What's Changed

• Update OpenSSL to v3.5.0
• renew: Print 'unique_subject = no' to index.txt.attr by @TinCanTech in #1293
• check_serial_unique(): Check for duplicate Subject error by @TinCanTech in #1294
• Correctly define options names - Remove wild-card pattern by @TinCanTech in #1297
• Remove all references to file:easyrsa-tools.lib by @TinCanTech in #1298
• Reinstate old function as 'db_date_to_iso_8601()' [Renamed] by @TinCanTech in #1303
• expire_status_v2(): Refactor 'if' statement to capture error correctly by @TinCanTech in #1304
• source_vars() improvements by @TinCanTech in #1300
• add_critical_attrib(): Do not add 'critical' if 'critical' exists by @TinCanTech in #1308
• inline_file(): Include DH file or placeholder, for RSA Servers by @TinCanTech in #1310
• Fix shellcheck warnings by @TinCanTech in #1311
• Introduce command line options --umask|--no-umask, to set 'umask' by @TinCanTech in #1312
• Introduce "robust" lock-file mechanism by @TinCanTech in #1313
• New function set_no_clobber() by @TinCanTech in #1314
• Easyrsa mktemp v2 by @TinCanTech in #1315
• add_critical_attrib_v2(): Move file access to function by @TinCanTech in #1316
• Command 'write': Remove options 'overwrite' and 'filename' by @TinCanTech in #1318
• Introduce option --text: Create CSR files with human readable text by @TinCanTech in #1319
• will_cert_be_valid(): Remove SSL option -noout by @TinCanTech in #1321
• easyrsa_mktemp(): Remove secondary atomic operation by @TinCanTech in #1322
• easyrsa_mkdir(): Separate Windows from *nix by @TinCanTech in #1324
• Update Copyright 2025 by @TinCanTech in #1327
• inine_file(): Correct logic and add 'dh none' for DH params file by @TinCanTech in #1330
• show-expire: Move setting $pre_expire_window_s to status() by @TinCanTech in #1332
• Always export EASYRSA_SSL_CONF, when assigned (code standard) by @TinCanTech in #1334
• Unit-test: Drop old *nix test by @TinCanTech in #1335
• add_critical_attrib(): export temp-file name as input file by @TinCanTech in #1333
• Inline improvements by @TinCanTech in #1337
• Unit-test: Minimize Windows test by @TinCanTech in #1339
• PKI lock-file: Move possible creation to sub-function request_lock_file() by @TinCanTech in #1340
• forbid_selfsign(): Compare cert serial to signing cert serial by @TinCanTech in #1342
• inline_file(): Use ssl_cert_serial() by @TinCanTech in #1343
• Inline self sign improvements by @TinCanTech in #1345
• peer-fingerprint mode: Make CA mode mutually exclusive to PFP mode by @TinCanTech in #1347
• Remove init pki soft by @TinCanTech in #1351

Full Changelog: v3.2.2...v3.2.3