Make gen_req() Always use EASYRSA_REQ_CN as intended #524
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
All requests now have the specified commonName <FILE_NAME_BASE>
Changes:
* Separate EASYRSA_BATCH from internal SSL -batch option.
This makes the code easier to understand.
* If both EASYRSA_BATCH and openssl_batch are unset then full
inter-active mode is enabled. The user can verify the input.
Otherwise SSL interactive is disabled and no user interaction
is required.
In either case, all DN fields are fully populated, depending on
EASYRSA_DN mode ('org' or 'cn_only').
Closes: #456
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
TinCanTech
added
Full-Approval
TinCanTech
added
initial-approval
feedback welcome
and removed
Full-Approval
TinCanTech
commented
Apr 3, 2022
easyrsa3/easyrsa
Outdated
| # shellcheck disable=2086,2148 | ||
|
|
||
| # Set SSL non-interactive mode, otherwise allow full user interaction | ||
| if [ "EASYRSA_BATCH" ] || [ "$openssl_batch" ]; then |
There was a problem hiding this comment.
"EASYRSA_BATCH" -> "$EASYRSA_BATCH" - $
TinCanTech
added a commit
that referenced
this pull request
Apr 3, 2022
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
|
Merged in |
TinCanTech
added
testing branch
Major Changes
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
TinCanTech
removed
the
Major Changes
TinCanTech
added
the
Major Changes
TinCanTech
added a commit
to TinCanTech/easy-rsa
that referenced
this pull request
Sep 8, 2022
Due to my previous misunderstanding of the intended use of --req-cn, it is no longer possible to set commonName for command gen-req. Ref: OpenVPN#524 OpenVPN#456 This commit restores v30x series behavior: * --req-cn can only be used in batch mode. * --req-cn can only be used by commands build-ca and gen-req. * SSL layer prompts are restored to original behavior. Important: The use of internal batch mode is no longer required for command sign_req(), when called by build_full(). This code has been disabled but remains in place. This is a considerable change under the hood but there is no user observable difference. Also, minor improvements to help and EasyRSA-Advanced.md Tested manually and thoroughly. Closes: OpenVPN#668 Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
All requests now have the specified commonName <FILE_NAME_BASE>
Changes:
Separate EASYRSA_BATCH from internal SSL -batch option.
This makes the code easier to understand.
If both EASYRSA_BATCH and openssl_batch are unset then full
inter-active mode is enabled. The user can verify the input.
Otherwise SSL interactive is disabled and no user interaction
is required.
In either case, all DN fields are fully populated, depending on
EASYRSA_DN mode ('org' or 'cn_only').
Closes: #456
Signed-off-by: Richard T Bonhomme tincantech@protonmail.com