The input data, when a certificate is not found, was an unpunctuated
numerical representation of date. eg: '220613123456'.
Format this input to: '22-06-13 12:34:56' for use.
Also, disambiguate between certificate-data verses database-data
by renaming the database variables from 'crt_foo' to 'db_foo'.
Also, disambiguate between full-date verses epoch-date-seconds
by renaming epoch-date-seconds variables from 'foo' to 'foo_s'.
Also, improvements to status reports output format.
Also, improve related comments.
Closes: #568
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
New function: verify_algo_params()
Verify algorithm and parameters in a single function.
Remove verify_curve_ec() and verify_curve_ed()
Place verify_algo_params() at the end of vars_setup().
No longer use a dedicated directory for Elliptic curve
parameters file. Instead, use an easyrsa-temp file.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Flags are set when a 'vars' file is found:
eg. [ -e "$pki_vars" ] && e_pki_vars=1
Use flag '$e_pki_vars' not the target file variable '$pki_vars' for
subsequent code decisions. Unset '$pki_vars', once it us used.
The same goes for: '$prog_vars', '$pwd_vars' and '$easy_vars'.
Closes: #567
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This check ensures the a valid command does not sneak a missing but
expected 'vars' file through 'vars' detection phase.
Move detect_host() and expand the comment.
Minor reformatting, for readability.
Improve/update comments.
Stage-3-of: #566
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Undo changes made by 4922cae2637ff1d6247840a800f3c691aa7eb7ab
which allowed '--vars=FILE init-pki'.
Keep the changes to user output which suppress messages to "use PKI/vars".
Stage-2-of: #566
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Using option '--vars=file' now sets variable 'user_vars_true'.
When 'user_vars_true' then do not create a conflicting PKI/vars.
Also, remove vars-file warnings when 'user_vars_true'.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This allows verify_cert() to show the status and, optionally, return an
error (1) on "failure to verify" to a calling program.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Backport the patch from a4e37cfe54167cca2610aa401b06caae6fa4f724 to 3.0
that fixes the data arguments on Darwin and BSD. Patch originally
authored by @tincantech.
Update .gitignore to ignore macOS .DS_Store files.
Update ChangeLog for v3.0.9 release
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
Used with 'renew' to extend the grace period before allowing certificates
to be renewed.
Used with 'show-expire' to extend the period of the search for certificates
which are close to expiring.
Also, correct some comments and minor formatting changes.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Doesn't seem to work - Win7 is EOL and not really worth a lot of time
debugging. Users should use v3.0.9 of EasyRSA which includes OpenSSL
1.1.1o which should work.
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
