easyrsa

Author	SHA1	Message	Date
Richard T Bonhomme	af73c4ce4f	Merge branch 'remove-opts-verbose-quiet' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-remove-opts-verbose-quiet Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-30 21:38:40 +00:00
Richard T Bonhomme	195d6e6c73	Update: Remove option '--quiet' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-29 23:52:36 +00:00
Richard T Bonhomme	fb198b17e2	Remove global options '--verbose' and '--quiet' as not required Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-29 23:34:46 +00:00
Richard T Bonhomme	37f9d3768e	build-ca: Remove unnecessary 'elif' check Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-28 00:02:22 +00:00
Richard T Bonhomme	a51278be73	Merge branch 'TinCanTech-get-ca-password' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-27 16:57:49 +00:00
Richard T Bonhomme	021f443f11	Merge branch 'get-ca-password' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-get-ca-password Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-27 16:56:53 +00:00
Richard T Bonhomme	c599bb1da7	build-ca: Improve passphrase input mechanism Make EasyRSA check for basic passphrase requirements. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-27 01:38:20 +00:00
Richard T Bonhomme	ed01426a8b	Merge branch 'TinCanTech-use-unset-dash-v' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-24 18:15:05 +00:00
Richard T Bonhomme	4c2a89e657	Merge branch 'use-unset-dash-v' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-use-unset-dash-v Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-24 18:14:09 +00:00
Richard T Bonhomme	374d8f0cae	Use 'unset -v', consistently Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-24 18:10:08 +00:00
Richard T Bonhomme	fbaf67c118	Merge branch 'TinCanTech-update-vars-example' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-24 17:29:18 +00:00
Richard T Bonhomme	a3f33eb246	Merge branch 'update-vars-example' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-update-vars-example Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-24 17:28:35 +00:00
Richard T Bonhomme	a144d36450	Merge branch 'TinCanTech-minor-improve-and-format' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-24 17:27:17 +00:00
Richard T Bonhomme	fbf2437f8d	Merge branch 'minor-improve-and-format' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-minor-improve-and-format Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-24 17:26:21 +00:00
Richard T Bonhomme	5c36c478fb	vars.example: Add EASYRSA_NO_PASS and wrap long lines Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-23 21:53:46 +00:00
Richard T Bonhomme	dbe894dec6	Update help: Standardise output; Improve code; Reprioritise options Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-23 21:42:03 +00:00
Richard T Bonhomme	aa9a3d44fa	Merge branch 'TinCanTech-SIGINT-exit' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-22 18:22:57 +00:00
Richard T Bonhomme	a8d7f3d50f	Merge branch 'SIGINT-exit' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-SIGINT-exit Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-22 18:22:12 +00:00
Richard T Bonhomme	b03fe439e6	Merge branch 'TinCanTech-fix-sc-case-warn' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-22 16:38:25 +00:00
Richard T Bonhomme	68c7f63773	Merge branch 'fix-sc-case-warn' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-fix-sc-case-warn Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-22 16:37:34 +00:00
Richard T Bonhomme	a7e837cf92	Fix shellcheck warning for command set-pass case statement Plus minor improvement to set-pass help text. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-22 16:23:00 +00:00
Richard T Bonhomme	f8a5f46f1d	Minor improvements to help for cmd:'set-pass' and opt:'--no-pass' Squashed commit of the following: commit 4f142baa04227963f291948dcbe2cb08e6ac6cd1 Merge: 0ee7a6d bcc71d6 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Mon Nov 21 20:23:22 2022 +0000 Merge branch 'doc-set-pass' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-doc-set-pass Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit bcc71d6c7e0d7bfe1d628cadc13689eb32fd4c8d Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Mon Nov 21 15:14:27 2022 +0000 Minor improvements to help for cmd:'set-pass' and opt:'--no-pass' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-21 20:26:08 +00:00
Richard T Bonhomme	3cb322049a	cleanup(): Exit correctly for SIGINT Also, replace $die_error_exit with $confirm_aborted: Make die() the default exit on error. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-20 20:54:52 +00:00
Richard T Bonhomme	0ee7a6d75e	Minor refactor: escape_hazard() Squashed commit of the following: commit 81937721412478c0f4b7d32b6a55d18099608d88 Merge: 43d7648 345e6cc Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Sun Nov 20 13:37:05 2022 +0000 Merge branch 'improve-escape_hazard' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-improve-escape_hazard Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 345e6cc5540d411e32c3cc7ced3017742188d144 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Sun Nov 20 13:07:37 2022 +0000 Minor refactor: escape_hazard() Remove development code. Improve text. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-20 13:37:47 +00:00
Richard T Bonhomme	43d7648168	Option --subca-len - Allow value to be 0 (zero) Squashed commit of the following: commit 3a5e7539db93b88a9db8b2fb9fc6520870f337ac Merge: 1a46e32 3d9fa5e Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Sun Nov 20 13:31:57 2022 +0000 Merge branch 'path-len-zero' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-path-len-zero Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 3d9fa5e955f0ed517c63bb8c35e6fde180af8b6a Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Sun Nov 20 00:30:59 2022 +0000 Option --subca-len - Allow value to be 0 (zero) For an intermediate CA certificate, Path length of zero (0) is valid. Therefore, allow the character '0' as a valid numeric input for EasyRSA option --subca-len=<N> This method allows character zero (0) ONLY, as a numeric input for options which accept zero as a value. Add comment: # Reset per pass flags Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-20 13:32:49 +00:00
Richard T Bonhomme	1a46e32454	Expand check for --keep-tmp value to an existing file of any type Squashed commit of the following: commit aecf6e63780d9aec8b31b61aff0704f45c9598c9 Merge: 85db316 244c059 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Sun Nov 20 13:28:12 2022 +0000 Merge branch 'improve-keep-tmp' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-improve-keep-tmp Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 244c05968e76d1fa7673202e1623cb252083bc66 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Thu Nov 17 02:13:40 2022 +0000 Expand check for --keep-tmp value to an existing file of any type Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-20 13:29:16 +00:00
Richard T Bonhomme	85db316606	Merge branch 'TinCanTech-fix-set_pass' EasyRSA version 3.1.x only. Summary of changes: 1. Introduce EasyRSA command 'set-pass'. Use SSL command 'pkey' to set passwords on all private key files. SSL command 'pkey' supports all EasyRSA croptoraphy settings. This replaces "Leacy" commands 'set-rsa-pass' and 'set-ecpass'. (These commands and their original code are retained for compatibility) 2. Remove the use of EasyRSA variable $no_password from legacy commands. This bug was caused by commit: 9b4bd19545ebc7faf0e281483ddb53748c40eb07 Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-13 17:20:33 +00:00
Richard T Bonhomme	824849bce7	Merge branch 'fix-set_pass' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-fix-set_pass Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-13 17:19:41 +00:00
Richard T Bonhomme	1aae9b36fd	set_pass_legacy(): Remove $no_password "-nodes" Closes: #765 Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-11 18:37:47 +00:00
Richard T Bonhomme	d0019deb25	Current 'set-X-pass' commands do not support Edwards Curve cryptography. Replace all 'set-X-pass' commands with single 'set-pass' command. The new EasyRSA 'set-pass' command uses OpenSSL command 'pkey' to manipulate private keys. OpenSSL 'pkey' command supports all EasyRSA cryptography. Retain compatibility with old commands. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-10 23:31:15 +00:00
Richard T Bonhomme	00e93d0abd	Require unique random serial number for certificate or fail Squashed commit of the following: commit 7bdc3cdfbf4ac11dc5ff6377b1b32306fc50bc66 Merge: 320a324 7fa4ec9 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Thu Nov 10 19:41:31 2022 +0000 Merge branch 'fix-random-cert-serial' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-fix-random-cert-serial Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 7fa4ec9e3155f8b54648226397ef73f9086779d1 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Thu Nov 10 19:27:37 2022 +0000 Require unique random serial number for certificate or fail This only effects Random certificate serial numbers: EASYRSA_RAND_SN (EASYRSA_RAND_SN is the Easy-RSA default mode) Previously, no matter if a _unique_ random serial number was generated, sign_req() would always use the last random number generated, as serial number for the new certificate. This behaviour also allowed _complete failure_ of the SSL serial number check to pass without error. This change allows signing a request to succeed ONLY when a unique serial number has been generated and validated. A failure of the SSL CA unique serial number check will NOT be ignored. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-10 20:41:55 +00:00
Richard T Bonhomme	320a324965	New function: easyrsa-random() - Generate random hexadecimal data Squashed commit of the following: commit cb68324306febcddf7ef03fe56fc1eddf06e7db7 Merge: 82483f1 2199d0c Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Wed Nov 9 21:19:41 2022 +0000 Merge branch 'f-easyrsa_random' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-f-easyrsa_random Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 2199d0c323e506df436a335375be9115a12d6b7f Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Wed Nov 9 21:05:17 2022 +0000 Minor improvements to temp-session and temp-file Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit aa15b74722632ecab14c07ba9f2158d121e55d4f Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Wed Nov 9 20:35:43 2022 +0000 New function: easyrsa-random() - Generate random hexadecimal data Replace the various random requirements with this new function. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-09 21:21:05 +00:00
Richard T Bonhomme	82483f103e	Improve detect_host() and show_host() Squashed commit of the following: commit 5d48d39891b8ecd8c34f6faef1de06d327ed2b18 Merge: c905f09 2cfc18c Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Thu Nov 3 21:56:48 2022 +0000 Merge branch 'restrain-detect_host' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-restrain-detect_host Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 2cfc18c46bb23d1a2e88502ee76faf373f848155 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Thu Nov 3 21:15:09 2022 +0000 Improve detect_host() and show_host() These changes make reductions to: - The effects of detect_host() - The output of show_host() detect_host: - Does not set an SSL library. - Is not essential, so can be run before all other essential code. show_host: - Only show extended details for -v 'verbose' output. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-03 21:59:56 +00:00
Richard T Bonhomme	c905f0929a	Introduce global option '--nopass\|--no-pass' Squashed commit of the following: commit 3bff869d3058b2d8d2e21b572dfed6bac773ffe8 Merge: dbb8517 1652f20 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Thu Nov 3 19:55:34 2022 +0000 Merge branch 'new-global-opt-nopass' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-new-global-opt-nopass Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 1652f20e88ae72e731d8e6001d561d10aebdb780 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Wed Nov 2 17:46:54 2022 +0000 Introduce global option '--nopass\|--no-pass' (#752) Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 7817324cbb31baf922724e46d5a50947b0b649d6 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Wed Nov 2 17:29:41 2022 +0000 Introduce global option '--nopass\|--no-pass' This change forces all commands where passwords are not desired, to internally rely on the specific EasyRSA variable 'EASYRSA_NO_PASS'. Current use of 'nopass' as a command option, is unchanged. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-03 19:56:34 +00:00
Richard T Bonhomme	dbb851736a	print_version(): Redirect stderr for "openssl" call Squashed commit of the following: commit 6ed16cd3860a1cf155c48809d11b55101ff66224 Merge: 4472516 94f6402 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Tue Nov 1 22:51:33 2022 +0000 Merge branch 'redir-stderr-version' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-redir-stderr-version Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 94f6402c64b9d11da34c93d06b62a00b2ad2fe40 Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Tue Nov 1 20:51:26 2022 +0000 print_version(): Redirect stderr for "openssl" call This redirects stderr message generated by missing config file, specifically for LibreSSL. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-11-01 22:52:48 +00:00
Richard T Bonhomme	4472516e24	Reset option flag check 'number_only' per option Squashed commit of the following: commit 4aada5ffcd8cff893618bbbfe24f589f33665352 Merge: 439cdc1 6f8ba1e Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Mon Oct 31 00:31:56 2022 +0000 Merge branch 'bugfix-number-only' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-bugfix-number-only Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> commit 6f8ba1e608d5223efa9dd296ed2c61418da991aa Author: Richard T Bonhomme <tincantech@protonmail.com> Date: Sun Oct 30 23:56:46 2022 +0000 Reset option flag check 'number_only' per option Closes: #747 Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com> Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-31 00:34:42 +00:00
Richard T Bonhomme	439cdc15b7	Merge branch 'TinCanTech-case-int-sub-ca' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-30 23:23:47 +00:00
Richard T Bonhomme	94331a4ad0	Merge branch 'case-int-sub-ca' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-case-int-sub-ca Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-30 23:23:01 +00:00
Richard T Bonhomme	19b468c8f8	Minor style change Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-30 23:16:38 +00:00
Richard T Bonhomme	89a33bcbe0	Introduce global option '--notext\|--no-text' (#745 ) Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-30 20:02:10 +00:00
Richard T Bonhomme	57f418d8a1	Merge branch 'TinCanTech-add-global-notext' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-30 19:52:47 +00:00
Richard T Bonhomme	6ed6b910d7	Merge branch 'add-global-notext' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-add-global-notext Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-30 19:51:49 +00:00
Richard T Bonhomme	b6b909bbab	Introduce global option '--notext\|--no-text' Global option '--notext\|--no-text': Disable the output of human readable text into certificate files, when signing a request file. Closes: #624 Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-30 19:31:24 +00:00
Richard T Bonhomme	16f094c3b5	Merge branch 'TinCanTech-hard-reset-unset-found_vars' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-28 00:36:02 +01:00
Richard T Bonhomme	327469e518	Merge branch 'hard-reset-unset-found_vars' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-hard-reset-unset-found_vars Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-28 00:35:09 +01:00
Richard T Bonhomme	47e8eaa1b0	For 'init-pki hard' only, always try to create a new pki/vars file This simplifies the code for 'init-pki soft', which deliberately saves the 'pki/vars' file. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-28 00:05:10 +01:00
Richard T Bonhomme	e6638a902b	Merge branch 'TinCanTech-improve-find_x509_types_dir' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-27 23:32:32 +01:00
Richard T Bonhomme	81ed0497b0	Merge branch 'improve-find_x509_types_dir' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-improve-find_x509_types_dir Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-27 23:31:21 +01:00
Richard T Bonhomme	7eea5f35a5	Remove function find_x509_types_dir() Move the function purpose back to function install_data_to_pki(). This means that there is only one list of sources to maintain. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-27 22:54:25 +01:00
Richard T Bonhomme	fc856cc444	Merge branch 'TinCanTech-trim-find_x509_types_dir' Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>	2022-10-27 17:44:42 +01:00

1 2 3 4 5 ...

1347 Commits