nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
341 Commits 1 Branch 0 Tags 43 MiB
Commit Graph

155 Commits

Author SHA1 Message Date
Luiz Angelo Daros de Luca
6ecb6f489e
use temporary directory instead of individual files 
Manually managing temp files into fixes variables (EASYRSA_TEMP_FILE_*),
can result in errors like in build_ca that reused EASYRSA_TEMP_FILE_3.
A temporary directory simplify the cleanup.

A configurable directory for temp files (var EASYRSA_TEMP_DIR) also
allows the user to define a different temporary directory. This is
important for devices using flash disks that have limited number of
writes.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
 2019-05-02 18:26:56 -03:00
Luiz Angelo Daros de Luca
d48618474b
cleanup and exit code when a signal is received 
Merged clean_temp and prog_exit into cleanup, but removing
the exit call. Exit should not be called during EXIT as it will
overwrite the current exit code.

Trapped signals simply call "exit $((128+signal))" to force the
execution of EXIT (for non bash-shells).

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
 2019-05-02 18:23:53 -03:00
Eric F Crist
80e09e6bdc
Merge branch 'master' of https://github.com/TinCanTech/easy-rsa into TinCanTech-master 2019-04-18 06:46:19 -05:00
Xavier Bachelot
30d1c95e68
Simplify 
Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
 2019-03-22 18:15:08 +01:00
Xavier Bachelot
8075dbbded
Don't die on missing req on revoke/renew 
Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
 2019-03-22 18:14:52 +01:00
Xavier Bachelot
9715751815
Automatically create missing renewed dirs 
Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
 2019-03-22 18:14:34 +01:00
Xavier Bachelot
b3b3623de9
Automatically create missing revoked dirs 
Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
 2019-03-22 18:14:18 +01:00
Xavier Bachelot
0198f07eda
verify_ca_init has no business checking the revoked and renewed dirs 
Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
 2019-03-22 18:13:52 +01:00
Stefan Pietsch
4ce6e9c8e4 Fix typo 2019-02-08 00:11:08 +01:00
Richard Bonhomme
cedd50e01e
Prune make_ssl_config 
Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
 2019-02-06 20:05:42 +00:00
Richard Bonhomme
205510bfab
Improve verify_ssl_lib 
Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
 2019-02-06 19:57:01 +00:00
Eric F Crist
be93f45f1e
No uname on Windows 
Since there's no uname command on Windows, send STDERR to /dev/null.
This just prevents an error from showing on the console but doesn't
actually change any system behavior.

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2019-02-04 13:24:35 -06:00
Eric F Crist
37edb7d1d7
Remove RANDFILE var from openssl-easyrsa.cnf 
This fixes #261.

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2019-02-04 13:01:09 -06:00
Eric F Crist
5ab4998cc2
Better date support for BSD/GNU 
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2019-01-31 23:17:26 -06:00
Richard Bonhomme
2c2902613b
Add required temp file 
Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2019-01-29 17:08:13 -06:00
Eric F Crist
e6d858f2ae
Removing trap left in by mistake 
In my test for fixing I left the ERR trap in place.  non-posix, removing

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2019-01-29 13:56:13 -06:00
Eric F Crist
ea464c1b08
Fixes #293 
die() wasn't calling clean_temp;  Now it is.

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2019-01-29 13:32:36 -06:00
Xavier Bachelot
332ec2d38b
Prevent using an empty SAN 
Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
 2019-01-28 23:43:06 +01:00
Xavier Bachelot
c961210bda
Don't try to move inexistant files 
Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
 2019-01-28 23:42:50 +01:00
Xavier Bachelot
9de1173584
Workaround older openssl which don't have -ext 
Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
 2019-01-28 23:42:28 +01:00
Xavier Bachelot
ff87fb1812
Make cert renew grace period configurable (default: 30 days) 
Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
 2019-01-28 23:42:01 +01:00
Xavier Bachelot
6eff1118f8
Fix broken check for cert expiration time in renew command 
Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
 2019-01-28 23:40:40 +01:00
Eric F Crist
c7b8ffb701
Fix trap() and prog_exit() so it exits correctly 
Fixes #282

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2019-01-26 16:57:54 -06:00
Xavier Bachelot
f0e5a498c2 Hook renew command 2019-01-25 17:39:54 +01:00
Xavier Bachelot
ad86051d63 Allow certificate subject to _not_ be unique 2019-01-25 17:39:54 +01:00
Xavier Bachelot
8e73442e12 Create dirs to hold certs being renewed 2019-01-25 17:39:54 +01:00
Xavier Bachelot
99c6ce4f5d Introduce functions for renewing a certificate 2019-01-25 17:39:54 +01:00
Eric F Crist
39759a1864
Add some shellcheck exclusions. 
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2019-01-16 16:15:04 -06:00
Eric F Crist
f6b35473b2
Use -n instead of ! -z in test 
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2019-01-16 15:46:58 -06:00
Eric F Crist
a66bb93c75
Unquote $opt for revoke as it may be empty 
In testing for #63 I discovered that there is at least one instance of a
quoted $opts for the revoke command that causes openssl to throw errors.

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2019-01-16 15:43:31 -06:00
Eric F Crist
675fc990ed
Merge branch 'move_revoked_files' of https://github.com/keros/easy-rsa into keros-move_revoked_files 
Minor merge conflict changes:
* remove local scoping
* PR was based on master, this is being merged in v3.0.6

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2019-01-16 15:35:03 -06:00
Eric F Crist
7bc0168818
Missed the merge conflict. 
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2019-01-11 12:02:52 -06:00
Eric F Crist
bebd71e76f
Support for clientServer 
Merging PR #38

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2019-01-11 11:58:00 -06:00
Eric F Crist
888e214027 Merge branch 'feature/sed' of https://github.com/javier-godoy/easy-rsa into javier-godoy-feature/sed 2019-01-11 10:21:40 -06:00
Eric F Crist
ab1b54caf0 Merge branch 'feature/crl_reason' of https://github.com/javier-godoy/easy-rsa into javier-godoy-feature/crl_reason 2019-01-11 10:12:04 -06:00
Richard Bonhomme
85318d19de
Move verifying the SSL lib to verify_ssl_lib() and only call after verify_pki_init() 
Signed-off-by: Richard Bonhomme <25598447+TinCanTech@users.noreply.github.com>
 2019-01-04 00:43:08 +00:00
Richard Bonhomme
35b1f59e44
Use EASYRSA specific temp file for output to set_pass 
Signed-off-by: Richard Bonhomme <25598447+TinCanTech@users.noreply.github.com>
 2019-01-01 18:07:17 +00:00
Javier Godoy
1a62872e05 Double quote to prevent globbing and word splitting 2018-12-22 06:05:00 -03:00
Javier Godoy
23d7051e76 Add optional CRL reason parameter 2018-12-16 18:18:28 -03:00
Javier Godoy
6227d89ec6 Preserve other environment variables 2018-12-16 18:03:58 -03:00
Richard Bonhomme
482c4b517f
Fix password echo 2018-12-16 18:16:48 +00:00
Richard Bonhomme
3b0d1992a7
Use escape backtick for sed separator 
Signed-off-by: Richard Bonhomme <25598447+TinCanTech@users.noreply.github.com>
 2018-12-12 14:17:23 +00:00
Eric F Crist
272ee0ea89
SC1147, remove local call 
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2018-12-11 20:21:03 -06:00
Eric F Crist
14a5dc8a7a
Mergeing from solidgoldbomg for #118 
Merge branch 'add-show-ca-command' of
   https://github.com/solidgoldbomb/easy-rsa
   into solidgoldbomb-add-show-ca-command
 2018-12-11 20:04:05 -06:00
Eric F Crist
f9fa4ca127
Shellcheck corrections 
Make some corrections to appease shellcheck now that travis is working

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2018-12-11 18:18:31 -06:00
Stacey Sheldon
087d36a0d8 easyrsa: add show-ca command to display the ca certificate 2018-12-07 20:08:52 -05:00
Luiz Angelo Daros de Luca
edf1e92a3f update EASYRSA_CERT_EXPIRE new default value 
Improves 376c62f2b81e36db6f449ac7673013075b0c3ef1

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
 2018-10-04 18:08:43 -03:00
Luiz Angelo Daros de Luca
fcffd650ee respect EASYRSA_SSL_CONF during init-pki 
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
 2018-10-03 18:09:43 -03:00
Eric F Crist
e11b8566fe
trap sig exit, too 
The clean_temp() function failed to be called on a clean exit due to the
previous change (446a58f).  Also adding in the bit from die() that I
failed to remember to push in.

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2018-10-02 17:06:36 -05:00
Eric F Crist
e7bd1efa91
Merge branch 'v3.0.6' of https://github.com/TinCanTech/easy-rsa into TinCanTech-v3.0.6 
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2018-10-02 13:39:09 -05:00