OpenSSL-0.9.8 cannot handle an empty extensions section. This change has
the dynamic extensions support place the section reference in the
temporary file at runtime, supporting both 0.9.8 and 1.0.* versions.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
The GPG/PGP keys listed in this file are used to sign official releases
of Easy-RSA 3. The keys themselves can be downloaded from the many
public keyserver mirrors.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Add documentation & help output; add quoting; add error messages; put
the ecparams dir under PKI dir with env-var tunable.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
This commit adds the possibility to specify the algorithm used by openssl
by adding the --use-algo and --curve parameters.
Signed-off-by: Steffan Karger <steffan@karger.me>
Change keysize defaults from 1024 to 2048 bits and change the default
hash from md5 to sha256. Also, removed an oddly-specific call for sha1
in one instance.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
* Removed duplicate KEY_EMAIL var
* Commented out KEY_PCS11 vars [1]
* Commented out KEY_CN with explanation
* Set saner defaults
* reorganized vars, "required" fields first
[1] I commented these out because they're already set to dummy and you only need to change them if you're indeed going to use them. This makes it a little less confusing to newbies who may not be interested in PKCS11 and get confused when reading that they should now "leave any of these fields blank".
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
This is required to allow applying Alon's autotools/rpm/documentation patches
from GitHub OpenVPN/easy-rsa-old tree.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
whichopensslcnf failed to return the right cnf for:
$ openssl version
OpenSSL 1.0.1 14 Mar 2012
Signed-off-by: Simon Deziel <simon.deziel@gmail.com>
Acked-by: Alon Bar-Lev <alon.barlev@gmail.com>
Message-Id: 4FAE87C1.6000509@gmail.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/6534
Signed-off-by: David Sommerseth <davids@redhat.com>
In the master branch of openvpn.git/openvpn-testing.git commit
26abb83cb1cf0c331db875186250b0c8d55d6013 removes easy-rsa from the
core OpenVPN tree.
This commit is the import of the easy-rsa based on the commit
mentioned. The history before this import of easy-rsa can be found
in the openvpn.git/openvpn-testing.git trees.
Signed-off-by: David Sommerseth <davids@redhat.com>
