This allows verify_cert() to show the status and, optionally, return an
error (1) on "failure to verify" to a calling program.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Backport the patch from a4e37cfe54167cca2610aa401b06caae6fa4f724 to 3.0
that fixes the data arguments on Darwin and BSD. Patch originally
authored by @tincantech.
Update .gitignore to ignore macOS .DS_Store files.
Update ChangeLog for v3.0.9 release
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
Used with 'renew' to extend the grace period before allowing certificates
to be renewed.
Used with 'show-expire' to extend the period of the search for certificates
which are close to expiring.
Also, correct some comments and minor formatting changes.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Doesn't seem to work - Win7 is EOL and not really worth a lot of time
debugging. Users should use v3.0.9 of EasyRSA which includes OpenSSL
1.1.1o which should work.
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
Compiled OpenSSL 3.0.3 from github for both 64 and 32 bit Windows. Ran
the wop-test.sh script and passed tests:
* Easy-RSA Unit Tests:
* Windows, no OpenSSL-v3
* System SSL enabled
easyrsa-unit-tests.sh version: 2.3.0
* setup unit-test - ok
* shellcheck abandoned
* >>> BEGIN unit tests:
* >>>>>>: sh C:/Users/ecrist/Desktop/3.1.0-64/easy-rsa/easyrsa-unit-tests.sh -v
easyrsa-unit-tests.sh version: 2.3.0
easyrsa-unit-tests.sh source: localhost
easyrsa source: C:/Users/ecrist/Desktop/3.1.0-64/easy-rsa/easyrsa3/easyrsa
* EASYRSA_OPENSSL:
openssl (env)
OpenSSL 3.0.3 3 May 2022 (Library: OpenSSL 3.0.3 3 May 2022)
EasyRSA Version Information
Version: ~VER~
Generated: ~DATE~
SSL Lib: OpenSSL 3.0.3 3 May 2022 (Library: OpenSSL 3.0.3 3 May 2022)
Git Commit: ~GITHEAD~
Source Repo: https://github.com/OpenVPN/easy-rsa
Setup .. ok
>>>>> >>>>> Begin easyrsa rsa tests
... Lots of tests here.
<<<<< <<<<< End easyrsa ed tests
easyrsa-unit-tests.sh version: 2.3.0
easyrsa-unit-tests.sh source: localhost
easyrsa source: C:/Users/ecrist/Desktop/3.1.0-64/easy-rsa/easyrsa3/easyrsa
* EASYRSA_OPENSSL:
openssl (env)
OpenSSL 3.0.3 3 May 2022 (Library: OpenSSL 3.0.3 3 May 2022)
Unit-test: cleanup
Remove temp dir: C:/Users/ecrist/Desktop/3.1.0-64/easy-rsa/easyrsa3/unit tests
Completed Thu May 5 08:28:30 Central Daylight Time 2022 (Total errors: 0)
* OK
* <<< END unit tests:
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
Not all the places I want to build the distribution symlink python to
the python3 binary (namely macOS) so just call python3 directly.
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
When 'vars' is in the same directory as 'easyrsa' and they are both
in the current working directory, easyrsa would falsely warn about
"conflicting" 'vars' files.
Filter out this false error by checking if '$prog_dir' is './'
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Changes to how 'vars' is located and sourced omitted the possibility
that the vars file has been declared via '--vars'.
Move the 'fi' to the correct location so that '--vars' is respected.
Closes: #552 (Over-ruled, due to another, unrelated change)
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This has been an on/off release tag, but we're going to push it out
because there are some that will remain on the v3.0.x branch for a
long time, and OpenSSL 3.x isn't available in all distros/embedded
systems yet (or for a while).
- Updated OpenSSL for Windows to 1.1.1o
- Updated ChangeLog for v3.0.9, pulling in most comments for v3.1.0
- Updated header in easyrsa to point to Github contributors page
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
date.exe does not support output format '+%s' as input.
Instead, use date.exe "string" not seconds since epoch.
Also, force easyrsa_openssl() 'makesafeconf' to move the the temp-file
to the target file. Otherwise, Windows users are expected to confirm
over-write, every time.
Also, minor variable name changes, for clarity.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
The initial idea was to mask the actual certificate creation date.
The reason was to further anonymise user certificates. (YMMV)
There is now a second part to this date "fixing":
* This allows for all certificates to expire on the same day.
Using command option '--fix-offset=nnn', all certificates will be created
* with a 'notBefore' date of January 1st of the current year.
* with a 'notAfter' date of the day-of-year number from '--fix-offset',
in the final year, as per EASYRSA_CERT_EXPIRE (Default 825 days).
The default 825 days results in 2 years plus the offset given.
This can also be set in the 'vars' file, for convenience.
The default day-of-year offered is 183; either July 2 or 3 (leap year).
Follow-up to: #550 (Replaces 'nodatetime' with '--fix-offset')
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
