Merge branch 'remove-renew-req' of ssh://github.com/TinCanTech/easy-r…

…sa into TinCanTech-remove-renew-req Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
OpenVPN · Sep 9, 2022 · 19c4ddb · 19c4ddb
2 parents 7717286 + 2850fbb
commit 19c4ddb
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 109 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,11 +1,13 @@
 Easy-RSA 3 ChangeLog
 
 3.1.1 (TBD)
+   * Remove renew-req (#684)
    * Re-enable use of '--vars=FILE init-pki' #640 (Revert #566)
    * Introduce --keep-tmp, keep temp files for debugging (#667)
    * Introduce Quiet mode option -q|--quiet, disable information output
        8b7e79096b18afc5c61bfbaee204c1f7401f0019
    * Introduce renew-req, create a new CSR for an existing key (#616)
+     Superseded by #684
    * Add serialNumber (OID 2.5.4.5) to DN 'org' mode (#606)
    * Support ampersand and dollar-sign in vars file (#590)
    * Introduce 'rewind-renew' (#579)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
@@ -36,7 +36,6 @@ Here is the list of commands available with a short syntax reminder. Use the
   build-server-full <file_name_base> [ cmd-opts ]
   build-serverClient-full <file_name_base> [ cmd-opts ]
   revoke <file_name_base> [cmd-opts]
-  renew-req <file_name_base> [cmd-opts]
   renew <file_name_base> [cmd-opts]
   renewable [ <file_name_base> ]
   revoke-renewed <file_name_base> [cmd-opts]
@@ -109,17 +108,6 @@ cmd_help() {
 * gen-dh
 
       Generates DH (Diffie-Hellman) parameters"
-	;;
-	renew-req)
-		text="
-* renew-req <file_name_base> [ cmd-opts ]
-
-      Generate a certificate signing request [CSR] from an existing private key.
-
-      This request is suitable for sending to a remote CA for signing."
-
-		opts="
-      * text    - Include certificate text in request"
 	;;
 	gen-req)
 		text="
@@ -1860,100 +1848,6 @@ inline_creds ()
 	} > "$inline_file"
 } # => inline_creds ()
 
-# renew-req backend:
-# Create a new CSR with existing private key
-renew_req() {
-	# pull filename base and use as default interactive CommonName:
-	[ "$1" ] || die "\
-Error: gen-req must have a file base as the first argument.
-Run easyrsa without commands for usage and commands."
-
-	key_in="$EASYRSA_PKI/private/$1.key"
-	req_out="$EASYRSA_PKI/reqs/$1.req"
-
-	# Set the request commonName
-	EASYRSA_REQ_CN="$1"
-	shift
-
-	# Verify PKI has been initialised
-	verify_pki_init
-
-	# function opts support
-	unset -v text nopass ssl_batch
-	while [ "$1" ]; do
-		case "$1" in
-			text) text=1 ;;
-			nopass) nopass=1 ;;
-			*) warn "Ignoring unknown command option: '$1'"
-		esac
-		shift
-	done
-
-	# an existing private key must exist
-	[ -f "$key_in" ] || die "Private key required: $key_in"
-
-	# don't wipe out an existing request without confirmation
-	[ -f "$req_out" ] && confirm "Confirm request overwrite: " "yes" "\
-
-WARNING!!!
-
-An existing request file was found at $req_out
-Continuing with request generation will replace this request file."
-
-	# When EASYRSA_EXTRA_EXTS is defined, append it to openssl's [req] section:
-	if [ "$EASYRSA_EXTRA_EXTS" ]; then
-		# Setup & insert the extra ext data keyed by a magic line
-		extra_exts="
-req_extensions = req_extra
-[ req_extra ]
-$EASYRSA_EXTRA_EXTS"
-		# shellcheck disable=SC2016 # vars don't expand in single quote
-		awkscript='
-{if ( match($0, "^#%EXTRA_EXTS%") )
-	{ while ( getline<"/dev/stdin" ) {print} next }
- {print}
-}'
-		conf_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
-		print "$extra_exts" | \
-			awk "$awkscript" "$EASYRSA_SSL_CONF" \
-			> "$conf_tmp" \
-			|| die "Copying SSL config to temp file failed"
-		# Use this new SSL config for the rest of this function
-		EASYRSA_SSL_CONF="$conf_tmp"
-	fi
-
-	# Name temp files
-	req_out_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
-
-	# Set Edwards curve name or elliptic curve parameters file
-	algo_opts=""
-	if [ "ed" = "$EASYRSA_ALGO" ]; then
-		algo_opts="$EASYRSA_CURVE"
-	else
-		algo_opts="$EASYRSA_ALGO:$EASYRSA_ALGO_PARAMS"
-	fi
-
-	# Generate request
-	easyrsa_openssl req -utf8 -batch -new \
-		-key "$key_in" -out "$req_out_tmp" \
-		${nopass+ "$no_password"} \
-		${text+ -text} \
-		${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} \
-			|| die "Failed to generate request"
-
-	# Move temp-files to target-files
-	mv "$req_out_tmp" "$req_out"
-
-	# Success messages
-	notice "\
-Certificate request completed. Your file is:
-req: $req_out
-
-*Original* key: $key_in"
-
-	return 0
-} # => renew_req()
-
 # revoke backend
 revoke() {
 	# pull filename base:
@@ -4891,9 +4785,6 @@ case "$cmd" in
 	gen-req)
 		gen_req "$@"
 		;;
-	renew-req)
-		renew_req "$@"
-		;;
 	sign|sign-req)
 		[ "$alias_days" ] && export EASYRSA_CERT_EXPIRE="$alias_days"; :
 		sign_req "$@"