When forming the OpenSSL config replacement text, gen_req() should not
alter the global variable as it is referred to again by sign_req() when
the wrapper-commands build-*-full are called.
This change localizes the replacement text to avoid competing over the
global variable.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Based-On: patch submitted by Joe Hu <i@sapika.ch>
Fixes: Issue #25
The command-line API for LibreSSL is currently identical to OpenSSL
1.0.1. This support is implemented in a case so any future version
distinctions can key off the features in the available implementation.
Such feature-specific support may become more important during the 3.1
development cycle where 0.9.x OpenSSL cannot handle newer features.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Fixes: #48
Adds the 'set-rsa-pass' and 'set-ec-pass' commands. Both are able to set
or remove a passphrase, and can optionally act on a direct file path
instead of a relative filename base name.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Upgrade-Notes includes v2 to v3 upgrade changes that users should be
aware of.
The updated top-level README helps point users to online support
locations.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
This initial packaging script creates a release-ready tarball for
Unix-alikes. Windows support will be added in a separate commit.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Updates include listing project dir layout, git conventions on
commits/merges/tags, and code spacing/indent recommendations.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
The prior warn/fallback to rsa didn't work, and fallback is probably the
wrong thing to do, especially for batch callers. It is now an error to
supply an invalid value.
No need to export the EASYRSA_ALGO_PARAMS either.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
The --batch CLI arg now takes no options and enables batch-mode when
present.
init-pki no longer takes a 'force' value which did the same as --batch.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
This adds export support for PKCS#7 bundles, and adds the option to
export PKCS#12 without private keys
Author: Luiz Angelo Daros de Luca <luizluca@tre-sc.gov.br>
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
OpenSSL-0.9.8 cannot handle an empty extensions section. This change has
the dynamic extensions support place the section reference in the
temporary file at runtime, supporting both 0.9.8 and 1.0.* versions.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
The GPG/PGP keys listed in this file are used to sign official releases
of Easy-RSA 3. The keys themselves can be downloaded from the many
public keyserver mirrors.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Add documentation & help output; add quoting; add error messages; put
the ecparams dir under PKI dir with env-var tunable.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
This commit adds the possibility to specify the algorithm used by openssl
by adding the --use-algo and --curve parameters.
Signed-off-by: Steffan Karger <steffan@karger.me>
Change keysize defaults from 1024 to 2048 bits and change the default
hash from md5 to sha256. Also, removed an oddly-specific call for sha1
in one instance.
Signed-off-by: Josh Cepek <josh.cepek@usa.net>
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
* Removed duplicate KEY_EMAIL var
* Commented out KEY_PCS11 vars [1]
* Commented out KEY_CN with explanation
* Set saner defaults
* reorganized vars, "required" fields first
[1] I commented these out because they're already set to dummy and you only need to change them if you're indeed going to use them. This makes it a little less confusing to newbies who may not be interested in PKCS11 and get confused when reading that they should now "leave any of these fields blank".
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
