v3.2.0-beta1

ChangeLog

@@ -1,6 +1,18 @@
 Easy-RSA 3 ChangeLog
 
 3.2.0 (TBD)
+   * Rename X509-type file `code-signing` to `codeSigning` (Part of #1046)
+     The original file will be retained as `code-signing`, however, the automatic
+     X509-types creation will name the file `codeSigning`. This effectively means
+     that both are valid X509-types, until `code-signing` is dropped.
+   * Important note: As of Easy-RSA version 3.2.0-beta1, the configuration files
+     `vars.example`, `openssl-eayrsa.cnf` and all files in `x509-types` directory
+     are no longer required. Package maintainers can omit these files in the future.
+     All files are created as required and deleted upon command completion.
+     `vars.example` is created during `init-pki` and placed in the fresh PKI. 66a8f3e
+     These files will be retained for downstream packaging compatibility.
+   * New command 'write': Write 'legacy' files to stdout or files (#1046) c814e0a
+   * New Command 'rand': Expose easyrsa_random() to the command line (#1046) 6131cbf
    * Remove function 'set_pass_legacy()' (#1045)
    * Remove command 'rewind-renew' (#1045)
    * Remove command 'rebuild' (#1045)

doc/EasyRSA-Advanced.md

@@ -85,6 +85,40 @@ Additionally, the contents of the env-var `EASYRSA_EXTRA_EXTS` is appended with
 its raw text added to the OpenSSL extensions. The contents are appended as-is to
 the cert extensions; invalid OpenSSL configs will usually result in failure.
 
+Advanced configuration files
+----------------------------
+
+The following files are used by Easy-RSA to configure the SSL library:
+* openssl-easyrsa.cnf - Configuration for Certificate Authority [CA]
+* x509-types: COMMON, ca, server, serverClient, client, codeSigning, email, kdc.
+  Each type is used to define an X509 purpose.
+
+Since Easy-RSA version 3.2.0, these files are created on-demand by each command
+that requires them.  However, if these files are found in one of the supported
+locations then those files are used instead, no temporary files are created.
+
+The supported locations are listed, in order of preference, as follows:
+* `EASYRSA_PKI` - Always preferred.
+* `EASYRSA` - For Windows.
+* `PWD` - For Windows.
+* `easyrsa` script directory - DEPRECATED, will be removed. Only for Windows.
+* `/usr/local/share/easy-rsa`
+* `/usr/share/easy-rsa`
+* `/etc/easy-rsa`
+
+The files above can all be created by using command: `easyrsa write legacy <DIR>`
+To OVER-WRITE any existing files use command: `eaysrsa write legacy-hard <DIR>`
+`<DIR>` is optional, the default is `EASYRSA_PKI`. This will create the files in
+the current PKI or `<DIR>`.  If created then these new files may take priority
+over system wide versions of the same files.  See `help write` for further details.
+
+Note, Over-writing files:
+Only command `write legacy-hard` will over-write files. All other uses of `write`
+will leave an existing file intact, without error. If you want to over-write an
+existing file using `write` then you must redirect `>foo` the output manually.
+
+Example command: `easyrsa write vars >vars` - This will over-write `./vars`.
+
 Environmental Variables Reference
 ---------------------------------