nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,815 Commits 1 Branch 0 Tags 43 MiB
Commit Graph

1815 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Richard T Bonhomme
582aadeea7
Merge branch 'make-vars' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-make-vars 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-17 21:04:58 +01:00
Richard T Bonhomme
e91fc304c4
Ignore shellcheck warning for PATH when used with sourcing vars 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-17 20:52:38 +01:00
Richard T Bonhomme
fe06e24b5d
ChangeLog: New command: make-vars - Print vars.example (here-doc) to stdout 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-17 20:44:55 +01:00
Richard T Bonhomme
2243edb3fe
New command: make-vars - Print vars.example (here-doc) to stdout 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-17 20:40:37 +01:00
Richard T Bonhomme
7f3c35002d
Merge branch 'TinCanTech-expand-help' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-17 20:29:08 +01:00
Richard T Bonhomme
34c4d2489c
Merge branch 'expand-help' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-expand-help 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-17 20:28:38 +01:00
Richard T Bonhomme
84a5b5d9d7
Expand help to include undocumented commands 
Usage: 'easyrsa help more'

Allow default-san to find requests in pki/reqs folder.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-17 20:23:16 +01:00
Richard T Bonhomme
ced2bc9190
Merge branch 'TinCanTech-fix-show-expire-cn-fname-mismatch' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-17 17:23:46 +01:00
Richard T Bonhomme
0b7b2b85f9
Merge branch 'fix-show-expire-cn-fname-mismatch' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-fix-show-expire-cn-fname-mismatch 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-17 17:23:12 +01:00
Richard T Bonhomme
72588ac8a4
ChangeLog: show-expire: Calculate cert. expire seconds from DB date 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-17 17:19:18 +01:00
Richard T Bonhomme
fde4454665
show-expire: Calculate certificate expire seconds from Database date 
When a certificate CN is not the same as the file-name then show-expire
must calculate the expiry date, in seconds, from the database field.

This is done by functions:
* db_date_to_iso_8601_date()
  Translate from database format to ISO_8601 date format.
* iso_8601_timestamp_to_seconds()
  Translate from ISO_86012 date format to time-stamp in seconds.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-17 17:04:30 +01:00
Richard T Bonhomme
51f55d9501
Merge branch 'TinCanTech-unit-test-actions-checkout-v4' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-16 13:56:55 +01:00
Richard T Bonhomme
d9eaba0ab9
Merge branch 'unit-test-actions-checkout-v4' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-unit-test-actions-checkout-v4 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-16 13:56:08 +01:00
Richard T Bonhomme
79cd62c4d7
Merge branch 'TinCanTech-only-support-default-cwd-vars' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-15 13:04:04 +01:00
Richard T Bonhomme
301534da87
Merge branch 'only-support-default-cwd-vars' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-only-support-default-cwd-vars 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-15 13:02:16 +01:00
Richard T Bonhomme
00dcf5628c
ChangeLog: Forbid "default vars in the default PKI" for all commands 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-14 23:49:55 +01:00
Richard T Bonhomme
5a24fa7815
vars_setup(): When sourcing 'vars' restrict PATH to './' 
If '--vars=vars' is used, without specifying a path to 'vars', then
sourcing 'vars' fails to find './vars'. POSIX '.' searches the PATH
when the file-name does not contain a slash '/'. [man dot(1p)]

Since EasyRSA expects the 'vars' file to be within the current working
directory, setting 'PATH=./' forces '.' to search ONLY './'.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-14 23:16:40 +01:00
Richard T Bonhomme
4095e334cd
vars_setup(): User message severity and verbosity, reduce noise 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-14 20:11:40 +01:00
Richard T Bonhomme
6de343fca3
vars_setup: Prohibit specifying vars as a directory. eg: ./ 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-14 12:13:32 +01:00
Richard T Bonhomme
232a28d959
user_error(): Exit with known error directly to cleanup() 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-14 11:51:12 +01:00
Richard T Bonhomme
7684b975ca
init-pki: Remove SECOND confirmation promoting use of option 'soft' 
The option 'soft' for 'init-pki' has been found to be flawed, because
keeping the 'vars' file in the PKI is now forbidden. The 'soft' option
will be removed in due course.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-14 11:08:44 +01:00
Richard T Bonhomme
eedb81e0e0
init-pki: Never create a vars.example and vars file in the pki 
For 'init-pki, disable creating vars.example, which also disables
creating a vars file in the PKI.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-14 11:04:15 +01:00
Richard T Bonhomme
660895293b
Forbid "default vars in the default PKI" for all commands 
The default 'vars' file MUST be "$PWD/vars", no other file can be default.
In order to enforce that, a default 'pki/vars' file MUST be forbidden.

This patch:
* Disables the recommandation for 'vars' to be moved TO the PKI, './pki/vars.
* Forbids the file called './pki/vars'.
* Forbids multiple 'vars' files
* Recommends ONLY the working directory copy of a 'vars' file.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-14 00:28:12 +01:00
Richard T Bonhomme
6fb20395fb
CI: action, checkout v4 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-09-05 01:37:24 +01:00
Richard T Bonhomme
6dac068b7e
Merge branch 'revert-1002-expand-help' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-29 12:07:53 +01:00
Richard T Bonhomme
811e8ad593
Merge branch 'revert-1002-expand-help' of ssh://github.com/Openvpn/easy-rsa into revert-1002-expand-help 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-29 12:07:03 +01:00
Richard T Bonhomme
e69ba7dd35
Merge branch 'revert-1001-remove-upgrade23' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-29 12:04:52 +01:00
Richard T Bonhomme
dd650bfbb2
Merge branch 'revert-1001-remove-upgrade23' of ssh://github.com/Openvpn/easy-rsa into revert-1001-remove-upgrade23 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-29 12:04:08 +01:00
TinCanTech
b5cc16f910
Revert "Completely Remove Upgrade Functionality" 2023-08-29 11:47:20 +01:00
TinCanTech
d9e0c418c4
Revert "Expand help to include undocumented commands" 2023-08-29 11:46:44 +01:00
Richard T Bonhomme
f03eb74260
Merge branch 'TinCanTech-expand-help' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-22 12:55:42 +01:00
Richard T Bonhomme
94078ae8da
Merge branch 'expand-help' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-expand-help 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-22 12:55:01 +01:00
Richard T Bonhomme
d15b05d322
Expand help to include undocumented commands 
Allow default-san to find requests in pki/reqs folder.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-21 13:00:45 +01:00
Richard T Bonhomme
5b628520a8
Merge branch 'TinCanTech-remove-upgrade23' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-20 01:21:55 +01:00
Richard T Bonhomme
62a20e7868
Merge branch 'remove-upgrade23' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-remove-upgrade23 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-20 01:21:13 +01:00
Richard T Bonhomme
e0bcdbf12d
ChangeLog: Completely Remove Upgrade Functionality 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-20 01:13:28 +01:00
Richard T Bonhomme
bb2c90a8f7
Completely Remove Upgrade Functionality 
The upgrade function is no longer required.

Easy-RSA version 3.1.6 provides full upgrade path for older PKIs.

For rare PKIs which do not have 'unique_subject = no' set
in the 'index.txt.attr' file, fall back to SSL error.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-20 00:38:49 +01:00
Eric F Crist
bb16111041
update changelog for 3.2.0 
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2023-08-18 11:30:01 -05:00
Eric F Crist
c6e5f5ba5b
Update OpenSSL to 3.1.2 
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2023-08-18 11:27:59 -05:00
Eric F Crist
9850ced8be
Update ChangeLog for release. 
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2023-08-18 09:24:51 -05:00
Richard T Bonhomme
c1ace38a17
Merge branch 'TinCanTech-sanitize-path' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-17 11:09:14 +01:00
Richard T Bonhomme
3bb013ce86
Merge branch 'sanitize-path' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-sanitize-path 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-17 11:08:31 +01:00
Richard T Bonhomme
489d2238d2
verify_working_env: sanitize_path(), forbid broken values 
Forbid any path ending with '/', '\' or ':'

This protects user variables for paths from being set to the root folder.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-16 16:48:52 +01:00
Richard T Bonhomme
98443c3204
Merge branch 'TinCanTech-force_set_var-v2' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-05 17:18:07 +01:00
Richard T Bonhomme
2df4ef2016
Merge branch 'force_set_var-v2' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-force_set_var-v2 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-05 17:17:36 +01:00
Richard T Bonhomme
41d4b4bed2
Merge branch 'TinCanTech-inline-v2' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-05 16:55:29 +01:00
Richard T Bonhomme
87ac22dcf8
Merge branch 'inline-v2' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-inline-v2 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-05 16:54:37 +01:00
Richard T Bonhomme
352b8db0fc
ChangeLog: New commands 'inline' and 'x509-eku' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-05 16:42:39 +01:00
Richard T Bonhomme
b637e9b695
Move creating 'inline' folder from 'build-ca' to 'init-pki' 
This allows a client that has not built a CA to use 'inline'.

The CA and signed client certificate can be sent to the client,
allowing the client to create a complete X509 based inline file,
without creating a redundant CA.

Also, add 'inline' command to the list of commands which do not
require a CA.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-05 15:58:56 +01:00
Richard T Bonhomme
98e9f43be6
renew: Use new ssl_cert_x509v3_eku() 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-08-05 15:58:25 +01:00