The mv operation following the CRL creation isn't useful as there is no
temp file to move. Instead, create the temp file during CRL creation,
preventing a potential overwrite of a previous, valid, CRL.
Thanks go to matteo.guglielmi@epfl.ch for this patch (via email).
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
By default, field values are interpreted as ASCII but UTF-8 would be a
more reasonable default. Without the -utf8 flag, non-ASCII text gets
garbled without warning. ASCII text works fine either way.
When forming the OpenSSL config replacement text, gen_req() should not
alter the global variable as it is referred to again by sign_req() when
the wrapper-commands build-*-full are called.
This change localizes the replacement text to avoid competing over the
global variable.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Based-On: patch submitted by Joe Hu <i@sapika.ch>
Fixes: Issue #25
The command-line API for LibreSSL is currently identical to OpenSSL
1.0.1. This support is implemented in a case so any future version
distinctions can key off the features in the available implementation.
Such feature-specific support may become more important during the 3.1
development cycle where 0.9.x OpenSSL cannot handle newer features.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Fixes: #48
Adds the 'set-rsa-pass' and 'set-ec-pass' commands. Both are able to set
or remove a passphrase, and can optionally act on a direct file path
instead of a relative filename base name.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
The prior warn/fallback to rsa didn't work, and fallback is probably the
wrong thing to do, especially for batch callers. It is now an error to
supply an invalid value.
No need to export the EASYRSA_ALGO_PARAMS either.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
The --batch CLI arg now takes no options and enables batch-mode when
present.
init-pki no longer takes a 'force' value which did the same as --batch.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
OpenSSL-0.9.8 cannot handle an empty extensions section. This change has
the dynamic extensions support place the section reference in the
temporary file at runtime, supporting both 0.9.8 and 1.0.* versions.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Add documentation & help output; add quoting; add error messages; put
the ecparams dir under PKI dir with env-var tunable.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
This commit adds the possibility to specify the algorithm used by openssl
by adding the --use-algo and --curve parameters.
Signed-off-by: Steffan Karger <steffan@karger.me>
