Remove check for '$EASYRSA_PKI' folder 'x509-types',
because it is the first element on the subsequent 'for' list.
Remove check for hard coded 'pki' folder 'x509-types',
because it will over-ride option '--pki-dir=<DIR>'.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Command 'renew' no longer builds new keys, therefore, the option 'nopass'
is not required.
Closes: #740
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Added ChangeLog notice.
Squashed commit of the following:
commit de8f9e689e6409b606f112067754c28e3eef1d1d
Merge: ab7c480 0753241
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date: Wed Oct 26 21:45:29 2022 +0100
Merge branch 'help-err-exit' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-help-err-exit
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
commit 0753241b0c45311475822d05ce492ef925423dad
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date: Tue Oct 25 21:52:49 2022 +0100
Command 'help': For unknown command, exit with error.
Closes: #736
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Squashed commit of the following:
commit b93c8e60649d835b66fc4ab2c1d6050e6b1ca231
Merge: 17cbf07 130c161
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date: Wed Oct 26 21:08:00 2022 +0100
Merge branch 'easyrsa-mktemp' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-easyrsa-mktemp
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
commit 130c161746d8e7885c7c3a86b8d29d28476b3890
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date: Wed Oct 26 20:00:56 2022 +0100
Minor refactor of secure_session() and easyrsa_mktemp()
Return without error on successful completion of final command.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Squashed commit of the following:
commit cd3ef9f218ba9e2862914ad9846dc674d5b89ea6
Merge: 368de14 8a8136b
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date: Tue Oct 25 21:04:16 2022 +0100
Merge branch 'changlog-725' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-changlog-725
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
commit 8a8136b20a4465b53d4bd59eff4b638af57a5d5b
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date: Tue Oct 25 20:03:49 2022 +0100
ChangeLog: Find data-files in the correct order (#727)
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Squashed commit of the following:
commit c27825c3bc5dddaeb3749d7a315a77239146ad22
Merge: 02f13f6 93da550
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date: Tue Oct 25 20:50:44 2022 +0100
Merge branch 'vars-remove-req-cn' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-vars-remove-req-cn
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
commit 93da55003cee29695616d01243aecddcf7954c25
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date: Fri Oct 21 21:10:08 2022 +0100
vars.example: Minor corrections and formatting
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
commit 9976f3f0d13a73827052f490438b95153a1b7576
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date: Fri Oct 21 20:57:07 2022 +0100
vars.example: Remove EASYRSA_TEMP_FILE
Closes: #729
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
commit 8a35375f84ab88b6f009e5971ddb7358f6619a03
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date: Fri Oct 21 20:44:53 2022 +0100
vars.example: Remove EASYRSA_REQ_CN
Closes: #730
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Squashed commit of the following:
commit 136484f3ed28d57bf4244d9c716b8daa1cd9a8a7
Merge: 2083fb2 cae6357
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date: Tue Oct 18 19:44:17 2022 +0100
Merge branch 'fix-order-725' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-fix-order-725
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
commit cae6357c63b473e33e31620264bef4ede596ffac
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date: Sun Oct 16 22:52:44 2022 +0100
Find data-files in the correct order
With this change the PKI becomes the 'preferred' location for data-files.
All other supported locations are searched by specific order.
While this new order is the correct 'preferred' order, the associated code
install_data_to_pki() needs to be simplified.
Closes: #725Closes: #723
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
commit 5aa65657e2fdda455a8549ed4f4e60cad6cf2389
Author: Matthias Andree <matthias.andree@gmx.de>
Date: Sun Oct 2 20:44:08 2022 +0200
Use POSIX [[:space:]] instead of \s for sed(1).
2nd half of fix for #714.
Obtained from: topical@gmx.net
URL: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266726
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Do not allow a known PKI folder <NAME> as --keep-tmp=<NAME>
Remove unnecessary random number extension.
Move all snapshots to sub-directory: $EASYRSA_TEMP_DIR/tmp/<NAME>
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Append the random 32bit number generated for temporary session directory
to the '--keep-tmp=NAME' directory NAME specified by the user.
This avoids obliterating a private keys directory.
Example:
With default settings, '--keep-tmp=private' will delete "$PKI/private".
This will now destroy any directory with the name:
* "$temp_dir/$NAME.$rand"
Closes: #707
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Do not require '--ns-cert=yes' (or no):
If '--ns-cert' is specified then Netscape support is being requested.
However, '--ns-cert=no' (or yes) will still work as expected.
if '--ns-cert' is used then '--ns-cert=yes' is the new default.
Remove 'awk_yesno()': Unnecessary complexity.
Reword 'help': The behavior is simplified and so is the help.
Closes: #698Closes: #709
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Move show_host() to cleanup() and only call it when die() was called.
This allows for confirm() Aborted to exit without extended error data.
Move detect_host after options processing. Allows for use of options.
eg: --verbose
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
When signing a request for an intermediate CA using --subca-len=N:
For a Sub-CA, the current method to apply 'pathlen:N' to CA basicConstraints
over-writes all user set basicConstraints.
Replace that with an awk script which reads the current x509-types/ca file;
selects the last occurence of 'basicConstraints' (As does OpenSSL) and then
prints that line, with ", pathlen:$EASYRSA_SUBCA_LEN" appended, into the
temporary x509-types/ca file.
If no CA basicConstraint is found then exit with an error. Reason:
Easy-RSA default CA basicConstrain will always be defined. If that is changed
by the user, who then attempts to use Easy-RSA to append 'pathlen' then that
is an error. Easy-RSA must not insert a default when the default has been
deliberately removed.
Closes: #691 - Original bug report.
Closes: #692 - First use of awk as a solution. [Credit]
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
build-x-full uses a subshell to detect errors and cleanup the files
if an error occurs. This does not work if Ctrl-C is pressed during
the confirmation yes/no dialog.
Replace the subshell with an indicator, $on_error_build_full_cleanup,
to force cleanup() to remove the CSR, key and certificate files when
an error occurs or user presses Ctrl-C.
Closes: #680
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
