Go to file

Richard T Bonhomme e8ad9fb4f4

Status reports: (Squashed) Use iso_8601 date format

Squashed commit of the following:

commit 423a478dcaf941476f1d8ea339657e2efeb86dec
Merge: 2cadb05 52ebec8
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date:   Sun Apr 2 19:29:40 2023 +0100

    Merge branch 'iso_8601-date-code' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-iso_8601-date-code

    Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

commit 52ebec824febbcd8eb7f338a997dcbc513e9efa6
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date:   Sat Apr 1 14:32:56 2023 +0100

    Status reports: Rename EASYRSA_CERT_EXPIRE: EASYRSA_PRE_EXPIRY_WINDOW

    Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

commit ec8267afad8bf2c074b7c47e40f300a64d0be4a0
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date:   Sat Apr 1 12:19:54 2023 +0100

    Status reports: Re-order functions (NFC)

    Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

commit 72e682d6e9934726ceaf2d4553a456113a57f382
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date:   Sat Apr 1 12:16:59 2023 +0100

    Status reports: Improve comments

    Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

commit dccb8c6773aa778404040865640feeccb6d843f7
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date:   Thu Mar 30 20:41:20 2023 +0100

    Status reports: Move force_set_var() to a suitable place (NFC)

    Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

commit 9c48513f4adcb30f0f73db72b4fcf156aeeddffd
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date:   Thu Mar 30 20:39:55 2023 +0100

    Status reports: Remove ff_date_to_cert_date() (Unused)

    Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

commit 93f51fd0aa2321dd1c511351eec69b4301dd7a80
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date:   Thu Mar 30 20:34:50 2023 +0100

    Status reports: Introduce cert_date_to_iso_8601_date()

    Terminate use of ff_date_to_cert_date() (To be removed).

    Other minor formatting.

    Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

commit aa79739235e5ae93ff71fd8860f809fef3ae2451
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date:   Thu Mar 30 15:16:56 2023 +0100

    Status reports: Remove unsed function offset_days_to_cert_date()

    Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

commit 6017ae1cefecb6519c15f3a8d5ffd2ba168f744c
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date:   Thu Mar 30 14:43:40 2023 +0100

    Status reports: Use iso_8601 date format

    These changes ONLY effect status reports.

    With OpenSSL v3 there is option '-dateopt iso_8601' which outputs
    dates as specified: 'yyyy-mm-dd HH:MM:SSTZ'

    Using this format, date related calculations become more managable
    because the need to use various 'date' programs is reduced to a
    single use.  The single use is 'date +%s', to print the current
    date/time as a timestamp "seconds since epoch".  All supported
    versions of date use the same exact command.

    Introduce new functions:
    - days_to_timestamp_s()
      Return current date/time +/- number-of-days (Can be zero)
      as a timestamp seconds since epoch.
      Use date program in an OS agnostic manner. 'date +%s'

    - db_date_to_iso_8601_date()
      Renamed db_date_to_ff_date() - No functional changes.

    - iso_8601_cert_startdate()
    - iso_8601_cert_enddate()
      Return certificate -startdate or -enddate in iso_8601 format.
      If the SSL lib does not support iso_8601 format then return error
      to the calling function, which will fallback to old method.

    - iso_8601_timestamp_to_seconds()
      Calculate the "seconds since epoch" from iso_8601 date.
      If input date is not iso_8601 format then return error
      to the calling function, which will fallback to old method.

    Notice:
      EasyRSA will calculate "seconds since epoch" itself. It will also
      use the old method (use various date programs) to get a timestamp
      and verify if the two timestamps are an EXACT match.
      If they do not match then a configurable margin-of-error can be
      used to allow the mismatch to pass. (Not enabled by default)
      Testing so far, all timestamps are exact matches.

    Introduce new global options:
    --verbose: Be very verbose about easyrsa internal activity.
      Only currently used by status reports.

    --days-margin: Allow a margin of error for a timestamp mismatch.
      Only currently used by status reports. (Disabled by default)

    Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

2023-04-02 19:31:38 +01:00

.github/workflows

CI: Update checkout to v3

2023-03-16 20:29:46 +00:00

build

update python call, remove test pki on build

2022-05-18 08:08:25 -05:00

distro

upgrading openssl for windows to 3.0.7

2023-01-13 10:14:37 -06:00

doc

Documentation updates (No functional changes)

2022-10-12 23:47:11 +01:00

easyrsa3

Status reports: (Squashed) Use iso_8601 date format

2023-04-02 19:31:38 +01:00

Licensing

Use hash-identical license file from gnu.org

2021-10-21 13:58:12 +00:00

release-keys

Update README.md

2021-05-09 20:10:31 -05:00

.gitignore

Ignore unit-test sand-box

2022-05-30 18:58:03 +01:00

ChangeLog

ChangeLog: Replace option --fix-offset with --startdate/--enddate

2023-03-21 01:44:22 +00:00

COPYING.md

Convert README and COPYING into markdown files

2016-06-22 19:02:23 +03:00

KNOWN_ISSUES

OpenSSL 3.x doesn't appear to work on Windows 7

2022-05-05 19:12:59 -05:00

op-test.sh

Unit-test: Update openssl to v3.0.7 (Linux only)

2023-01-03 00:43:57 +00:00

README.md

Housekeeping: README/gitignore

2022-05-05 19:30:51 -05:00

README.quickstart.md

set line width to 80

2017-10-09 15:57:02 -07:00

wop-test.bat

Rename unit test files

2022-03-29 14:48:33 +01:00

wop-test.sh

Use full '--passin'/'--passout' unit tests

2022-05-13 23:25:40 +01:00

README.md

Overview

easy-rsa is a CLI utility to build and manage a PKI CA. In laymen's terms, this means to create a root certificate authority, and request and sign certificates, including intermediate CAs and certificate revocation lists (CRL).

Downloads

If you are looking for release downloads, please see the releases section on GitHub. Releases are also available as source checkouts using named tags.

Documentation

For 3.x project documentation and usage, see the README.quickstart.md file or the more detailed docs under the doc/ directory. The .md files are in Markdown format and can be converted to html files as desired for release packages, or read as-is in plaintext.

Getting help using easy-rsa

Currently, Easy-RSA development co-exists with OpenVPN even though they are separate projects. The following resources are good places as of this writing to seek help using Easy-RSA:

The openvpn-users mailing list is a good place to post usage or help questions.

You can also try libera.chat IRC network, in channels #openvpn for general support or #easyrsa for development discussion.

Branch structure

The easy-rsa master branch is currently tracking development for the 3.x release cycle. Please note that, at any given time, master may be broken. Feel free to create issues against master, but have patience when using the master branch. It is recommended to use a release, and priority will be given to bugs identified in the most recent release.

The prior 2.x and 1.x versions are available as release branches for tracking and possible back-porting of relevant fixes. Branch layout is:

master         <- 3.1, at present
v3.x.x            pre-release branches, used for staging branches
release/3.0       v3.0.x bugfix/security/openssl updates
release/2.x
release/1.x

LICENSING info for 3.x is in the COPYING.md file

Code style, standards

We are attempting to adhere to the POSIX standard, which can be found here:

https://pubs.opengroup.org/onlinepubs/9699919799/