easy-rsa.git
5 weeks agoWin32 mktemp help master
Richard Bonhomme [Tue, 11 Jun 2019 00:44:17 +0000 (01:44 +0100)]
Win32 mktemp help

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 weeks agoFail with error to create EASYRSA_TEMP_DIR
Richard Bonhomme [Tue, 11 Jun 2019 00:29:04 +0000 (01:29 +0100)]
Fail with error to create EASYRSA_TEMP_DIR

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
5 weeks agoFix op_test.sh shellcheck SC2086
Richard Bonhomme [Mon, 10 Jun 2019 22:01:54 +0000 (23:01 +0100)]
Fix op_test.sh shellcheck SC2086

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
5 weeks agoAdd required shellcheck to cleanup()
Richard Bonhomme [Mon, 10 Jun 2019 21:25:19 +0000 (22:25 +0100)]
Add required shellcheck to cleanup()

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
5 weeks agoTidy up op_test.sh verbose
Richard Bonhomme [Mon, 10 Jun 2019 20:08:21 +0000 (21:08 +0100)]
Tidy up op_test.sh verbose

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
5 weeks agoSilence shellcheck
Richard Bonhomme [Mon, 10 Jun 2019 19:34:28 +0000 (20:34 +0100)]
Silence shellcheck

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
5 weeks agoDefault SAN for serverClient, additional op_test
Richard Bonhomme [Mon, 10 Jun 2019 19:13:59 +0000 (20:13 +0100)]
Default SAN for serverClient, additional op_test

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
5 weeks agoWork around Windows mktemp bug
Richard Bonhomme [Mon, 10 Jun 2019 17:32:47 +0000 (18:32 +0100)]
Work around Windows mktemp bug

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
5 weeks agoRe-instate OPENSSL_CONF and EASYRSA_SAFE_CONF
Richard Bonhomme [Mon, 10 Jun 2019 17:21:44 +0000 (18:21 +0100)]
Re-instate OPENSSL_CONF and EASYRSA_SAFE_CONF

EASYRSA_SAFE_CONF is libressl compatible config file.
Create EASYRSA_SAFE_CONF during init-pki, one time per PKI.
Set OPENSSL_CONF to be EASYRSA_SAFE_CONF, to prevent bogus warnings.

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
5 weeks agoop_test.sh: remove old style custom ssl lib tests
Richard Bonhomme [Mon, 10 Jun 2019 16:46:23 +0000 (17:46 +0100)]
op_test.sh: remove old style custom ssl lib tests

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
5 weeks agoImprove wop_test.bat
Richard Bonhomme [Mon, 10 Jun 2019 13:18:29 +0000 (14:18 +0100)]
Improve wop_test.bat

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
5 weeks agoClean up wait_sec()
Eric F Crist [Fri, 7 Jun 2019 13:55:53 +0000 (08:55 -0500)]
Clean up wait_sec()

Make wait_sec() accept an argument for time so it behaves more like
sleep.

Merge branch 'TinCanTech-master'

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 weeks agoMerge branch 'master' of https://github.com/TinCanTech/easy-rsa into TinCanTech-master
Eric F Crist [Fri, 7 Jun 2019 13:55:45 +0000 (08:55 -0500)]
Merge branch 'master' of https://github.com/TinCanTech/easy-rsa into TinCanTech-master

5 weeks agoop_test.sh: adhere to shellcheck 318/head
Richard Bonhomme [Fri, 7 Jun 2019 13:51:33 +0000 (14:51 +0100)]
op_test.sh: adhere to shellcheck

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
5 weeks agomore typos, thanks xavierb!
Eric F Crist [Fri, 7 Jun 2019 13:48:06 +0000 (08:48 -0500)]
more typos, thanks xavierb!

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 weeks agotypos in ChangeLog (thanks xavierb)
Eric F Crist [Fri, 7 Jun 2019 13:45:35 +0000 (08:45 -0500)]
typos in ChangeLog (thanks xavierb)

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 weeks agoImprove op_test.sh: make wait_sec variable; Add server with SAN renew test.
Richard Bonhomme [Fri, 7 Jun 2019 13:38:38 +0000 (14:38 +0100)]
Improve op_test.sh: make wait_sec variable; Add server with SAN renew test.

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
5 weeks agoUpdating changelog
Eric F Crist [Fri, 7 Jun 2019 12:56:24 +0000 (07:56 -0500)]
Updating changelog

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 weeks agoShore up Windows test framework
Eric F Crist [Fri, 7 Jun 2019 12:52:25 +0000 (07:52 -0500)]
Shore up Windows test framework

Merge branch 'TinCanTech-master'

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 weeks agoMerge branch 'master' of https://github.com/TinCanTech/easy-rsa into TinCanTech-master
Eric F Crist [Fri, 7 Jun 2019 12:52:08 +0000 (07:52 -0500)]
Merge branch 'master' of https://github.com/TinCanTech/easy-rsa into TinCanTech-master

5 weeks agoMerge branch 'xavierba-fix_305'
Eric F Crist [Fri, 7 Jun 2019 12:32:41 +0000 (07:32 -0500)]
Merge branch 'xavierba-fix_305'

fixes #305

Gracefully handle IP when both renewing cert and keeping SAN from the
old certificate

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 weeks agoMerge branch 'fix_305' of https://github.com/xavierba/easy-rsa into xavierba-fix_305
Eric F Crist [Fri, 7 Jun 2019 12:32:33 +0000 (07:32 -0500)]
Merge branch 'fix_305' of https://github.com/xavierba/easy-rsa into xavierba-fix_305

5 weeks agoMerge branch 'luizluca-fix_dirtemp_windows'
Eric F Crist [Fri, 7 Jun 2019 12:31:07 +0000 (07:31 -0500)]
Merge branch 'luizluca-fix_dirtemp_windows'

workaround for but in the win32 mktemp utility

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 weeks agoMerge branch 'fix_dirtemp_windows' of https://github.com/luizluca/easy-rsa into luizl...
Eric F Crist [Fri, 7 Jun 2019 12:30:59 +0000 (07:30 -0500)]
Merge branch 'fix_dirtemp_windows' of https://github.com/luizluca/easy-rsa into luizluca-fix_dirtemp_windows

5 weeks agoMerge branch 'luizluca-fix_read_s'
Eric F Crist [Fri, 7 Jun 2019 12:24:48 +0000 (07:24 -0500)]
Merge branch 'luizluca-fix_read_s'

Should "fix" errors related to ash and potentially other non-POSIX
shells that don't handle set -o or related options.

http://www.austingroupbugs.net/view.php?id=1207

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 weeks agoGracefuly handle IP when both renewing cert and keeping SAN from the old cert 317/head
Xavier Bachelot [Fri, 7 Jun 2019 09:26:35 +0000 (11:26 +0200)]
Gracefuly handle IP when both renewing cert and keeping SAN from the old cert

Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
6 weeks agoTry 'stty', 'set -o echo' and then read -s 315/head
Luiz Angelo Daros de Luca [Tue, 4 Jun 2019 19:08:02 +0000 (16:08 -0300)]
Try 'stty', 'set -o echo' and then read -s

Although 'read -s' is not POSIX, it might be the only option
for some systems (OpenWrt). Try each alternative and, if all
those fails, warn the user and read with "echo on".

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
6 weeks agoAdd Windows operational test 314/head
Richard Bonhomme [Tue, 4 Jun 2019 16:27:02 +0000 (17:27 +0100)]
Add Windows operational test

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
6 weeks agoworkaround win32 mktemp bug 312/head
Luiz Angelo Daros de Luca [Thu, 30 May 2019 21:53:22 +0000 (18:53 -0300)]
workaround win32 mktemp bug

win32 mktemp shipped by easyrsa does not work. It returns
unmodified template as the "temporary file". This results
in file conflicts when two temporary files are in use.
However win32 mktemp -d does work as expected. So, we can use
mktemp -du to generate a correct temporary file name.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
6 weeks agocheck for failed easyrsa_mktemp
Luiz Angelo Daros de Luca [Thu, 30 May 2019 21:52:27 +0000 (18:52 -0300)]
check for failed easyrsa_mktemp

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2 months agoAdding support back in for incremental serials
Eric F Crist [Fri, 17 May 2019 11:50:08 +0000 (06:50 -0500)]
Adding support back in for incremental serials

Not enabled by default.  Should fix #177.

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
2 months agoMerge branch 'IPv4v6-x509-type-email'
Eric F Crist [Tue, 7 May 2019 03:41:20 +0000 (22:41 -0500)]
Merge branch 'IPv4v6-x509-type-email'

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
2 months agoMerge branch 'x509-type-email' of https://github.com/IPv4v6/easy-rsa into IPv4v6...
Eric F Crist [Tue, 7 May 2019 03:41:05 +0000 (22:41 -0500)]
Merge branch 'x509-type-email' of https://github.com/IPv4v6/easy-rsa into IPv4v6-x509-type-email

2 months agoMerge branch 'luizluca-batch_ops'
Eric F Crist [Tue, 7 May 2019 03:37:53 +0000 (22:37 -0500)]
Merge branch 'luizluca-batch_ops'

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
2 months agoMerge branch 'batch_ops' of https://github.com/luizluca/easy-rsa into luizluca-batch_ops
Eric F Crist [Tue, 7 May 2019 03:37:01 +0000 (22:37 -0500)]
Merge branch 'batch_ops' of https://github.com/luizluca/easy-rsa into luizluca-batch_ops

2 months agoMerge branch 'luizluca-fix_firstcert_warn'
Eric F Crist [Tue, 7 May 2019 03:32:45 +0000 (22:32 -0500)]
Merge branch 'luizluca-fix_firstcert_warn'

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
2 months agoMerge branch 'fix_firstcert_warn' of https://github.com/luizluca/easy-rsa into luizlu...
Eric F Crist [Tue, 7 May 2019 03:32:34 +0000 (22:32 -0500)]
Merge branch 'fix_firstcert_warn' of https://github.com/luizluca/easy-rsa into luizluca-fix_firstcert_warn

2 months agoMerge branch 'luizluca-temp_dir'
Eric F Crist [Tue, 7 May 2019 03:26:13 +0000 (22:26 -0500)]
Merge branch 'luizluca-temp_dir'

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
2 months agoMerge branch 'temp_dir' of https://github.com/luizluca/easy-rsa into luizluca-temp_dir
Eric F Crist [Tue, 7 May 2019 03:26:03 +0000 (22:26 -0500)]
Merge branch 'temp_dir' of https://github.com/luizluca/easy-rsa into luizluca-temp_dir

2 months agoMerge branch 'luizluca-fix_failed_buildfull_master'
Eric F Crist [Tue, 7 May 2019 03:19:41 +0000 (22:19 -0500)]
Merge branch 'luizluca-fix_failed_buildfull_master'

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
2 months agoMerge branch 'fix_failed_buildfull_master' of https://github.com/luizluca/easy-rsa...
Eric F Crist [Tue, 7 May 2019 03:19:25 +0000 (22:19 -0500)]
Merge branch 'fix_failed_buildfull_master' of https://github.com/luizluca/easy-rsa into luizluca-fix_failed_buildfull_master

2 months agoMerge branch 'luizluca-follow_symblink'
Eric F Crist [Tue, 7 May 2019 02:46:38 +0000 (21:46 -0500)]
Merge branch 'luizluca-follow_symblink'

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
2 months agoMerge branch 'follow_symblink' of https://github.com/luizluca/easy-rsa into luizluca...
Eric F Crist [Tue, 7 May 2019 02:46:25 +0000 (21:46 -0500)]
Merge branch 'follow_symblink' of https://github.com/luizluca/easy-rsa into luizluca-follow_symblink

2 months agoMerge branch 'luizluca-fix_trap_exit_v2'
Eric F Crist [Tue, 7 May 2019 02:40:58 +0000 (21:40 -0500)]
Merge branch 'luizluca-fix_trap_exit_v2'

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
2 months agoSet nonRepudiation bit for email certificates 306/head
Stefan Pietsch [Mon, 6 May 2019 21:52:55 +0000 (23:52 +0200)]
Set nonRepudiation bit for email certificates

2 months agoAdd x509-type for email certificates
Stefan Pietsch [Sat, 4 May 2019 14:48:46 +0000 (16:48 +0200)]
Add x509-type for email certificates

2 months agoinclude index.txt.attr as CA files 241/head
Luiz Angelo Daros de Luca [Tue, 25 Sep 2018 20:58:03 +0000 (17:58 -0300)]
include index.txt.attr as CA files

Remove a warning when the first certificate is generated

Can't open .../easy-rsa/pki/index.txt.attr for reading, No such file or directory

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2 months agofix prog_vars when easyrsa is symlink or in $PATH 253/head
Luiz Angelo Daros de Luca [Wed, 3 Oct 2018 23:12:38 +0000 (20:12 -0300)]
fix prog_vars when easyrsa is symlink or in $PATH

When easyrsa in in $PATH, $0 does not contain a directory, resulting
in an invalid prog_vars. prog_vars is used to get default vars
location, if $EASYRSA_VARS_FILE, $EASYRSA_PKI/vars and $PWD/pki/vars
does not exist.

$0 is also used to set $EASYRSA the same way prog_vars is defined.

$EASYRSA/openssl-easyrsa.cnf is used to set $EASYRSA_SSL_CONF initial
content if missing.

$EASYRSA/x509-types is used to for extensions dir if $EASYRSA_EXT_DIR
and $EASYRSA_PKI/x509-types are not found. However, if vars already
needs changes, it is better to set $EASYRSA_EXT_DIR and file locations
there.

Normally a symlink to /usr/bin will be used to put easyrsa in $PATH.
Following $PATH and symlink allows easyrsa to be located in a more
standard dir like /usr/lib/easy-rsa/easyrsa and vars at
/usr/{lib,libexec,share}/easyrsa/vars, which could be a symlink to
/etc/easy-rsa/vars. vars can be easily appended with the default
distribution values.

With this patch, a system-wide easyrsa package could use this file
structure without patching easyrsa:

 /etc/easy-rsa/openssl-easyrsa.cnf
 /etc/easy-rsa/pki/
 /etc/easy-rsa/vars
 /usr/bin/easyrsa -> /usr/lib/easy-rsa/easyrsa
 /usr/lib/easy-rsa/easyrsa
 /usr/lib/easy-rsa/openssl-easyrsa.cnf
 /usr/lib/easy-rsa/vars -> /etc/easy-rsa/vars
 /usr/lib/easy-rsa/x509-types

If following symlink fails (win32), the previous behavior is used.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2 months agoRemove req/privkey in build_full when sign_req fails 244/head
Luiz Angelo Daros de Luca [Wed, 26 Sep 2018 20:51:52 +0000 (17:51 -0300)]
Remove req/privkey in build_full when sign_req fails

build_full leave req/privkey ig sign fails (i.e. when CA pass was
incorrect). If build_full fails, it should remove everything it created.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2 months agoadd --passin --passout for alternative pass src/dst 242/head
Luiz Angelo Daros de Luca [Mon, 24 Sep 2018 23:30:55 +0000 (20:30 -0300)]
add --passin --passout for alternative pass src/dst

Batch operations cannot be automated if openssl keeps asking
for a password. These new options allow the user to specify
a new source for password, using any openssl password options
like pass:1234 or env:var

Aborts build-ca if privkey generation fails.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2 months agoAdd easyrsa_openssl as openssl wrap function 240/head
Luiz Angelo Daros de Luca [Wed, 30 Jan 2019 18:18:26 +0000 (16:18 -0200)]
Add easyrsa_openssl as openssl wrap function

Most $EASYRSA_OPENSSL calls where replaced by easyrsa_openssl
calls. When OpenSSL config is needed, easyrsa_openssl generates
a temporary config in tempfiles, incorporating make_ssl_config and
$EASYRSA_EXTRA_EXTS usage.

vars_source_check and verify_ssl_lib use of make_ssl_config was
removed.

'export OPENSSL_CONF' was removed as every openssl call that might
need a conf now uses easyrsa_safessl.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2 months agouse temporary directory instead of individual files
Luiz Angelo Daros de Luca [Tue, 25 Sep 2018 17:50:14 +0000 (14:50 -0300)]
use temporary directory instead of individual files

Manually managing temp files into fixes variables (EASYRSA_TEMP_FILE_*),
can result in errors like in build_ca that reused EASYRSA_TEMP_FILE_3.
A temporary directory simplify the cleanup.

A configurable directory for temp files (var EASYRSA_TEMP_DIR) also
allows the user to define a different temporary directory. This is
important for devices using flash disks that have limited number of
writes.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2 months agocleanup and exit code when a signal is received 283/head
Luiz Angelo Daros de Luca [Wed, 30 Jan 2019 19:36:31 +0000 (17:36 -0200)]
cleanup and exit code when a signal is received

Merged clean_temp and prog_exit into cleanup, but removing
the exit call. Exit should not be called during EXIT as it will
overwrite the current exit code.

Trapped signals simply call "exit $((128+signal))" to force the
execution of EXIT (for non bash-shells).

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
3 months agoneuter SC, WIP
Eric F Crist [Thu, 18 Apr 2019 11:50:57 +0000 (06:50 -0500)]
neuter SC, WIP

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
3 months agoMerge branch 'TinCanTech-master'
Eric F Crist [Thu, 18 Apr 2019 11:46:30 +0000 (06:46 -0500)]
Merge branch 'TinCanTech-master'

Clean up usage of make_ssl_config

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
3 months agoMerge branch 'master' of https://github.com/TinCanTech/easy-rsa into TinCanTech-master
Eric F Crist [Thu, 18 Apr 2019 11:46:19 +0000 (06:46 -0500)]
Merge branch 'master' of https://github.com/TinCanTech/easy-rsa into TinCanTech-master

3 months agoMerge branch 'xavierba-fix_upgrade'
Eric F Crist [Thu, 18 Apr 2019 11:40:05 +0000 (06:40 -0500)]
Merge branch 'xavierba-fix_upgrade'

Fixes for upgrade from v3.0.5 to v3.0.6

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
3 months agoSimplify 303/head
Xavier Bachelot [Fri, 22 Mar 2019 15:28:26 +0000 (16:28 +0100)]
Simplify

Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
3 months agoDon't die on missing req on revoke/renew
Xavier Bachelot [Fri, 22 Mar 2019 15:28:04 +0000 (16:28 +0100)]
Don't die on missing req on revoke/renew

Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
3 months agoAutomatically create missing renewed dirs
Xavier Bachelot [Fri, 22 Mar 2019 15:00:06 +0000 (16:00 +0100)]
Automatically create missing renewed dirs

Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
3 months agoAutomatically create missing revoked dirs
Xavier Bachelot [Fri, 22 Mar 2019 14:59:31 +0000 (15:59 +0100)]
Automatically create missing revoked dirs

Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
3 months agoverify_ca_init has no business checking the revoked and renewed dirs
Xavier Bachelot [Fri, 22 Mar 2019 14:58:23 +0000 (15:58 +0100)]
verify_ca_init has no business checking the revoked and renewed dirs

Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
5 months agoAdd win32 OpenSSL binaries, update build
Eric F Crist [Fri, 8 Feb 2019 00:08:39 +0000 (18:08 -0600)]
Add win32 OpenSSL binaries, update build

New build script changes to handle win32/win64 openssl binaries.
There's more to do here with copying out the README files and such, but
this should be a good working start.

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 months agoFix typos in openssl-easyrsa.cnf
Eric F Crist [Thu, 7 Feb 2019 23:21:19 +0000 (17:21 -0600)]
Fix typos in openssl-easyrsa.cnf

Merge branch 'IPv4v6-fix-typo'

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 months agoFix typo 300/head
Stefan Pietsch [Thu, 7 Feb 2019 23:11:08 +0000 (00:11 +0100)]
Fix typo

5 months agoPrune make_ssl_config 299/head
Richard Bonhomme [Wed, 6 Feb 2019 20:05:42 +0000 (20:05 +0000)]
Prune make_ssl_config

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
5 months agoImprove verify_ssl_lib
Richard Bonhomme [Wed, 6 Feb 2019 19:57:01 +0000 (19:57 +0000)]
Improve verify_ssl_lib

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
5 months agomake op_test.sh executable
Eric F Crist [Mon, 4 Feb 2019 19:35:48 +0000 (13:35 -0600)]
make op_test.sh executable

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 months agoUpdate changelog
Eric F Crist [Mon, 4 Feb 2019 19:26:29 +0000 (13:26 -0600)]
Update changelog

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 months agoNo uname on Windows
Eric F Crist [Mon, 4 Feb 2019 19:24:35 +0000 (13:24 -0600)]
No uname on Windows

Since there's no uname command on Windows, send STDERR to /dev/null.
This just prevents an error from showing on the console but doesn't
actually change any system behavior.

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 months agoDistribute OpenSSL 1.1.0j instead of 1.1.1a
Eric F Crist [Mon, 4 Feb 2019 19:21:58 +0000 (13:21 -0600)]
Distribute OpenSSL 1.1.0j instead of 1.1.1a

There are runtime issues with 1.1.1a at this time I've yet to track
down.  This is referenced in the docker-openvpn project issue 437
with a link in #261.  I've been able to reproduce it on Windows 10.

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 months agoRemove RANDFILE var from openssl-easyrsa.cnf
Eric F Crist [Mon, 4 Feb 2019 19:01:09 +0000 (13:01 -0600)]
Remove RANDFILE var from openssl-easyrsa.cnf

This fixes #261.

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 months agoAdd OpenSSL libs/binary for Windows
Eric F Crist [Mon, 4 Feb 2019 15:58:49 +0000 (09:58 -0600)]
Add OpenSSL libs/binary for Windows

Include OpenSSL libraries and binary for windows.  A precompiled package
was downloaded from http://wiki.overbyte.eu/arch/openssl-1.1.1a-win64.zip

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 months agoUpdate changelog
Eric F Crist [Sat, 2 Feb 2019 03:39:47 +0000 (21:39 -0600)]
Update changelog

straightening things out, back to master!

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 months agoOSX SSL version, lang bash for travis
Eric F Crist [Fri, 1 Feb 2019 14:56:10 +0000 (08:56 -0600)]
OSX SSL version, lang bash for travis

Merge branch 'TinCanTech-v3.0.6' into v3.0.6

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 months agoMerge branch 'v3.0.6' of https://github.com/TinCanTech/easy-rsa into TinCanTech-v3.0.6
Eric F Crist [Fri, 1 Feb 2019 14:55:59 +0000 (08:55 -0600)]
Merge branch 'v3.0.6' of https://github.com/TinCanTech/easy-rsa into TinCanTech-v3.0.6

5 months agoTravis language: bash 298/head
Richard Bonhomme [Fri, 1 Feb 2019 14:41:36 +0000 (14:41 +0000)]
Travis language: bash

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
5 months agoTravis: OSX SSL ver
Richard Bonhomme [Fri, 1 Feb 2019 14:32:38 +0000 (14:32 +0000)]
Travis: OSX SSL ver

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
5 months agoBetter date support for BSD/GNU
Eric F Crist [Fri, 1 Feb 2019 05:17:26 +0000 (23:17 -0600)]
Better date support for BSD/GNU

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 months agoAdding OS X testing
Eric F Crist [Fri, 1 Feb 2019 04:24:20 +0000 (22:24 -0600)]
Adding OS X testing

Merge branch 'TinCanTech-v3.0.6' into v3.0.6

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 months agoHowler! 297/head
Richard Bonhomme [Fri, 1 Feb 2019 02:14:23 +0000 (02:14 +0000)]
Howler!

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
5 months agoTravis env: PATH
Richard Bonhomme [Fri, 1 Feb 2019 01:52:14 +0000 (01:52 +0000)]
Travis env: PATH

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
5 months agoAdd OSX to travis
Richard Bonhomme [Fri, 1 Feb 2019 01:23:33 +0000 (01:23 +0000)]
Add OSX to travis

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
5 months agoMerge branch 'luizluca-fix_build.sh' into v3.0.6
Eric F Crist [Wed, 30 Jan 2019 18:31:08 +0000 (12:31 -0600)]
Merge branch 'luizluca-fix_build.sh' into v3.0.6

Closes #255

* Added --no-windows, --no-unix and no --no-compress to skip some build steps.
* Use cp in a Linux and FreeBSD compatible way
* Set 'sed -i' backup extension (Linux and FreeBSD compatible)
  (Linux regression from f0204c1)
* Fix zip location to match tar (fixing also --bin-dest for win32)
* Align (y/n) with question in confirm

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 months agoMerge branch 'fix_build.sh' of https://github.com/luizluca/easy-rsa into luizluca...
Eric F Crist [Wed, 30 Jan 2019 18:30:46 +0000 (12:30 -0600)]
Merge branch 'fix_build.sh' of https://github.com/luizluca/easy-rsa into luizluca-fix_build.sh

5 months agoMultiple fix for build-dist.sh 255/head
Luiz Angelo Daros de Luca [Thu, 4 Oct 2018 23:36:44 +0000 (20:36 -0300)]
Multiple fix for build-dist.sh

* Added --no-windows, --no-unix and no --no-compress to skip some
build steps.
* Use cp in a Linux and FreeBSD compatible way
* Set 'sed -i' backup extension (Linux and FreeBSD compatible)
  (Linux regression from f0204c160b3cbdc041a91f2861febab24b7f5f76)
* Fix zip location to match tar (fixing also --bin-dest for win32)
* Align (y/n) with question in confirm

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
5 months agoAdding date.exe for Windows dist from UnixUtils
Eric F Crist [Wed, 30 Jan 2019 15:13:09 +0000 (09:13 -0600)]
Adding date.exe for Windows dist from UnixUtils

Should help to address #296 with renew feature.  Briefly tested on
Windows 10 from an EasyRSA v3.0.5 release extract.

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 months agoAdd required temp file
Richard Bonhomme [Tue, 29 Jan 2019 23:00:33 +0000 (23:00 +0000)]
Add required temp file

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 months agoMerge branch 'TinCanTech-v3.0.6' into v3.0.6
Eric F Crist [Tue, 29 Jan 2019 22:27:24 +0000 (16:27 -0600)]
Merge branch 'TinCanTech-v3.0.6' into v3.0.6

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 months agoRemove unused var 294/head
Richard Bonhomme [Tue, 29 Jan 2019 22:06:16 +0000 (22:06 +0000)]
Remove unused var

5 months agoUpdate op_test.sh usage; Add error count and custom library hook
Richard Bonhomme [Tue, 29 Jan 2019 21:54:19 +0000 (21:54 +0000)]
Update op_test.sh usage; Add error count and custom library hook

Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
5 months agoMerge branch 'v3.0.6' of https://github.com/TinCanTech/easy-rsa into v3.0.6
Eric F Crist [Tue, 29 Jan 2019 20:30:33 +0000 (14:30 -0600)]
Merge branch 'v3.0.6' of https://github.com/TinCanTech/easy-rsa into v3.0.6

Add additional tests to op_test.sh

Clsoing #292

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 months agoRemoving trap left in by mistake
Eric F Crist [Tue, 29 Jan 2019 19:56:13 +0000 (13:56 -0600)]
Removing trap left in by mistake

In my test for fixing I left the ERR trap in place.  non-posix, removing

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 months agoFixes #293
Eric F Crist [Tue, 29 Jan 2019 19:32:36 +0000 (13:32 -0600)]
Fixes #293

die() wasn't calling clean_temp;  Now it is.

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 months agoMerge branch 'xavierba-renew_fixes' into v3.0.6
Eric F Crist [Tue, 29 Jan 2019 01:55:05 +0000 (19:55 -0600)]
Merge branch 'xavierba-renew_fixes' into v3.0.6

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
5 months agoMerge branch 'renew_fixes' of https://github.com/xavierba/easy-rsa into xavierba...
Eric F Crist [Tue, 29 Jan 2019 01:54:46 +0000 (19:54 -0600)]
Merge branch 'renew_fixes' of https://github.com/xavierba/easy-rsa into xavierba-renew_fixes

5 months agoPrevent using an empty SAN 291/head
Xavier Bachelot [Mon, 28 Jan 2019 20:39:00 +0000 (21:39 +0100)]
Prevent using an empty SAN

Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
5 months agoDon't try to move inexistant files
Xavier Bachelot [Mon, 28 Jan 2019 15:28:24 +0000 (16:28 +0100)]
Don't try to move inexistant files

Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
5 months agoWorkaround older openssl which don't have -ext
Xavier Bachelot [Mon, 28 Jan 2019 15:19:55 +0000 (16:19 +0100)]
Workaround older openssl which don't have -ext

Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
5 months agoMake cert renew grace period configurable (default: 30 days)
Xavier Bachelot [Mon, 28 Jan 2019 15:11:57 +0000 (16:11 +0100)]
Make cert renew grace period configurable (default: 30 days)

Signed-off-by: Xavier Bachelot <xavier@bachelot.org>