SOURCES: easy-rsa2.patch - source vars in revoke-full script - do ...
glen
glen at pld-linux.org
Wed Mar 22 13:01:24 CET 2006
Author: glen Date: Wed Mar 22 12:01:24 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- source vars in revoke-full script
- do not force .crt extension in revoke-full, this allows you revoke pem files directly from ca dir without having copy of crt
---- Files affected:
SOURCES:
easy-rsa2.patch (1.1 -> 1.2)
---- Diffs:
================================================================
Index: SOURCES/easy-rsa2.patch
diff -u SOURCES/easy-rsa2.patch:1.1 SOURCES/easy-rsa2.patch:1.2
--- SOURCES/easy-rsa2.patch:1.1 Thu Mar 2 15:37:30 2006
+++ SOURCES/easy-rsa2.patch Wed Mar 22 13:01:19 2006
@@ -1,4 +1,4 @@
-diff -u openvpn-2.0.5/easy-rsa/2.0.orig/build-ca openvpn-2.0.5/easy-rsa/2.0/build-ca
+unchanged:
--- openvpn-2.0.5/easy-rsa/2.0.orig/build-ca 2005-11-02 20:42:38.000000000 +0200
+++ openvpn-2.0.5/easy-rsa/2.0/build-ca 2006-03-02 16:34:06.000000000 +0200
@@ -4,5 +4,5 @@
@@ -9,7 +9,7 @@
-"$EASY_RSA/pkitool" --interact --initca $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --initca $*
-diff -u openvpn-2.0.5/easy-rsa/2.0.orig/build-dh openvpn-2.0.5/easy-rsa/2.0/build-dh
+unchanged:
--- openvpn-2.0.5/easy-rsa/2.0.orig/build-dh 2005-11-02 20:42:39.000000000 +0200
+++ openvpn-2.0.5/easy-rsa/2.0/build-dh 2006-03-02 16:34:06.000000000 +0200
@@ -2,6 +2,9 @@
@@ -22,7 +22,7 @@
if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then
openssl dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
-diff -u openvpn-2.0.5/easy-rsa/2.0.orig/build-inter openvpn-2.0.5/easy-rsa/2.0/build-inter
+unchanged:
--- openvpn-2.0.5/easy-rsa/2.0.orig/build-inter 2005-11-02 20:42:39.000000000 +0200
+++ openvpn-2.0.5/easy-rsa/2.0/build-inter 2006-03-02 16:34:06.000000000 +0200
@@ -3,5 +3,5 @@
@@ -33,7 +33,7 @@
-"$EASY_RSA/pkitool" --interact --inter $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --inter $*
-diff -u openvpn-2.0.5/easy-rsa/2.0.orig/build-key openvpn-2.0.5/easy-rsa/2.0/build-key
+unchanged:
--- openvpn-2.0.5/easy-rsa/2.0.orig/build-key 2005-11-02 20:42:39.000000000 +0200
+++ openvpn-2.0.5/easy-rsa/2.0/build-key 2006-03-02 16:34:06.000000000 +0200
@@ -3,5 +3,5 @@
@@ -44,7 +44,7 @@
-"$EASY_RSA/pkitool" --interact $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact $*
-diff -u openvpn-2.0.5/easy-rsa/2.0.orig/build-key-pass openvpn-2.0.5/easy-rsa/2.0/build-key-pass
+unchanged:
--- openvpn-2.0.5/easy-rsa/2.0.orig/build-key-pass 2005-11-02 20:42:39.000000000 +0200
+++ openvpn-2.0.5/easy-rsa/2.0/build-key-pass 2006-03-02 16:34:06.000000000 +0200
@@ -3,5 +3,5 @@
@@ -55,7 +55,7 @@
-"$EASY_RSA/pkitool" --interact --pass $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --pass $*
-diff -u openvpn-2.0.5/easy-rsa/2.0.orig/build-key-pkcs12 openvpn-2.0.5/easy-rsa/2.0/build-key-pkcs12
+unchanged:
--- openvpn-2.0.5/easy-rsa/2.0.orig/build-key-pkcs12 2005-11-02 20:42:39.000000000 +0200
+++ openvpn-2.0.5/easy-rsa/2.0/build-key-pkcs12 2006-03-02 16:34:06.000000000 +0200
@@ -4,5 +4,5 @@
@@ -66,7 +66,7 @@
-"$EASY_RSA/pkitool" --interact --pkcs12 $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --pkcs12 $*
-diff -u openvpn-2.0.5/easy-rsa/2.0.orig/build-key-server openvpn-2.0.5/easy-rsa/2.0/build-key-server
+unchanged:
--- openvpn-2.0.5/easy-rsa/2.0.orig/build-key-server 2005-11-02 20:42:39.000000000 +0200
+++ openvpn-2.0.5/easy-rsa/2.0/build-key-server 2006-03-02 16:34:06.000000000 +0200
@@ -6,5 +6,5 @@
@@ -77,7 +77,7 @@
-"$EASY_RSA/pkitool" --interact --server $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --server $*
-diff -u openvpn-2.0.5/easy-rsa/2.0.orig/build-req openvpn-2.0.5/easy-rsa/2.0/build-req
+unchanged:
--- openvpn-2.0.5/easy-rsa/2.0.orig/build-req 2005-11-02 20:42:38.000000000 +0200
+++ openvpn-2.0.5/easy-rsa/2.0/build-req 2006-03-02 16:34:06.000000000 +0200
@@ -3,5 +3,5 @@
@@ -88,7 +88,7 @@
-"$EASY_RSA/pkitool" --interact --csr $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --csr $*
-diff -u openvpn-2.0.5/easy-rsa/2.0.orig/build-req-pass openvpn-2.0.5/easy-rsa/2.0/build-req-pass
+unchanged:
--- openvpn-2.0.5/easy-rsa/2.0.orig/build-req-pass 2005-11-02 20:42:39.000000000 +0200
+++ openvpn-2.0.5/easy-rsa/2.0/build-req-pass 2006-03-02 16:34:06.000000000 +0200
@@ -3,5 +3,5 @@
@@ -99,7 +99,7 @@
-"$EASY_RSA/pkitool" --interact --csr --pass $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --csr --pass $*
-diff -u openvpn-2.0.5/easy-rsa/2.0.orig/clean-all openvpn-2.0.5/easy-rsa/2.0/clean-all
+unchanged:
--- openvpn-2.0.5/easy-rsa/2.0.orig/clean-all 2005-11-02 20:42:39.000000000 +0200
+++ openvpn-2.0.5/easy-rsa/2.0/clean-all 2006-03-02 16:34:06.000000000 +0200
@@ -4,6 +4,10 @@
@@ -113,7 +113,7 @@
if [ "$KEY_DIR" ]; then
rm -rf "$KEY_DIR"
mkdir "$KEY_DIR" && \
-diff -u openvpn-2.0.5/easy-rsa/2.0.orig/inherit-inter openvpn-2.0.5/easy-rsa/2.0/inherit-inter
+unchanged:
--- openvpn-2.0.5/easy-rsa/2.0.orig/inherit-inter 2005-11-02 20:42:38.000000000 +0200
+++ openvpn-2.0.5/easy-rsa/2.0/inherit-inter 2006-03-02 16:34:06.000000000 +0200
@@ -9,6 +9,10 @@
@@ -127,7 +127,7 @@
# The EXPORT_CA file will contain the CA certificate chain and should be
# referenced by the OpenVPN "ca" directive in config files. The ca.crt file
# will only contain the local intermediate CA -- it's needed by the easy-rsa
-diff -u openvpn-2.0.5/easy-rsa/2.0.orig/list-crl openvpn-2.0.5/easy-rsa/2.0/list-crl
+unchanged:
--- openvpn-2.0.5/easy-rsa/2.0.orig/list-crl 2005-11-02 20:42:39.000000000 +0200
+++ openvpn-2.0.5/easy-rsa/2.0/list-crl 2006-03-02 16:34:06.000000000 +0200
@@ -1,6 +1,9 @@
@@ -140,7 +140,7 @@
CRL="${1:-crl.pem}"
-diff -u openvpn-2.0.5/easy-rsa/2.0.orig/pkitool openvpn-2.0.5/easy-rsa/2.0/pkitool
+unchanged:
--- openvpn-2.0.5/easy-rsa/2.0.orig/pkitool 2005-11-02 20:42:38.000000000 +0200
+++ openvpn-2.0.5/easy-rsa/2.0/pkitool 2006-03-02 16:34:06.000000000 +0200
@@ -34,6 +34,10 @@
@@ -154,7 +154,7 @@
need_vars()
{
echo ' Please edit the vars script to reflect your configuration,'
-diff -u openvpn-2.0.5/easy-rsa/2.0.orig/sign-req openvpn-2.0.5/easy-rsa/2.0/sign-req
+unchanged:
--- openvpn-2.0.5/easy-rsa/2.0.orig/sign-req 2005-11-02 20:42:39.000000000 +0200
+++ openvpn-2.0.5/easy-rsa/2.0/sign-req 2006-03-02 16:34:06.000000000 +0200
@@ -3,5 +3,5 @@
@@ -165,7 +165,7 @@
-"$EASY_RSA/pkitool" --interact --sign $*
+export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
+/usr/sbin/pkitool --interact --sign $*
-diff -u openvpn-2.0.5/easy-rsa/2.0.orig/vars openvpn-2.0.5/easy-rsa/2.0/vars
+unchanged:
--- openvpn-2.0.5/easy-rsa/2.0.orig/vars 2005-11-02 20:42:39.000000000 +0200
+++ openvpn-2.0.5/easy-rsa/2.0/vars 2006-03-02 16:34:06.000000000 +0200
@@ -12,7 +12,7 @@
@@ -187,3 +187,35 @@
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
+only in patch2:
+unchanged:
+--- openvpn-2.0.5/easy-rsa/2.0/revoke-full 2005-11-02 20:42:39.000000000 +0200
++++ /home/glen/revoke-full 2006-03-22 13:58:57.000000000 +0200
+@@ -2,6 +2,9 @@
+
+ # revoke a certificate, regenerate CRL,
+ # and verify revocation
++if [ -z "$EASY_RSA" ]; then
++ . /etc/easy-rsa/vars
++fi
+
+ CRL="crl.pem"
+ RT="revoke-test.pem"
+@@ -20,7 +23,7 @@
+ export KEY_OU=""
+
+ # revoke key and generate a new CRL
+- openssl ca -revoke "$1.crt" -config "$KEY_CONFIG"
++ openssl ca -revoke "$1" -config "$KEY_CONFIG"
+
+ # generate a new CRL -- try to be compatible with
+ # intermediate PKIs
+@@ -32,7 +35,7 @@
+ fi
+
+ # verify the revocation
+- openssl verify -CAfile "$RT" -crl_check "$1.crt"
++ openssl verify -CAfile "$RT" -crl_check "$1"
+ else
+ echo 'Please source the vars script first (i.e. "source ./vars")'
+ echo 'Make sure you have edited it to reflect your configuration.'
================================================================
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/easy-rsa2.patch?r1=1.1&r2=1.2&f=u
More information about the pld-cvs-commit
mailing list