nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,452 Commits 1 Branch 0 Tags 43 MiB
Commit Graph

1452 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Richard T Bonhomme
587ba1aa41
ff_date_to_cert_date(): Return cert_type_date via safe_set_var() 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-15 21:53:26 +00:00
Richard T Bonhomme
159aa15cd4
offset_days_to_cert_date(): Return cert_type_date via safe_set_var() 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-15 21:21:57 +00:00
Richard T Bonhomme
b0f3d8bf90
cert_date_to_timestamp_s(): Return timestamp_s via safe_set_var() 
This only effects status_expire(), show-expire.

Add error detection for 'date' usage.

Wrap long lines.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-15 20:38:51 +00:00
Richard T Bonhomme
7492097110
fixed_cert_dates(): Remove subshell 
fixed_cert_dates(): Replace capturing subshell-output
by setting variables via safe_set_var().

Add error detection for 'date' usage.

Wrap long lines.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-15 19:01:09 +00:00
Richard T Bonhomme
caebd4b93a
Merge branch 'TinCanTech-fix-offset-adjustment' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-13 17:47:22 +00:00
Richard T Bonhomme
8845462b54
Merge branch 'fix-offset-adjustment' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-fix-offset-adjustment 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-13 17:46:47 +00:00
Richard T Bonhomme
8dc2064880
Option --fix-offset: Adjust off-by-one day 
The current code calculates --fix-offset=1 as January 2nd.

This decreases the input value by one, which results in
--fix-offset=1 being January 1st.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-13 17:15:18 +00:00
Eric F Crist
0d0daf549b
upgrading openssl for windows to 3.0.7 
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2023-01-13 10:14:37 -06:00
Richard T Bonhomme
4184f547a6
Unit-test: Identify macOS 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-09 20:17:10 +00:00
Richard T Bonhomme
76f5840ce5
Merge branch 'TinCanTech-status-LC_TIME-C' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-05 13:45:42 +00:00
Richard T Bonhomme
e029c178a6
Merge branch 'status-LC_TIME-C' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-status-LC_TIME-C 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-05 13:44:54 +00:00
Richard T Bonhomme
0699393324
Status Reports: Set 'LC_TIME=C.UTF-8', only used for reports 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-05 13:26:46 +00:00
Richard T Bonhomme
2fed2a7f1b
Merge branch 'TinCanTech-prioritise-passout' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-04 17:08:51 +00:00
Richard T Bonhomme
da33d03fc1
Merge branch 'prioritise-passout' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-prioritise-passout 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-04 17:08:05 +00:00
Richard T Bonhomme
b7f8d9f79a
Global option '--passout' always take priority ONLY 
Option '--passout' MUST take priority over '--nopass' and 'nopass'.
Otherwise, the private key is unintentionally created unencrypted.

Option '--passin' must NOT take priority.
Otherwise, it is not possible to automatically create an entity
key without a password, if the CA key is created with a password.

Initialisation: Wrap long lines

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-04 02:34:04 +00:00
Richard T Bonhomme
e27ab41dad
Refactor manual CA passphrase input 
This is a personal preference only. No functional change.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-04 00:28:50 +00:00
Richard T Bonhomme
7c9f18bfb8
Merge branch 'TinCanTech-always-enable-inline' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-03 22:39:51 +00:00
Richard T Bonhomme
79cbd1d494
Merge branch 'always-enable-inline' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-always-enable-inline 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-03 22:39:11 +00:00
Richard T Bonhomme
51a82a7fb5
build-full: Always enable inline file creation 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-03 21:56:58 +00:00
Richard T Bonhomme
866557a589
install_data_to_pki(): Wrap long lines, no functional changes 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-03 20:23:50 +00:00
Richard T Bonhomme
5d59605365
init-pki: Add new inline directory (Wrap long lines) 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-03 19:19:30 +00:00
Richard T Bonhomme
ae0020acdc
Create new 'inline' directory as required 
Require creation during init-pki, renew and rebuild.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-03 16:08:16 +00:00
Richard T Bonhomme
a4f90d8c03
Unit-test: Update openssl to v3.0.7 (Linux only) 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-03 00:43:57 +00:00
Richard T Bonhomme
a7f5044c0d
Add new inline file to command 'rebuild' processes 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-02 22:01:27 +00:00
Richard T Bonhomme
0072f5171c
Add new inline file to command 'renew' processes 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-02 21:38:39 +00:00
Richard T Bonhomme
ef9b3b8192
Add new inline file to command 'revoke' processes 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-02 20:28:44 +00:00
Richard T Bonhomme
f5da984c49
build-full: Always enable inline file creation 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-02 20:07:36 +00:00
Richard T Bonhomme
4bcfe5b236
Merge branch 'TinCanTech-promote-init-pki-soft' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-01 23:30:04 +00:00
Richard T Bonhomme
0121cc05a4
Merge branch 'promote-init-pki-soft' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-promote-init-pki-soft 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-01 23:29:12 +00:00
Richard T Bonhomme
5f85068558
init-pki(): Introduce second warning before HARD removal 
Only if a PKI currently exists, add a second confirmation to promote
the use of 'init-pki soft'.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-01 22:56:51 +00:00
Richard T Bonhomme
b56357e1bc
verify_cert(): Support global --batch mode 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-01 19:45:29 +00:00
Richard T Bonhomme
efff1ad843
Merge branch 'TinCanTech-cleanup-exit-number-only' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-01 18:25:03 +00:00
Richard T Bonhomme
4c0c02217f
Merge branch 'cleanup-exit-number-only' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-cleanup-exit-number-only 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-01 18:24:20 +00:00
Richard T Bonhomme
6522163dc9
Merge branch 'TinCanTech-default-ed-curve' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-01 18:20:40 +00:00
Richard T Bonhomme
96b96c18c7
Merge branch 'default-ed-curve' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-default-ed-curve 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-01 18:19:57 +00:00
Richard T Bonhomme
7afb20ad1a
cleanup(): Exit with numeric error-code only 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-28 23:15:39 +00:00
Richard T Bonhomme
3050d59f60
fixed_cert_dates(): Remove unused variable 'today_n' 
Originally used to calculate roll-back by one year, also removed.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-28 17:51:27 +00:00
Richard T Bonhomme
f315e6b5a2
Make default Edwards curve ED25519 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-28 17:34:29 +00:00
Richard T Bonhomme
48a74fbca0
Default settings: Make default Edwards curve ED25519 
Perform hierarchial decision for elliptic curve name.

Default curves per algorithm:
* 'ec' Elliptic curve name 'secp384r1' (Unchanged)
* 'ed' Edwards curve name 'ed25519' (Changed)

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-28 17:15:40 +00:00
Richard T Bonhomme
6ac84dc2aa
Allow --fix-offset to create post-dated certificates 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-22 22:24:51 +00:00
Richard T Bonhomme
4082228f64
Merge branch 'TinCanTech-allow-post-date-fix-offset' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-22 22:19:42 +00:00
Richard T Bonhomme
97cea4157d
Merge branch 'allow-post-date-fix-offset' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-allow-post-date-fix-offset 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-22 22:18:52 +00:00
Richard T Bonhomme
4af00b38ce
Merge branch 'TinCanTech-bugfix-build-ca-openssl-easersa-cnf' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-21 21:16:32 +00:00
Richard T Bonhomme
2f1fa20632
Merge branch 'bugfix-build-ca-openssl-easersa-cnf' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-bugfix-build-ca-openssl-easersa-cnf 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-21 21:15:51 +00:00
Richard T Bonhomme
4b3458b979
build-ca: Change FATAL error to warning for old openssl-easyrsa.cnf 
This will only effect a CA built with custom EASYRSA_EXTRA_EXTS;
The solution being, to use the correct 'openssl-easyrsa.cnf'.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-21 13:49:54 +00:00
Richard T Bonhomme
fc8c1c4b2a
Merge branch 'TinCanTech-formalise-cleanup-exit' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-20 20:29:30 +00:00
Richard T Bonhomme
a320b291d6
Merge branch 'formalise-cleanup-exit' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-formalise-cleanup-exit 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-20 20:28:53 +00:00
Richard T Bonhomme
5ea6177338
Wrap more long lines 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-20 20:25:14 +00:00
Richard T Bonhomme
fc4bcb6184
cleanup(): General improvements - Create KNOWN error exit 
Where errors are known, exit via 'Known' branch.
Allow preset error number to propagate.

Long line wrapping. Shorten associated variable names.

Move clearing traps to within cleanup().

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-20 20:06:26 +00:00
Richard T Bonhomme
0fd88d65a3
Merge branch 'TinCanTech-renew-over-shift' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-18 21:53:51 +00:00