Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v3.2.0-beta1 #1046

Merged
merged 26 commits into from
Dec 15, 2023
Merged

v3.2.0-beta1 #1046

merged 26 commits into from
Dec 15, 2023

Conversation

TinCanTech
Copy link
Collaborator

@TinCanTech TinCanTech commented Dec 8, 2023

The essential change here is to make all support file redundant; If they are not found then they are created on demand.

Currently does not work for x509-types/ email and kdc

The most significant change is new command write <type> <DIR> c814e0a

Usage: 'easyrsa rand <decimal_number>'

Signed-off-by: Richard T Bonhomme <[email protected]>
Signed-off-by: Richard T Bonhomme <[email protected]>
Place selecting and sourcing vars-file before assigning PKI and CA
requirements to the command to be executed.

This is more logical because the command requirements are assigned
directly before handing off to the requested command, while external
variables have already been assigned.

Move 'make-vars' to the standard 'case' command selection list.

Signed-off-by: Richard T Bonhomme <[email protected]>
Replace use of copy_data_to_pki(), which copies an existing file to the
PKI, by verifying that EASYRSA_SSL_CONF points to a file or create a
temp-file to be used in place.

This allows removing openssl-easyrsa.cnf file from the repository.

Signed-off-by: Richard T Bonhomme <[email protected]>
locate_support_files() will find the support files and assign
variables accordingly:
* openssl_easyrsa.cnf - Assigned to EASYRSA_SSL_CONF
* /x509-types - Assigned to EASYRSA_EXT_DIR

If the files are not found then no variables are assigned and
the files are created seprately as temp-files, when required.

Signed-off-by: Richard T Bonhomme <[email protected]>
This is necessary for status reports read_db(), which recreates the
secure session for each record.

Signed-off-by: Richard T Bonhomme <[email protected]>
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech TinCanTech changed the title V3.2.0-beta1 v3.2.0-beta1 Dec 9, 2023
This allows creating all support files.

Usage: 'easyrsa write <type> <DIR>'
* <type> must be specified.
* <DIR>  is optional. If specified then files are created.
         Otherwise, data is sent to stdout.

Types:
* ssl-cnf  - Write openssl-easyrsa.cnf file.
* COMMON|ca|server|serverCleint|client|codeSigning|email|kdc
           - Write x509-type <type> file.
* lecacy   - Write ALL files above to <DIR>.
             Default <DIR> is EASYRSA_PKI or EASYRSA.
             Will create <DIR>/x509-types directory.
* safe-ssl - Expand Easy-RSA SSL config for LibreSSL.
* vars     - Write vars.example file.

Replaces command 'make-safe-ssl' and 'make-vars'.

Signed-off-by: Richard T Bonhomme <[email protected]>
Signed-off-by: Richard T Bonhomme <[email protected]>
New section 'Advanced configuration files' gives further details on
how to use command 'write'.

Signed-off-by: Richard T Bonhomme <[email protected]>
In default mode, build-ca exports the CA password to the environment,
via function force_set_var().

Replace use of force_set_var() with a here-doc.

Also, make verbose openssl command output debug only.

Signed-off-by: Richard T Bonhomme <[email protected]>
Command 'write' requires a PKI for 'legacy' and 'safe-ssl'.

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech TinCanTech merged commit 7120876 into master Dec 15, 2023
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant