Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make build-ca() almost completely SSL library version independent #542

Merged
merged 2 commits into from Apr 20, 2022
Merged

Make build-ca() almost completely SSL library version independent #542

merged 2 commits into from Apr 20, 2022

Conversation

TinCanTech
Copy link
Collaborator

No description provided.

@TinCanTech
Add placeholder for CA $X509_TYPES and $EXTRA_EXTS
0cf547f 
Placeholder: %CA_X509_TYPES_EXTRA_EXTS%

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
@TinCanTech
Make build-ca() almost completely SSL library version independent
e80c229 
The only option which is not SSL version independent is:
  -nodes (version 1)
  -noenc (version 3)
This is managed via $no_password, which is set by verify_ssl_lib().

* Use SSL 'genpkey' to create All CA private keys.
  'genpkey' options are SSL version independent.

* Use SSL 'req' to create All CA certificate/key pairs.
  'req' options are SSL version independent.

* Replace $opts, $crypto and $crypto_opts with individual variables
  for each purpose.

* '$opts' usage:
  -x509 - Replaced by $x509
  -date - Replaced by $date_stamp ($date would be too common)
  -batch - Replaced by $ssl_batch

* '$crypto' usage:
  -aes256 - Replaced by $cipher

* '$crypto_opts' usage:
  -aes256 - Replaced by $cipher (2nd layer of unnecessary complexity)
  -nodes/-noenc - Replaced by $no_password

* Additional variable $digest for SSL 'req' - Defaults to '-sha256'

Insert $EASYRSA_EXTRA_EXTS into the config file along with x509-types
files 'ca' and COMMON.  Replaces the previous method of passing SSL
option '-addext foo:bar' directly to SSL command.

Create new EasyRSA option '--verbose'.  This prints the command passed
to the SSL library by easyrsa_openssl().

Add a shellcheck directive to install_data_to_pki().

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
@TinCanTech TinCanTech self-assigned this Apr 20, 2022
@TinCanTech TinCanTech added enhancement Full-Approval Merge is imminent Priority Acknowledged priority X509-types x509-types and related labels Apr 20, 2022
@TinCanTech TinCanTech added this to the v3.1.0 milestone Apr 20, 2022
@TinCanTech TinCanTech merged commit 59ff474 into OpenVPN:master Apr 20, 2022
@TinCanTech TinCanTech deleted the build-ca-v2 branch May 20, 2022 10:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@TinCanTech TinCanTech

Labels
enhancement Full-Approval Merge is imminent Priority Acknowledged priority X509-types x509-types and related
Projects
None yet
Milestone
v3.1.0
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@TinCanTech