Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make build-ca() almost completely SSL library version independent #542

Merged
merged 2 commits into from
Apr 20, 2022
Merged

Make build-ca() almost completely SSL library version independent #542

merged 2 commits into from
Apr 20, 2022

Commits on Apr 20, 2022

  1. Add placeholder for CA $X509_TYPES and $EXTRA_EXTS 

    Placeholder: %CA_X509_TYPES_EXTRA_EXTS%

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
    @TinCanTech
    TinCanTech committed Apr 20, 2022
    Configuration menu
    Copy the full SHA
    0cf547f View commit details
    Browse the repository at this point in the history

  2. Make build-ca() almost completely SSL library version independent 

    The only option which is not SSL version independent is:
  -nodes (version 1)
  -noenc (version 3)
This is managed via $no_password, which is set by verify_ssl_lib().

* Use SSL 'genpkey' to create All CA private keys.
  'genpkey' options are SSL version independent.

* Use SSL 'req' to create All CA certificate/key pairs.
  'req' options are SSL version independent.

* Replace $opts, $crypto and $crypto_opts with individual variables
  for each purpose.

* '$opts' usage:
  -x509 - Replaced by $x509
  -date - Replaced by $date_stamp ($date would be too common)
  -batch - Replaced by $ssl_batch

* '$crypto' usage:
  -aes256 - Replaced by $cipher

* '$crypto_opts' usage:
  -aes256 - Replaced by $cipher (2nd layer of unnecessary complexity)
  -nodes/-noenc - Replaced by $no_password

* Additional variable $digest for SSL 'req' - Defaults to '-sha256'

Insert $EASYRSA_EXTRA_EXTS into the config file along with x509-types
files 'ca' and COMMON.  Replaces the previous method of passing SSL
option '-addext foo:bar' directly to SSL command.

Create new EasyRSA option '--verbose'.  This prints the command passed
to the SSL library by easyrsa_openssl().

Add a shellcheck directive to install_data_to_pki().

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
    @TinCanTech
    TinCanTech committed Apr 20, 2022
    Configuration menu
    Copy the full SHA
    e80c229 View commit details
    Browse the repository at this point in the history