From b33038e3d9f57ee00df0bda8472b509f03ec302e Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Thu, 5 Sep 2024 22:50:43 +0100 Subject: [PATCH] inline: Add decimal value for certificate serial number (Linux Only) Signed-off-by: Richard T Bonhomme --- easyrsa3/easyrsa | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 45a5fbd1..28c2c21b 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -2991,6 +2991,23 @@ inline_file() { $(cat "$crt_source") " + # Calculate decimal value for serial number + # because openvpn uses decimal serial ?!? + # for '--crl-verify /path/to/dir dir' + # For reasons unknown.. + if which bc >/dev/null; then + crt_serial="$( + "$EASYRSA_OPENSSL" x509 -in "$crt_source" \ + -noout -serial + )" || die "inline_file - SSL -serial failed" + crt_serial="${crt_serial#*=}" + crt_serial_dec="$( + echo "ibase=16; $crt_serial" | bc + )" || die "inline_file - HEX to DEC failed" + else + crt_serial_dec="Unavailable" + fi + # Generate fingerprint crt_fingerprint="$( "$EASYRSA_OPENSSL" x509 -in "$crt_source" \ @@ -3133,6 +3150,7 @@ ${tls_key_data} # commonName: $crt_CN # SHA256 fingerprint: # $crt_fingerprint +# Decimal serial number: $crt_serial_dec $crt_data