Should "fix" errors related to ash and potentially other non-POSIX
shells that don't handle set -o or related options.
http://www.austingroupbugs.net/view.php?id=1207
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
Although 'read -s' is not POSIX, it might be the only option
for some systems (OpenWrt). Try each alternative and, if all
those fails, warn the user and read with "echo on".
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Remove a warning when the first certificate is generated
Can't open .../easy-rsa/pki/index.txt.attr for reading, No such file or directory
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
When easyrsa in in $PATH, $0 does not contain a directory, resulting
in an invalid prog_vars. prog_vars is used to get default vars
location, if $EASYRSA_VARS_FILE, $EASYRSA_PKI/vars and $PWD/pki/vars
does not exist.
$0 is also used to set $EASYRSA the same way prog_vars is defined.
$EASYRSA/openssl-easyrsa.cnf is used to set $EASYRSA_SSL_CONF initial
content if missing.
$EASYRSA/x509-types is used to for extensions dir if $EASYRSA_EXT_DIR
and $EASYRSA_PKI/x509-types are not found. However, if vars already
needs changes, it is better to set $EASYRSA_EXT_DIR and file locations
there.
Normally a symlink to /usr/bin will be used to put easyrsa in $PATH.
Following $PATH and symlink allows easyrsa to be located in a more
standard dir like /usr/lib/easy-rsa/easyrsa and vars at
/usr/{lib,libexec,share}/easyrsa/vars, which could be a symlink to
/etc/easy-rsa/vars. vars can be easily appended with the default
distribution values.
With this patch, a system-wide easyrsa package could use this file
structure without patching easyrsa:
/etc/easy-rsa/openssl-easyrsa.cnf
/etc/easy-rsa/pki/
/etc/easy-rsa/vars
/usr/bin/easyrsa -> /usr/lib/easy-rsa/easyrsa
/usr/lib/easy-rsa/easyrsa
/usr/lib/easy-rsa/openssl-easyrsa.cnf
/usr/lib/easy-rsa/vars -> /etc/easy-rsa/vars
/usr/lib/easy-rsa/x509-types
If following symlink fails (win32), the previous behavior is used.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
build_full leave req/privkey ig sign fails (i.e. when CA pass was
incorrect). If build_full fails, it should remove everything it created.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Batch operations cannot be automated if openssl keeps asking
for a password. These new options allow the user to specify
a new source for password, using any openssl password options
like pass:1234 or env:var
Aborts build-ca if privkey generation fails.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Most $EASYRSA_OPENSSL calls where replaced by easyrsa_openssl
calls. When OpenSSL config is needed, easyrsa_openssl generates
a temporary config in tempfiles, incorporating make_ssl_config and
$EASYRSA_EXTRA_EXTS usage.
vars_source_check and verify_ssl_lib use of make_ssl_config was
removed.
'export OPENSSL_CONF' was removed as every openssl call that might
need a conf now uses easyrsa_safessl.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Manually managing temp files into fixes variables (EASYRSA_TEMP_FILE_*),
can result in errors like in build_ca that reused EASYRSA_TEMP_FILE_3.
A temporary directory simplify the cleanup.
A configurable directory for temp files (var EASYRSA_TEMP_DIR) also
allows the user to define a different temporary directory. This is
important for devices using flash disks that have limited number of
writes.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Merged clean_temp and prog_exit into cleanup, but removing
the exit call. Exit should not be called during EXIT as it will
overwrite the current exit code.
Trapped signals simply call "exit $((128+signal))" to force the
execution of EXIT (for non bash-shells).
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
New build script changes to handle win32/win64 openssl binaries.
There's more to do here with copying out the README files and such, but
this should be a good working start.
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
Since there's no uname command on Windows, send STDERR to /dev/null.
This just prevents an error from showing on the console but doesn't
actually change any system behavior.
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
There are runtime issues with 1.1.1a at this time I've yet to track
down. This is referenced in the docker-openvpn project issue 437
with a link in #261. I've been able to reproduce it on Windows 10.
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
