nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,457 Commits 1 Branch 0 Tags 43 MiB
Commit Graph

1457 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Richard T Bonhomme
ce16ee77a3
Merge branch 'new-date-functions' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-new-date-functions 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-18 21:32:22 +00:00
Richard T Bonhomme
ae10aee413
Wrap long lines in "Main" function and verify_cert() 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-18 21:00:11 +00:00
Richard T Bonhomme
8afd07b20d
Minor related improvements 
safe_set_var(): Show offending input value in error output

Standardise similar functions:
* ssl_cert_serial()
* ssl_cert_not_before_date()
* ssl_cert_not_after_date

Wrap more long lines.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-15 23:01:21 +00:00
Richard T Bonhomme
c83a26d8ac
db_date_to_ff_date(): Return ff_date via safe_set_var() 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-15 22:13:32 +00:00
Richard T Bonhomme
587ba1aa41
ff_date_to_cert_date(): Return cert_type_date via safe_set_var() 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-15 21:53:26 +00:00
Richard T Bonhomme
159aa15cd4
offset_days_to_cert_date(): Return cert_type_date via safe_set_var() 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-15 21:21:57 +00:00
Richard T Bonhomme
b0f3d8bf90
cert_date_to_timestamp_s(): Return timestamp_s via safe_set_var() 
This only effects status_expire(), show-expire.

Add error detection for 'date' usage.

Wrap long lines.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-15 20:38:51 +00:00
Richard T Bonhomme
7492097110
fixed_cert_dates(): Remove subshell 
fixed_cert_dates(): Replace capturing subshell-output
by setting variables via safe_set_var().

Add error detection for 'date' usage.

Wrap long lines.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-15 19:01:09 +00:00
Eric F Crist
354c20d82b
update ChangeLog for release 
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2023-01-13 15:46:44 -06:00
Richard T Bonhomme
caebd4b93a
Merge branch 'TinCanTech-fix-offset-adjustment' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-13 17:47:22 +00:00
Richard T Bonhomme
8845462b54
Merge branch 'fix-offset-adjustment' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-fix-offset-adjustment 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-13 17:46:47 +00:00
Richard T Bonhomme
8dc2064880
Option --fix-offset: Adjust off-by-one day 
The current code calculates --fix-offset=1 as January 2nd.

This decreases the input value by one, which results in
--fix-offset=1 being January 1st.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-13 17:15:18 +00:00
Eric F Crist
0d0daf549b
upgrading openssl for windows to 3.0.7 
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
 2023-01-13 10:14:37 -06:00
Richard T Bonhomme
4184f547a6
Unit-test: Identify macOS 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-09 20:17:10 +00:00
Richard T Bonhomme
76f5840ce5
Merge branch 'TinCanTech-status-LC_TIME-C' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-05 13:45:42 +00:00
Richard T Bonhomme
e029c178a6
Merge branch 'status-LC_TIME-C' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-status-LC_TIME-C 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-05 13:44:54 +00:00
Richard T Bonhomme
0699393324
Status Reports: Set 'LC_TIME=C.UTF-8', only used for reports 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-05 13:26:46 +00:00
Richard T Bonhomme
2fed2a7f1b
Merge branch 'TinCanTech-prioritise-passout' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-04 17:08:51 +00:00
Richard T Bonhomme
da33d03fc1
Merge branch 'prioritise-passout' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-prioritise-passout 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-04 17:08:05 +00:00
Richard T Bonhomme
b7f8d9f79a
Global option '--passout' always take priority ONLY 
Option '--passout' MUST take priority over '--nopass' and 'nopass'.
Otherwise, the private key is unintentionally created unencrypted.

Option '--passin' must NOT take priority.
Otherwise, it is not possible to automatically create an entity
key without a password, if the CA key is created with a password.

Initialisation: Wrap long lines

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-04 02:34:04 +00:00
Richard T Bonhomme
e27ab41dad
Refactor manual CA passphrase input 
This is a personal preference only. No functional change.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-04 00:28:50 +00:00
Richard T Bonhomme
7c9f18bfb8
Merge branch 'TinCanTech-always-enable-inline' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-03 22:39:51 +00:00
Richard T Bonhomme
79cbd1d494
Merge branch 'always-enable-inline' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-always-enable-inline 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-03 22:39:11 +00:00
Richard T Bonhomme
51a82a7fb5
build-full: Always enable inline file creation 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-03 21:56:58 +00:00
Richard T Bonhomme
866557a589
install_data_to_pki(): Wrap long lines, no functional changes 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-03 20:23:50 +00:00
Richard T Bonhomme
5d59605365
init-pki: Add new inline directory (Wrap long lines) 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-03 19:19:30 +00:00
Richard T Bonhomme
ae0020acdc
Create new 'inline' directory as required 
Require creation during init-pki, renew and rebuild.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-03 16:08:16 +00:00
Richard T Bonhomme
a4f90d8c03
Unit-test: Update openssl to v3.0.7 (Linux only) 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-03 00:43:57 +00:00
Richard T Bonhomme
a7f5044c0d
Add new inline file to command 'rebuild' processes 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-02 22:01:27 +00:00
Richard T Bonhomme
0072f5171c
Add new inline file to command 'renew' processes 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-02 21:38:39 +00:00
Richard T Bonhomme
ef9b3b8192
Add new inline file to command 'revoke' processes 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-02 20:28:44 +00:00
Richard T Bonhomme
f5da984c49
build-full: Always enable inline file creation 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-02 20:07:36 +00:00
Richard T Bonhomme
4bcfe5b236
Merge branch 'TinCanTech-promote-init-pki-soft' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-01 23:30:04 +00:00
Richard T Bonhomme
0121cc05a4
Merge branch 'promote-init-pki-soft' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-promote-init-pki-soft 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-01 23:29:12 +00:00
Richard T Bonhomme
5f85068558
init-pki(): Introduce second warning before HARD removal 
Only if a PKI currently exists, add a second confirmation to promote
the use of 'init-pki soft'.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-01 22:56:51 +00:00
Richard T Bonhomme
b56357e1bc
verify_cert(): Support global --batch mode 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-01 19:45:29 +00:00
Richard T Bonhomme
efff1ad843
Merge branch 'TinCanTech-cleanup-exit-number-only' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-01 18:25:03 +00:00
Richard T Bonhomme
4c0c02217f
Merge branch 'cleanup-exit-number-only' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-cleanup-exit-number-only 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-01 18:24:20 +00:00
Richard T Bonhomme
6522163dc9
Merge branch 'TinCanTech-default-ed-curve' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-01 18:20:40 +00:00
Richard T Bonhomme
96b96c18c7
Merge branch 'default-ed-curve' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-default-ed-curve 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2023-01-01 18:19:57 +00:00
Richard T Bonhomme
7afb20ad1a
cleanup(): Exit with numeric error-code only 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-28 23:15:39 +00:00
Richard T Bonhomme
3050d59f60
fixed_cert_dates(): Remove unused variable 'today_n' 
Originally used to calculate roll-back by one year, also removed.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-28 17:51:27 +00:00
Richard T Bonhomme
f315e6b5a2
Make default Edwards curve ED25519 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-28 17:34:29 +00:00
Richard T Bonhomme
48a74fbca0
Default settings: Make default Edwards curve ED25519 
Perform hierarchial decision for elliptic curve name.

Default curves per algorithm:
* 'ec' Elliptic curve name 'secp384r1' (Unchanged)
* 'ed' Edwards curve name 'ed25519' (Changed)

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-28 17:15:40 +00:00
Richard T Bonhomme
6ac84dc2aa
Allow --fix-offset to create post-dated certificates 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-22 22:24:51 +00:00
Richard T Bonhomme
4082228f64
Merge branch 'TinCanTech-allow-post-date-fix-offset' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-22 22:19:42 +00:00
Richard T Bonhomme
97cea4157d
Merge branch 'allow-post-date-fix-offset' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-allow-post-date-fix-offset 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-22 22:18:52 +00:00
Richard T Bonhomme
4af00b38ce
Merge branch 'TinCanTech-bugfix-build-ca-openssl-easersa-cnf' 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-21 21:16:32 +00:00
Richard T Bonhomme
2f1fa20632
Merge branch 'bugfix-build-ca-openssl-easersa-cnf' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-bugfix-build-ca-openssl-easersa-cnf 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-21 21:15:51 +00:00
Richard T Bonhomme
4b3458b979
build-ca: Change FATAL error to warning for old openssl-easyrsa.cnf 
This will only effect a CA built with custom EASYRSA_EXTRA_EXTS;
The solution being, to use the correct 'openssl-easyrsa.cnf'.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
 2022-12-21 13:49:54 +00:00