Skip to content

Commit

Permalink
Merge branch 'revoke-remove-private-inline' of ssh://github.com/TinCa…
Browse files Browse the repository at this point in the history
…nTech/easy-rsa into TinCanTech-revoke-remove-private-inline

Signed-off-by: Richard T Bonhomme <[email protected]>
  • Loading branch information
TinCanTech committed Oct 23, 2024
2 parents 2edfb4e + 81f43a3 commit ab3906a
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 36 deletions.
3 changes: 3 additions & 0 deletions ChangeLog
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@ Easy-RSA 3 ChangeLog

3.2.2 (TBD)

* bugfix: revoke, renew: Remove pki/inline/private/$file.inline (febef85) (#1244)
Initial bug report #1242 (Minor)
Stop removing old credentials file pki/$file.creds (a871e9c)
* Add LibreSSL version 4 to supported SSL Libraries (7df616b) (#1240)
* sign-req: Allow custom X509 Types (2ee08cc) (#1238)
* Remove redundant file index.txt.attr (da3c249) (#1233)
Expand Down
24 changes: 7 additions & 17 deletions dev/easyrsa-tools.lib
Original file line number Diff line number Diff line change
Expand Up @@ -689,8 +689,8 @@ Run easyrsa without commands for usage and command help."
crt_in="$in_dir/issued/${file_name_base}.crt"
key_in="$in_dir/private/${file_name_base}.key"
req_in="$in_dir/reqs/${file_name_base}.req"
creds_in="$in_dir/${file_name_base}.creds"
inline_in="$in_dir/inline/${file_name_base}.inline"
inline_pub="$in_dir/inline/${file_name_base}.inline"
inline_pri="$in_dir/inline/private/${file_name_base}.inline"

# deprecate ALL options
while [ "$1" ]; do
Expand Down Expand Up @@ -829,8 +829,8 @@ These files will be DELETED:
All PKCS files for commonName: $file_name_base
The inline credentials files:
* $creds_in
* $inline_in"
* $inline_pub
* $inline_pri"

# move renewed files
# so we can reissue certificate with the same name
Expand Down Expand Up @@ -908,19 +908,9 @@ renew_move() {
rm -f "$in_dir/private/$file_name_base.$pkcs"
done

# remove credentials file
if [ -f "$creds_in" ]; then
rm "$creds_in" || warn "\
Failed to remove credentials file:
* $creds_in"
fi

# remove inline file
if [ -f "$inline_in" ]; then
rm "$inline_in" || warn "\
Failed to remove inline file:
* $inline_in"
fi
# remove inline files
rm -f "$inline_pub" "$inline_pri" || warn \
"renew_move - Error trying to remove inline files."
} # => renew_move()

# Verify certificate against CA
Expand Down
27 changes: 8 additions & 19 deletions easyrsa3/easyrsa
Original file line number Diff line number Diff line change
Expand Up @@ -3203,8 +3203,8 @@ Run easyrsa without commands for usage and command help."
in_dir="$EASYRSA_PKI"
key_in="$in_dir/private/${file_name_base}.key"
req_in="$in_dir/reqs/${file_name_base}.req"
creds_in="$in_dir/${file_name_base}.creds"
inline_in="$in_dir/inline/${file_name_base}.inline"
inline_pub="$in_dir/inline/${file_name_base}.inline"
inline_pri="$in_dir/inline/private/${file_name_base}.inline"

# input cert for revocation: issued, expired or renewed
crt_in="${in_dir}/${cert_dir}/${file_name_base}.crt"
Expand Down Expand Up @@ -3368,11 +3368,11 @@ These files will be MOVED to the 'revoked' sub-directory:
* $crt_in${if_exist_key_in}${if_exist_req_in}

These files will be DELETED:
All PKCS files for commonName : $file_name_base
All PKCS files for commonName: $file_name_base

The inline credentials files:
* $creds_in
* $inline_in"
* $inline_pub
* $inline_pri"

confirm " Continue with revocation: " "yes" "
Please confirm that you wish to revoke the certificate
Expand Down Expand Up @@ -3441,19 +3441,9 @@ revoke_move() {
fi
done

# remove credentials file
if [ -f "$creds_in" ]; then
rm "$creds_in" || warn "\
Failed to remove credentials file:
* $creds_in"
fi

# remove inline file
if [ -f "$inline_in" ]; then
rm "$inline_in" || warn "\
Failed to remove inline file:
* $inline_in"
fi
# remove inline files
rm -f "$inline_pub" "$inline_pri" || warn \
"revoke_move - Error trying to remove inline files."
} # => revoke_move()

# Move expired cert out of pki/issued to pki/expired
Expand All @@ -3473,7 +3463,6 @@ Run easyrsa without commands for usage and command help."
crt_in="$in_dir/$file_name_base.crt"
#key_in="$in_dir/private/$file_name_base.key"
#req_in="$in_dir/reqs/$file_name_base.req"
#creds_in="$EASYRSA_PKI/$file_name_base.creds"

# output
out_dir="$EASYRSA_PKI/expired"
Expand Down

0 comments on commit ab3906a

Please sign in to comment.