From febef857d9fa591e00ff5c23e834c81465bd2859 Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Tue, 22 Oct 2024 20:30:59 +0100 Subject: [PATCH 1/4] revoke: Add old private inline file to list of deleted files Signed-off-by: Richard T Bonhomme --- easyrsa3/easyrsa | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 690055af..af7fd982 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -3204,7 +3204,8 @@ Run easyrsa without commands for usage and command help." key_in="$in_dir/private/${file_name_base}.key" req_in="$in_dir/reqs/${file_name_base}.req" creds_in="$in_dir/${file_name_base}.creds" - inline_in="$in_dir/inline/${file_name_base}.inline" + inline_pub="$in_dir/inline/${file_name_base}.inline" + inline_pri="$in_dir/inline/private/${file_name_base}.inline" # input cert for revocation: issued, expired or renewed crt_in="${in_dir}/${cert_dir}/${file_name_base}.crt" @@ -3372,7 +3373,8 @@ All PKCS files for commonName : $file_name_base The inline credentials files: * $creds_in -* $inline_in" +* $inline_pub +* $inline_pri" confirm " Continue with revocation: " "yes" " Please confirm that you wish to revoke the certificate @@ -3448,12 +3450,9 @@ Failed to remove credentials file: * $creds_in" fi - # remove inline file - if [ -f "$inline_in" ]; then - rm "$inline_in" || warn "\ -Failed to remove inline file: -* $inline_in" - fi + # remove inline files + rm -f "$inline_pub" "$inline_pri" || warn \ + "revoke_move - Error trying to remove inline files." } # => revoke_move() # Move expired cert out of pki/issued to pki/expired From 3ac5a8ab51828173441cf3028626c1d346a69831 Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Tue, 22 Oct 2024 20:35:49 +0100 Subject: [PATCH 2/4] Remove unused variable ${creds_in}, old 'credentials' file Signed-off-by: Richard T Bonhomme --- easyrsa3/easyrsa | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index af7fd982..5a9c5da8 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -3203,7 +3203,6 @@ Run easyrsa without commands for usage and command help." in_dir="$EASYRSA_PKI" key_in="$in_dir/private/${file_name_base}.key" req_in="$in_dir/reqs/${file_name_base}.req" - creds_in="$in_dir/${file_name_base}.creds" inline_pub="$in_dir/inline/${file_name_base}.inline" inline_pri="$in_dir/inline/private/${file_name_base}.inline" @@ -3372,7 +3371,6 @@ These files will be DELETED: All PKCS files for commonName : $file_name_base The inline credentials files: -* $creds_in * $inline_pub * $inline_pri" @@ -3443,13 +3441,6 @@ revoke_move() { fi done - # remove credentials file - if [ -f "$creds_in" ]; then - rm "$creds_in" || warn "\ -Failed to remove credentials file: -* $creds_in" - fi - # remove inline files rm -f "$inline_pub" "$inline_pri" || warn \ "revoke_move - Error trying to remove inline files." @@ -3472,7 +3463,6 @@ Run easyrsa without commands for usage and command help." crt_in="$in_dir/$file_name_base.crt" #key_in="$in_dir/private/$file_name_base.key" #req_in="$in_dir/reqs/$file_name_base.req" - #creds_in="$EASYRSA_PKI/$file_name_base.creds" # output out_dir="$EASYRSA_PKI/expired" From a871e9c4fc52cfc5d8115f14caab4b78d8804270 Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Tue, 22 Oct 2024 21:35:09 +0100 Subject: [PATCH 3/4] easyrsa-tools.lib: renew: Remove correct inline files only Signed-off-by: Richard T Bonhomme --- dev/easyrsa-tools.lib | 24 +++++++----------------- easyrsa3/easyrsa | 2 +- 2 files changed, 8 insertions(+), 18 deletions(-) diff --git a/dev/easyrsa-tools.lib b/dev/easyrsa-tools.lib index cf8b62b8..212cdf1c 100644 --- a/dev/easyrsa-tools.lib +++ b/dev/easyrsa-tools.lib @@ -689,8 +689,8 @@ Run easyrsa without commands for usage and command help." crt_in="$in_dir/issued/${file_name_base}.crt" key_in="$in_dir/private/${file_name_base}.key" req_in="$in_dir/reqs/${file_name_base}.req" - creds_in="$in_dir/${file_name_base}.creds" - inline_in="$in_dir/inline/${file_name_base}.inline" + inline_pub="$in_dir/inline/${file_name_base}.inline" + inline_pri="$in_dir/inline/private/${file_name_base}.inline" # deprecate ALL options while [ "$1" ]; do @@ -829,8 +829,8 @@ These files will be DELETED: All PKCS files for commonName: $file_name_base The inline credentials files: -* $creds_in -* $inline_in" +* $inline_pub +* $inline_pri" # move renewed files # so we can reissue certificate with the same name @@ -908,19 +908,9 @@ renew_move() { rm -f "$in_dir/private/$file_name_base.$pkcs" done - # remove credentials file - if [ -f "$creds_in" ]; then - rm "$creds_in" || warn "\ -Failed to remove credentials file: -* $creds_in" - fi - - # remove inline file - if [ -f "$inline_in" ]; then - rm "$inline_in" || warn "\ -Failed to remove inline file: -* $inline_in" - fi + # remove inline files + rm -f "$inline_pub" "$inline_pri" || warn \ + "renew_move - Error trying to remove inline files." } # => renew_move() # Verify certificate against CA diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 5a9c5da8..a001a97a 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -3368,7 +3368,7 @@ These files will be MOVED to the 'revoked' sub-directory: * $crt_in${if_exist_key_in}${if_exist_req_in} These files will be DELETED: -All PKCS files for commonName : $file_name_base +All PKCS files for commonName: $file_name_base The inline credentials files: * $inline_pub From 81f43a35c2d57ee737d21cf8775fb08c51cdd76f Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Tue, 22 Oct 2024 23:28:56 +0100 Subject: [PATCH 4/4] ChangeLog: revoke, renew: Remove pki/inline/private/$file.inline Signed-off-by: Richard T Bonhomme --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 79057fd6..bec13da7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,9 @@ Easy-RSA 3 ChangeLog 3.2.2 (TBD) + * bugfix: revoke, renew: Remove pki/inline/private/$file.inline (febef85) (#1244) + Initial bug report #1242 (Minor) + Stop removing old credentials file pki/$file.creds (a871e9c) * Add LibreSSL version 4 to supported SSL Libraries (7df616b) (#1240) * sign-req: Allow custom X509 Types (2ee08cc) (#1238) * Remove redundant file index.txt.attr (da3c249) (#1233)