- Update to 3.1.7:
* Completely Remove Upgrade Functionality
* Expand help to include undocumented commands
* Forbid "default vars in the default PKI" for all commands
* show-expire: Calculate certificate expire seconds from Database date
* Expand help to include undocumented commands
* New command: make-vars - Print vars.example (here-doc) to stdout
* gen-crl: preserve existing crl.pem ownership+mode by @Tabiskabis in #1020
* Improve vars auto load
* Replace santize_path() and ignore Windows "security" warning
* Improve select_vars() and source_vars()
* sign-req: Allow the CSR DN-field order to be preserved
* vars-file: Warn about EASYRSA_NO_VARS disabling vars-file use
* Expand default status to include vars-file and CA status
* verify_ssl_lib(): Minor style improvements
* cleanup: Rename $easyrsa_error_exit to $easyrsa_exit_with_error
OBS-URL: https://build.opensuse.org/request/show/1118204
OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=44
- Update to 3.1.5:
* Build Update: script now supports signing and verifying
* Automate support-file creation (Free packaging) (#964)
* build-ca: New command option 'raw-ca', abbrevation: 'raw' (#963)
This 'raw' method, is the most reliable way to build a CA,
with a password, without writing the CA password to a temp-file.
This option completely replaces both methods below:
build-ca: New option --ca-via-stdin, use SSL -pass* argument 'stdin' (#959)
Option '--ca-via-stdin' offers no more security than standard method.
Easy-RSA version 3.1.4 ONLY.
build-ca: Replace password temp-files with file-descriptors (#955)
Using file-descriptors does not work in Windows.
Easy-RSA version 3.1.3 ONLY.
- update and rebase suse-packaging.patch
OBS-URL: https://build.opensuse.org/request/show/1102594
OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=42
- Update to 3.1.2:
* Command 'renew': Remove option 'nopass'
* find_x509_types_dir(): Remove excess checks
* Remove function find_x509_types_dir()
* For 'init-pki hard' only, always try to create a new pki/vars file
* Introduce global option '--notext|--no-text'
* Minor style change
* Introduce command 'set-pass'
* Fix shellcheck warning for command set-pass case statement
* cleanup(): Exit correctly for SIGINT
* Update help: Standardise output; Improve code; Reprioritise options
* vars.example: Add EASYRSA_NO_PASS and wrap long lines
* Use 'unset -v', consistently
* build-ca: Improve passphrase input mechanism
* Remove global options '--verbose' and '--quiet' as not required
* Remove all prerequisite code to build a safe SSL config file
* Rename temp files to reflect the purpose
* easyrsa_openssl(): Always set OPENSSL_CONF to EasyRSA safe SSL config
* Replace SSL calls for serial number with function ssl_cert_serial()
* Introduce OpenSSL only mode: No Safe SSL Config File
* ff_date_to_cert_date(): Correct the input format for busybox date
* Re-order easyrsa_openssl() temp-file assignment
* Stop EASYRSA_DEBUG interfering with SSL output from subshells
* Status reports: Recognise Expired certificates
* New function safe_set_var(): Safe wrapper for set_var()
* Windows, build-ca: Add input password to re-open private key
* Renewal: General code improvements
* cleanup(): General improvements - Create KNOWN error exit
* build-ca: Change FATAL error to warning for old openssl-easyrsa.cnf
* Allow --fix-offset to create post-dated certificates
OBS-URL: https://build.opensuse.org/request/show/1058877
OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=40
- fix for 3.1.1:
* add patch fix-747.patch from upstream
- update to 3.1.1:
* Remove command 'renewable' (#715)
* Expand 'show-renew', include 'renewed/certs_by_serial' (#700)
* Resolve long-standing issue with --subca-len=N (#691)
* ++ NOTICE: Add EasyRSA-Renew-and-Revoke.md (#690)
* Require 'openssl-easyrsa.cnf' is up to date (#695}
* Introduce 'renew' (version 3). Only renew cert (#688)
* Always ensure X509-types files exist (#581#696)
* Expand alias '--days' to all suitable options with a period (#674)
* Introduce --keep-tmp, keep temp files for debugging (#667)
* Introduce Option -q|--quiet, disable information output (#703)
* Add serialNumber (OID 2.5.4.5) to DN 'org' mode (#606)
* Support ampersand and dollar-sign in vars file (#590)
* Introduce 'rewind-renew' (#579)
* Expand status reports to include checking a single cert (#577)
* Introduce 'revoke-renewed' (#547)
* update OpenSSL for Windows to 3.0.5
OBS-URL: https://build.opensuse.org/request/show/1042804
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/easy-rsa?expand=0&rev=14
- update to 3.1.1:
* Remove command 'renewable' (#715)
* Expand 'show-renew', include 'renewed/certs_by_serial' (#700)
* Resolve long-standing issue with --subca-len=N (#691)
* ++ NOTICE: Add EasyRSA-Renew-and-Revoke.md (#690)
* Require 'openssl-easyrsa.cnf' is up to date (#695}
* Introduce 'renew' (version 3). Only renew cert (#688)
* Always ensure X509-types files exist (#581#696)
* Expand alias '--days' to all suitable options with a period (#674)
* Introduce --keep-tmp, keep temp files for debugging (#667)
* Introduce Option -q|--quiet, disable information output (#703)
* Add serialNumber (OID 2.5.4.5) to DN 'org' mode (#606)
* Support ampersand and dollar-sign in vars file (#590)
* Introduce 'rewind-renew' (#579)
* Expand status reports to include checking a single cert (#577)
* Introduce 'revoke-renewed' (#547)
* update OpenSSL for Windows to 3.0.5
OBS-URL: https://build.opensuse.org/request/show/1039861
OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=35
- Update to 3.0.9 (2022-05-04)
* Upgrade OpenSSL from 1.1.0j to 1.1.1o (#405, #407)
- We are buliding this ourselves now.
* Fix --version so it uses EASYRSA_OPENSSL (#416)
* Use openssl rand instead of non-POSIX mktemp (#478)
* Fix paths with spaces (#443)
* Correct OpenSSL version from Homebrew on macOs (#416)
* Fix revoking a renewed certificate (Original PR #394)
* Follow-up commit: ef22701
* Introduce 'show-crl' (d199389)
* Support Windows-Git 'version of bash' (#533)
* Disallow use of single quote (') in vars file, Warning (#530)
* Creating a CA uses x509-types/ca and COMMON (#526)
* Prefer 'PKI/vars' over all other locations (#528)
* Introduce 'init-pki soft' option (#197)
* Warnings are no longer silenced by --batch (#523)
* Improve packaging options (#510)
OBS-URL: https://build.opensuse.org/request/show/989601
OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=31
- update to 3.0.8 (2020-09-09)
* Provide --version option (#372)
* Version information now within generated certificates like on *nix
* Fixed issue where gen-dh overwrote existing files without warning (#373)
* Fixed issue with ED/EC certificates were still signed by RSA (#374)
* Added support for export-p8 (#339)
* Clarified error message (#384)
* 2->3 upgrade now errors and prints message when vars isn't found (#377)
* Update OpenSSL Windows binaries to 1.1.1g
* Reverted OpenSSL back to 1.1.0j
OBS-URL: https://build.opensuse.org/request/show/850786
OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=29
- update to 3.0.6 (2019-02-01)
* Certifcates that are revoked now move to a revoked subdirectory (#63)
* EasyRSA no longer clobbers non-EASYRSA environment variables (#277)
* More sane string checking, allowingn for commas in CN (#267)
* Support for reasonCode in CRL (#280)
* Better handling for capturing passphrases (#230, others)
* Improved LibreSSL/MacOS support
* Adds support to renew certificates up to 30 days before expiration (#286)
- This changes previous behavior allowing for certificate creation using
duplicate CNs.
- update and rebase suse-packaging.patch
OBS-URL: https://build.opensuse.org/request/show/673666
OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=27
- Include upstream patches:
+ 4eac410.patch
Fix string comprehension
+ a138c0d.patch
Fix incorrect "openssl rand" usage
+ 83a1a21.patch
Add --copy-ext option
- Include upstream patches:
+ d20d2b3.patch
Update docs and examples to fit changes in 534f673
- Adapted easy-rsa-packaging.patch to work with upstream patch
- Include upstream patches:
+ 534f673.patch
Make $PWD/pki the default PKI location
- Adapted easy-rsa-packaging.patch to work with upstream patch
- Treat /etc/easy-rsa as public default config, no default vars
OBS-URL: https://build.opensuse.org/request/show/522753
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/easy-rsa?expand=0&rev=5
- Include upstream patches:
+ 4eac410.patch
Fix string comprehension
+ a138c0d.patch
Fix incorrect "openssl rand" usage
+ 83a1a21.patch
Add --copy-ext option
- Include upstream patches:
+ d20d2b3.patch
Update docs and examples to fit changes in 534f673
- Adapted easy-rsa-packaging.patch to work with upstream patch
- Include upstream patches:
+ 534f673.patch
Make $PWD/pki the default PKI location
- Adapted easy-rsa-packaging.patch to work with upstream patch
- Treat /etc/easy-rsa as public default config, no default vars
OBS-URL: https://build.opensuse.org/request/show/518428
OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=10
Documentation provided as markdown files should retain its .md suffix. This allows opening the files in a suitable viewer (e.g., Firefox with the "Markdown Viewer" extension) and have them rendered nicely; also, in such viewers, links to other files look and work as expected.
Finally, if upstream decides on Markdown documentation, as a principle I think the openSUSE package should retain it that way.
OBS-URL: https://build.opensuse.org/request/show/501207
OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=6
- Include upstream patches
+ f174800.patch
Generate random serial number for all certificates
+ 29d4dee.patch
Fixes#91 basename: invalid option -- 's'
+ b93d0a1.patch
Spelling fixes and sentence structure improvements
+ fb4d8d8.patch
Fix comment indicating the end of the function verify_file()
+ b75faa4.patch
Convert README and COPYING into markdown files
- Rename openSUSE specific patch easyrsa.packaging.patch to
easy-rsa-packaging.patch
- spec-cleaner -m (Add also SUSE copyrights)
OBS-URL: https://build.opensuse.org/request/show/497926
OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=3
