Introduce second warning before HARD removal Only if a PKI currently exists, add a second confirmation to promote the use of 'init-pki soft'. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-01 22:56:51 +00:00
Richard T Bonhomme	b56357e1bc	verify_cert(): Support global --batch mode Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-01 19:45:29 +00:00
Richard T Bonhomme	4c0c02217f	Merge branch 'cleanup-exit-number-only' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-cleanup-exit-number-only Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-01 18:24:20 +00:00
Richard T Bonhomme	96b96c18c7	Merge branch 'default-ed-curve' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-default-ed-curve Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-01 18:19:57 +00:00
Richard T Bonhomme	7afb20ad1a	cleanup(): Exit with numeric error-code only Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-28 23:15:39 +00:00
Richard T Bonhomme	3050d59f60	fixed_cert_dates(): Remove unused variable 'today_n' Originally used to calculate roll-back by one year, also removed. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-28 17:51:27 +00:00

1 2 3 4 5 ...

822 Commits