easy-rsa/e9e8e27.patch

51 lines
1.5 KiB
Diff
Raw Normal View History

From e9e8e272e0eb5225ecfb0d8a0953a5b480c5e85d Mon Sep 17 00:00:00 2001
From: Martin Schmitt <mas@scsy.de>
Date: Fri, 30 Jun 2017 17:04:31 +0200
Subject: [PATCH] Moved @ValdikSS's serial randomization to sign_req
---
easyrsa3/easyrsa | 23 ++++++++++++-----------
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index f5ec797..cff63f2 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -569,6 +569,18 @@ sign_req() {
local req_in="$EASYRSA_PKI/reqs/$2.req"
local crt_out="$EASYRSA_PKI/issued/$2.crt"
+ # Randomize Serial number
+ local i= serial= check_serial=
+ for i in 1 2 3 4 5; do
+ "$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial"
+ serial="$(cat "$EASYRSA_PKI/serial")"
+ check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)"
+ case "$check_serial" in
+ *"not present in db"*) break ;;
+ *) continue ;;
+ esac
+ done
+
# Support batch by internal caller:
[ "$3" = "batch" ] && local EASYRSA_BATCH=1
@@ -661,17 +673,6 @@ Certificate created at: $crt_out
build_full() {
verify_ca_init
- local i= serial= check_serial=
- for i in 1 2 3 4 5; do
- "$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial"
- serial="$(cat "$EASYRSA_PKI/serial")"
- check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)"
- case "$check_serial" in
- *"not present in db"*) break ;;
- *) continue ;;
- esac
- done
-
# pull filename base:
[ -n "$2" ] || die "\
Error: didn't find a file base name as the first argument.