Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[patch] to use POSIX-conforming sed expressions ([[:space:]] instead of \s). #714

Closed
mandree opened this issue Oct 2, 2022 · 4 comments · Fixed by #715
Closed

[patch] to use POSIX-conforming sed expressions ([[:space:]] instead of \s). #714

mandree opened this issue Oct 2, 2022 · 4 comments · Fixed by #715
Labels
POSIX
Milestone
v3.1.1 - Release

Comments

@mandree
Copy link

mandree commented Oct 2, 2022

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266726 submitted by topical@gmx.net contains a patch that switches two sed expressions that use a nonstandard \s to using [[:space:]] instead, for portability. See the PR for details and the patch.
freebsd-git pushed a commit to freebsd/freebsd-ports that referenced this issue Oct 2, 2022
@mandree
security/easy-rsa: sed \s -> [[:space:]]
5d062d5 
Fix OpenVPN/easy-rsa#714

Patch suggested (needed to be integrated) and
Reported by:	topical@gmx.net
PR:		266726
MFH:		2022Q4
freebsd-git pushed a commit to freebsd/freebsd-ports that referenced this issue Oct 2, 2022
@mandree
security/easy-rsa: sed \s -> [[:space:]]
55ea846 
Fix OpenVPN/easy-rsa#714

Patch suggested (needed to be integrated) and
Reported by:	topical@gmx.net
PR:		266726
MFH:		2022Q4

(cherry picked from commit 5d062d5)
@TinCanTech TinCanTech added this to the v3.1.2 - Planned changes milestone Oct 2, 2022
@TinCanTech
Copy link
Collaborator

TinCanTech commented Oct 2, 2022
edited
Loading

The notion that only certain certificates are renewable, due to an arbitrary window of days until the certificate expires, is false. All Valid certificates are renewable, at any time. Therefor, renewable is obsolete.

Also, the patch offered here does not fix renewable for *BSD because the date syntax in use is specific to Linux date only.

easyrsa now has these commands:

  • show-expire - Which will list the expiry of certificates, with a user definable window (Default: 90 days)
  • show-renew - Which will list the certificates which have been renewed but the old certificate has not been revoked.

For the reasons stated above renewable will be removed.

Additional: renewable has never been unit tested.

@TinCanTech TinCanTech mentioned this issue Oct 2, 2022
Merged
@mandree
Copy link
Author

mandree commented Oct 2, 2022
edited
Loading

I think 0d03a6f only covers the first of the two sed ...\s... uses. The second one stands. Please reopen or add another commit to fix the 2nd use.

The relevant code is part of display_san(), which did not get removed, and still needs three \s replaced by [[:space:]]

@TinCanTech
Copy link
Collaborator

Right.

The non-POSIX code:

easy-rsa/easyrsa3/easyrsa

Line 3106 in 71de656

sed 's/^\s*subjectAltName\s*=\s*//')"

@TinCanTech TinCanTech reopened this Oct 2, 2022
@mandree mandree mentioned this issue Oct 2, 2022
Closed
TinCanTech added a commit that referenced this issue Oct 3, 2022
@TinCanTech
Squashed commit of the following:
586f237 
commit 5aa6565
Author: Matthias Andree <matthias.andree@gmx.de>
Date:   Sun Oct 2 20:44:08 2022 +0200

    Use POSIX [[:space:]] instead of \s for sed(1).

    2nd half of fix for #714.

    Obtained from:	topical@gmx.net
    URL:		https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266726

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
@TinCanTech
Copy link
Collaborator

Closed via 586f237

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
POSIX
Projects
None yet
Milestone
v3.1.1 - Release
Development

Successfully merging a pull request may close this issue.

Remove obsolete command 'renewable' TinCanTech/easy-rsa
2 participants
@mandree @TinCanTech