nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,529 Commits 1 Branch 0 Tags 43 MiB
Commit Graph

1529 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Richard T Bonhomme
8944eae7ac
Use set_var to correctly assign EASYRSA_REQ_SERIAL 
This configures EASYRSA_REQ_SERIAL for use in the SSL config file.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-23 13:09:07 +00:00
Richard T Bonhomme
5fa424b913
Merge branch 'TinCanTech-fix-offset-use-enddate' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-21 22:16:21 +00:00
Richard T Bonhomme
04ee3b0977
Merge branch 'fix-offset-use-enddate' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-fix-offset-use-enddate 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-21 22:15:40 +00:00
Richard T Bonhomme
d35e288700
Merge branch 'TinCanTech-move-rand-serial-file' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-21 22:04:02 +00:00
Richard T Bonhomme
32dc387723
Merge branch 'move-rand-serial-file' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-move-rand-serial-file 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-21 22:03:07 +00:00
Richard T Bonhomme
436f77e888
ChangeLog; Only create a random serial number file when expected (#896) 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-21 22:01:16 +00:00
Richard T Bonhomme
06fed95730
sign-req: Use either SSL option -days OR -startdate/-enddate 
Using --fix-offset will not use -days, only -statdate/-enddate.

Options -startdate/-enddate are absolute dates, not counted from
today by OpenSSL, for any reason.

Fixes some unrelated warnings about incomplete SSL config file,
when using --fix-offset.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-19 22:10:26 +00:00
Richard T Bonhomme
2eda52061b
sign-req: Only create a random serial number file when expected 
When EASYRSA_RAND_SN="no", the file pki/serial file is not meant to
be updated by easyrsa. OpenSSL manages the file itself.

Move the code to write the file pki/serial with a random number,
inside the if condition for EASYRSA_RAND_SN, so the file is only
written to by easyrsa, when a random serial number is expected.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-19 21:37:30 +00:00
Richard T Bonhomme
2abc237594
Merge branch 'TinCanTech-ca-password-temp-file-removal' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-14 21:04:37 +00:00
Richard T Bonhomme
58638bcfc2
Merge branch 'ca-password-temp-file-removal' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-ca-password-temp-file-removal 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-14 21:03:42 +00:00
Richard T Bonhomme
88557aae8c
build_ca: Initialise get_passphrase() correctly 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-12 02:37:34 +00:00
Richard T Bonhomme
2dd2767922
build-ca: Deliberately remove manual password in temp-file 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-11 23:11:43 +00:00
Richard T Bonhomme
41f23444c6
Merge branch 'TinCanTech-set_var-v2' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-11 21:54:57 +00:00
Richard T Bonhomme
9d21db8629
Merge branch 'set_var-v2' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-set_var-v2 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-11 21:54:04 +00:00
Richard T Bonhomme
3d1f2135bb
Merge branch 'TinCanTech-cleanup-stty-echo' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-11 21:43:25 +00:00
Richard T Bonhomme
8510681747
Merge branch 'cleanup-stty-echo' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-cleanup-stty-echo 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-11 21:42:07 +00:00
Richard T Bonhomme
a23232144c
Merge branch 'TinCanTech-easyrsa_mktemp-v2' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-11 21:28:13 +00:00
Richard T Bonhomme
1dc5c265ac
Merge branch 'easyrsa_mktemp-v2' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-easyrsa_mktemp-v2 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-11 21:27:32 +00:00
Richard T Bonhomme
35dd0d919c
Remove unused variable EASYRSA_EC_DIR 
This was used to define a temp-dir for a temp-file for EC params.

This was replaced by standard temp-file EASYRSA_ALGO_PARAMS.

The replacement was due to EasyRSA support for OpenSSL version 3,
where SSL command 'genpkey' replaced the previous commands.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-11 02:51:24 +00:00
Richard T Bonhomme
66d282e1c1
set-var(): Check input, die on errors 
Previously, set_var() had no input checking, combined with
the point that, via vars, set_var() is user facing, this
can lead to easy user errors.

Now, input is checked:
- Parameter 1 is required.
- Parameter 1 cannot contain a space.
- Less-than 3 input parameters are expected.
- Quote the expansion of the first occurence of parameter 1
  in the evaluated expression.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-09 20:47:15 +00:00
Richard T Bonhomme
d4a1caa394
Rename variable EASYRSA_TEMP_DIR_session to secured_session 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-09 01:21:55 +00:00
Richard T Bonhomme
9a4b98246b
secure_session(): Wrap long lines 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-09 00:41:45 +00:00
Richard T Bonhomme
f762627e2d
easyrsa_mktemp(): Drop redundant test of temp-session existence 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-09 00:21:35 +00:00
Richard T Bonhomme
043448503f
easyrsa_mktemp(): Correct logic for file creation 
Each try is now aimed at creating a unique target file.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-09 00:20:28 +00:00
Richard T Bonhomme
fd8dcfdafe
Merge branch 'TinCanTech-verify-ssl-before-temp-session' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-08 23:11:26 +00:00
Richard T Bonhomme
393a094aa4
Merge branch 'verify-ssl-before-temp-session' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-verify-ssl-before-temp-session 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-08 23:10:28 +00:00
Richard T Bonhomme
8de04a1439
Move verify_ssl_lib() - Always verify SSL lib, for all commands 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-08 23:05:33 +00:00
Richard T Bonhomme
e70c6363e6
cleanup(): Only enable terminal echo when it has been disabled 
Only build-ca with a manually entered password disables terminal echo.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-08 18:04:14 +00:00
Richard T Bonhomme
b52f6cbd8b
easyrsa_mktemp(): Pre-assign empty value to temp-file name 
Satisfy shellcheck SC2154, var is referenced but not assigned.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-07 23:32:48 +00:00
Richard T Bonhomme
fba0cf1986
easyrsa_mktemp(): Use sequentially numbered temp-files 
This drops use of SSL to generate randomly numbered files.
The temp-session is still randomly named.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-07 19:49:24 +00:00
Richard T Bonhomme
ab264130c1
ChangeLog: Option --fix-offset: Adjust off-by-one day 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-04 21:14:01 +00:00
Richard T Bonhomme
11e66f3dfb
Merge branch 'TinCanTech-remove-debug' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-04 19:54:12 +00:00
Richard T Bonhomme
c2b20731d5
Merge branch 'remove-debug' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-remove-debug 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-04 19:53:14 +00:00
Richard T Bonhomme
b8d0c789e5
Merge branch 'TinCanTech-remove-extra-output-lines' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-04 19:49:39 +00:00
Richard T Bonhomme
4ad288ef5b
Merge branch 'remove-extra-output-lines' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-remove-extra-output-lines 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-04 19:49:05 +00:00
Richard T Bonhomme
043ee3e4c0
Merge branch 'TinCanTech-general-fixes' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-04 19:47:15 +00:00
Richard T Bonhomme
4e0135acd6
Merge branch 'general-fixes' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-general-fixes 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-04 19:45:31 +00:00
Richard T Bonhomme
84f6a3775c
init-pki soft: Add crl.pem to file delete list 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-04 14:47:31 +00:00
Richard T Bonhomme
0d404360c5
show-ca: Remove undefined '$type' variable from output 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-04 14:33:45 +00:00
Richard T Bonhomme
d1063e0ad0
Remove redundant separator lines 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-04 00:55:36 +00:00
Richard T Bonhomme
3b5ff50bf7
Remove ineffectual redirector 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-04 00:43:40 +00:00
Richard T Bonhomme
4ed1277ba1
Merge branch 'TinCanTech-move-show_host' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-03 23:55:35 +00:00
Richard T Bonhomme
b7f46a1482
Merge branch 'move-show_host' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-move-show_host 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-03 23:55:01 +00:00
Richard T Bonhomme
d5c28f6ec2
Move calling show_host() to function die(), where it belongs 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-03 23:51:06 +00:00
Richard T Bonhomme
3175b0118e
Merge branch 'TinCanTech-wrap-sed' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-03 23:26:26 +00:00
Richard T Bonhomme
a6b6c31f67
Merge branch 'wrap-sed' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-wrap-sed 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-03 23:25:17 +00:00
Richard T Bonhomme
1f80065917
Remove debug symbols 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-03 00:02:50 +00:00
Richard T Bonhomme
50174317bc
Wrap long lines: easyrsa_openssl(), sed command 
Move the sed command to a function and wrap long lines.
New function: easyrsa_rewrite_ssl_config()

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-02-02 20:56:26 +00:00
Richard T Bonhomme
005ae7f072
Merge branch 'TinCanTech-aesthetics-build-ca-create-dirs-files' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-26 19:40:19 +00:00
Richard T Bonhomme
9a46aefc3c
Merge branch 'aesthetics-build-ca-create-dirs-files' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-aesthetics-build-ca-create-dirs-files 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-26 19:39:36 +00:00