Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inline v2 #993

Merged
merged 5 commits into from
Aug 5, 2023
Merged

Inline v2 #993

merged 5 commits into from
Aug 5, 2023

Conversation

TinCanTech
Copy link
Collaborator

Rewrite inline_cert() so that any files to be inlined can be missing.
This allows for any combination of files to create an inline file.

Move certificate type extraction to a new function, ssl_cert_x509v3_eku(), which can be reused.

@TinCanTech TinCanTech mentioned this pull request Aug 1, 2023
Closed
@TinCanTech TinCanTech self-assigned this Aug 1, 2023
@TinCanTech TinCanTech added this to the v3.1.6 milestone Aug 1, 2023
@TinCanTech TinCanTech linked an issue Aug 1, 2023 that may be closed by this pull request
inline_creds() improvements #875
Closed
@TinCanTech
New command x509-eku: Extract X509v3 Extended Key Usage from cert
fb3223f 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
New command inline: Inline available data for certificate
77a0534 
Expose 'inline' command to command line.
Inline available data and ignore missing files.

This function prints the available inline data to stdout.
To create inline files the data must be redirected to a file.
Internally, this redirection is taken care of.

Return 'soft' error when any data is missing but always print
available data.

This behaviour allows for incomplete inline files. For example,
when a CA signs a certificate but does not have the private key.
Any combination of missing files is allowed.

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
renew: Use new ssl_cert_x509v3_eku()
98e9f43 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
Move creating 'inline' folder from 'build-ca' to 'init-pki'
b637e9b 
This allows a client that has not built a CA to use 'inline'.

The CA and signed client certificate can be sent to the client,
allowing the client to create a complete X509 based inline file,
without creating a redundant CA.

Also, add 'inline' command to the list of commands which do not
require a CA.

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech TinCanTech merged commit 87ac22d into OpenVPN:master Aug 5, 2023
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@TinCanTech TinCanTech

Labels
ChangeLog Item enhancement Version 3.1.6
Projects
None yet
Milestone
v3.1.6
Development

Successfully merging this pull request may close these issues.

inline_creds() improvements
1 participant
@TinCanTech