7d41c58ae5
Include upstream patches: + Add CN as SAN (if none requested) on server certs by default + Moved @ValdikSS's serial randomization to sign_req OBS-URL: https://build.opensuse.org/request/show/511298 OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=8
48 lines
1.4 KiB
Diff
48 lines
1.4 KiB
Diff
commit e9e8e272e0eb5225ecfb0d8a0953a5b480c5e85d
|
|
Author: Martin Schmitt <mas@scsy.de>
|
|
Date: Fri Jun 30 17:04:31 2017 +0200
|
|
|
|
Moved @ValdikSS's serial randomization to sign_req
|
|
|
|
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
|
|
index f5ec797..cff63f2 100755
|
|
--- a/easyrsa3/easyrsa
|
|
+++ b/easyrsa3/easyrsa
|
|
@@ -569,6 +569,18 @@ sign_req() {
|
|
local req_in="$EASYRSA_PKI/reqs/$2.req"
|
|
local crt_out="$EASYRSA_PKI/issued/$2.crt"
|
|
|
|
+ # Randomize Serial number
|
|
+ local i= serial= check_serial=
|
|
+ for i in 1 2 3 4 5; do
|
|
+ "$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial"
|
|
+ serial="$(cat "$EASYRSA_PKI/serial")"
|
|
+ check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)"
|
|
+ case "$check_serial" in
|
|
+ *"not present in db"*) break ;;
|
|
+ *) continue ;;
|
|
+ esac
|
|
+ done
|
|
+
|
|
# Support batch by internal caller:
|
|
[ "$3" = "batch" ] && local EASYRSA_BATCH=1
|
|
|
|
@@ -661,17 +673,6 @@ Certificate created at: $crt_out
|
|
build_full() {
|
|
verify_ca_init
|
|
|
|
- local i= serial= check_serial=
|
|
- for i in 1 2 3 4 5; do
|
|
- "$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial"
|
|
- serial="$(cat "$EASYRSA_PKI/serial")"
|
|
- check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)"
|
|
- case "$check_serial" in
|
|
- *"not present in db"*) break ;;
|
|
- *) continue ;;
|
|
- esac
|
|
- done
|
|
-
|
|
# pull filename base:
|
|
[ -n "$2" ] || die "\
|
|
Error: didn't find a file base name as the first argument.
|