easyrsa

Author	SHA1	Message	Date
Richard T Bonhomme	4bcfe5b236	Merge branch 'TinCanTech-promote-init-pki-soft' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-01 23:30:04 +00:00
Richard T Bonhomme	0121cc05a4	Merge branch 'promote-init-pki-soft' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-promote-init-pki-soft Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-01 23:29:12 +00:00
Richard T Bonhomme	5f85068558	init-pki(): Introduce second warning before HARD removal Only if a PKI currently exists, add a second confirmation to promote the use of 'init-pki soft'. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-01 22:56:51 +00:00
Richard T Bonhomme	b56357e1bc	verify_cert(): Support global --batch mode Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-01 19:45:29 +00:00
Richard T Bonhomme	efff1ad843	Merge branch 'TinCanTech-cleanup-exit-number-only' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-01 18:25:03 +00:00
Richard T Bonhomme	4c0c02217f	Merge branch 'cleanup-exit-number-only' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-cleanup-exit-number-only Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-01 18:24:20 +00:00
Richard T Bonhomme	6522163dc9	Merge branch 'TinCanTech-default-ed-curve' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-01 18:20:40 +00:00
Richard T Bonhomme	96b96c18c7	Merge branch 'default-ed-curve' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-default-ed-curve Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2023-01-01 18:19:57 +00:00
Richard T Bonhomme	7afb20ad1a	cleanup(): Exit with numeric error-code only Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-28 23:15:39 +00:00
Richard T Bonhomme	3050d59f60	fixed_cert_dates(): Remove unused variable 'today_n' Originally used to calculate roll-back by one year, also removed. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-28 17:51:27 +00:00
Richard T Bonhomme	f315e6b5a2	Make default Edwards curve ED25519 Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-28 17:34:29 +00:00
Richard T Bonhomme	48a74fbca0	Default settings: Make default Edwards curve ED25519 Perform hierarchial decision for elliptic curve name. Default curves per algorithm: * 'ec' Elliptic curve name 'secp384r1' (Unchanged) * 'ed' Edwards curve name 'ed25519' (Changed) Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-28 17:15:40 +00:00
Richard T Bonhomme	6ac84dc2aa	Allow --fix-offset to create post-dated certificates Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-22 22:24:51 +00:00
Richard T Bonhomme	4082228f64	Merge branch 'TinCanTech-allow-post-date-fix-offset' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-22 22:19:42 +00:00
Richard T Bonhomme	97cea4157d	Merge branch 'allow-post-date-fix-offset' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-allow-post-date-fix-offset Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-22 22:18:52 +00:00
Richard T Bonhomme	4af00b38ce	Merge branch 'TinCanTech-bugfix-build-ca-openssl-easersa-cnf' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-21 21:16:32 +00:00
Richard T Bonhomme	2f1fa20632	Merge branch 'bugfix-build-ca-openssl-easersa-cnf' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-bugfix-build-ca-openssl-easersa-cnf Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-21 21:15:51 +00:00
Richard T Bonhomme	4b3458b979	build-ca: Change FATAL error to warning for old openssl-easyrsa.cnf This will only effect a CA built with custom EASYRSA_EXTRA_EXTS; The solution being, to use the correct 'openssl-easyrsa.cnf'. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-21 13:49:54 +00:00
Richard T Bonhomme	fc8c1c4b2a	Merge branch 'TinCanTech-formalise-cleanup-exit' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-20 20:29:30 +00:00
Richard T Bonhomme	a320b291d6	Merge branch 'formalise-cleanup-exit' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-formalise-cleanup-exit Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-20 20:28:53 +00:00
Richard T Bonhomme	5ea6177338	Wrap more long lines Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-20 20:25:14 +00:00
Richard T Bonhomme	fc4bcb6184	cleanup(): General improvements - Create KNOWN error exit Where errors are known, exit via 'Known' branch. Allow preset error number to propagate. Long line wrapping. Shorten associated variable names. Move clearing traps to within cleanup(). Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-20 20:06:26 +00:00
Richard T Bonhomme	0fd88d65a3	Merge branch 'TinCanTech-renew-over-shift' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-18 21:53:51 +00:00
Richard T Bonhomme	902d8e18e5	Merge branch 'renew-over-shift' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-renew-over-shift Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-18 21:53:10 +00:00
Richard T Bonhomme	e4b02a1dcb	Function safe_set_var(): Hard exit for unexpected errors Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-17 22:40:56 +00:00
Richard T Bonhomme	6e0a9c78c4	Wrap long lines hide_read_pass() get_passphrase() Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-17 22:38:12 +00:00
Richard T Bonhomme	1cf4cce432	Renew: wrap long lines in related functions Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-17 22:35:13 +00:00
Richard T Bonhomme	a815f39847	Function renew_move(): Ignore non-essential file removal errors Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-17 22:27:39 +00:00
Richard T Bonhomme	4c8a4e8765	Command renew: Require CSR as input file and refactor verification Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-17 21:51:39 +00:00
Richard T Bonhomme	b4dc2ad0ea	Command renew: Process options correctly and minor improvements Process options correctly: * This removes an errant 'shift' when processing options. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-17 21:45:23 +00:00
Richard T Bonhomme	97fec2de61	Merge branch 'TinCanTech-win-build-ca' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-15 19:57:34 +00:00
Richard T Bonhomme	74e512252c	Merge branch 'win-build-ca' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-win-build-ca Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-15 19:56:55 +00:00
Richard T Bonhomme	0ce126a289	build-ca: Error-exit on failure to write temp-CA-passphrase files Also, prototype easyrsa_mktemp() errors. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-13 00:02:28 +00:00
Richard T Bonhomme	9a495f7bd3	build-ca: Use OpenSSL '-passout' with EasyRSA '--passout' correctly Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-12 21:22:44 +00:00
Richard T Bonhomme	0063de0d88	Allow default CA generation method to be unit-tested If 'easyrsa' is being run by the unit-test then allow the default method for 'build-ca' to be exercised. The default 'easyrsa' method is to use temp-files, generated by EasyRSA, to pass the CA passphrase, provided by the user, to the SSL command. The normal 'unit-test' method to use a passphrase is to configure EasyRSA ommand line options '--passin' and '--passout'. The change made here is to simulate user-interaction and to supply a default passphrase, as a user, to the SSL command. To NOT use EasyRSA command line options to set any passphrase. ONLY when being run by the unit-test. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-11 22:37:40 +00:00
Richard T Bonhomme	8ae6bca3dc	Windows, build-ca: Add input password to re-open private key Using OpenSSL 3.0.7, packaged by OpenVPN Windows installer, causes EasyRSA command 'build-ca' to fail, because it does not have an input password to re-open the private key, which is required to generate the CA certificate. Provide the user specified CA passphrase as input password for build-ca. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-11 22:29:35 +00:00
Richard T Bonhomme	bec781d3fe	Merge branch 'TinCanTech-sanatize_and_set_var' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-11 12:56:23 +00:00
Richard T Bonhomme	b5228f76d0	Merge branch 'sanatize_and_set_var' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-sanatize_and_set_var Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-11 12:55:38 +00:00
Richard T Bonhomme	d3f4cb4d02	ssl_cert_not_after_date(): Use safe_set_var() Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-10 14:26:46 +00:00
Richard T Bonhomme	ec184ca49e	ssl_cert_not_before_date(): Use safe_set_var() Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-10 14:14:19 +00:00
Richard T Bonhomme	8f71f71d8e	build-ca: Use safe_set_var() Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-10 13:29:56 +00:00
Richard T Bonhomme	b578efcb50	New function safe_set_var(): Safe wrapper for set_var() When using set_var() with a variable as in input for name of the variable, use this wrapper to verify the input is suitable as a variable name. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-10 13:17:39 +00:00
Richard T Bonhomme	8ca58f11ad	Merge branch 'TinCanTech-index-expire' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-10 00:22:13 +00:00
Richard T Bonhomme	fcac1fe499	Merge branch 'index-expire' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-index-expire Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-10 00:21:20 +00:00
Richard T Bonhomme	01ded61201	Wrap long lines for code close by to status report functions Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-09 22:48:11 +00:00
Richard T Bonhomme	abad51a4f3	Status reports: Recognise Expired certificates Command show-expire: Improve report outut to show 'expired: <date>' for expired certificates. Otherwise, show 'expires: <date>' for currently Valid certicates. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-09 22:26:58 +00:00
Richard T Bonhomme	3ce9272e3a	easyrs_openssl(): Correct comment only Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-08 02:03:29 +00:00
Richard T Bonhomme	808b025f8a	Merge branch 'TinCanTech-easyrsa_openssl-vs-debug' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-08 01:26:33 +00:00
Richard T Bonhomme	8ecdc349e9	Merge branch 'easyrsa_openssl-vs-debug' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-easyrsa_openssl-vs-debug Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-08 01:25:50 +00:00
Richard T Bonhomme	591924d631	Stop EASYRSA_DEBUG interfering with SSL output from subshells Some commands must capture the SSL output via a subshell. eg: ssl_cert_serial() and ssl_cert_not_before/after_date() To use easyrsa_openssl() for these commands, EASYRSA_DEBUG must be disabled. This patch unsets EASYRSA_DEBUG in the function subshells only. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-12-08 00:58:43 +00:00

1 2 3 4 5 ...

1425 Commits