Skip to content

Releases: OpenVPN/easy-rsa

v3.1.1

13 Oct 11:42
2083fb2
Compare
Choose a tag to compare

2022-10-14 - Signatures were corrupted on upload. Re-uploading verified sigs.

What's Changed

  • Standardise all output for warn(), notice() and message():[New] by @TinCanTech in #574
  • Expand status reports to include checking a single certificate by @TinCanTech in #577
  • Introduce 'rewind-renew' - Recover "guineapig" renewed certificates by @TinCanTech in #579
  • Improve revocation and renewal functions by @TinCanTech in #580
  • Correctly quote 'sed' and auto-escape ampersand by @TinCanTech in #584
  • Auto-escape '&' and '$' in 'org' mode fields - Other minor tweaks by @TinCanTech in #590
  • Remove restrictive 30-day window hindering 'renew' by @TinCanTech in #594
  • Replace cert dates by @TinCanTech in #595
  • Introduce 'serialNumber' field for DN (OID 2.5.4.5) by @TinCanTech in #606
  • Upgrade-23: Assign a secure session for temporary directory by @TinCanTech in #623
  • Introduce 'renew-req': Create new CSR for an existing private key by @TinCanTech in #616
  • Restore files when 'renew' fails during 'build_full()' phase by @TinCanTech in #617
  • Ensure 'pki/renewed/' exist for 'rewind-renew' by @TinCanTech in #618
  • Allow vars file to exist in current directory (Fix make-cadir) by @TinCanTech in #635
  • gen-dh: Use temporary file by @TinCanTech in #636
  • sign--req: Prohibit COMMON as a certificate type by @TinCanTech in #637
  • show: Reorder parameter checks to guard against empty input by @TinCanTech in #639
  • verify_ca_init: Reorder names to improve error message by @TinCanTech in #638
  • Re-enable the use of --vars=file for init-pki by @TinCanTech in #640
  • Expand the possible values of $prog_dir, include full path by @TinCanTech in #641
  • vars_setup(): Always warn about unsupported characters in vars by @TinCanTech in #642
  • renew: Improve notices and input check by @TinCanTech in #645
  • Options: Check that $val is numeric when a number is expected by @TinCanTech in #646
  • Unsupported characters: Correct check and warning message by @TinCanTech in #649
  • sign-req: Enforce X509-type files exist and are used. (#581) by @TinCanTech in #650
  • cleanup: Make "clean line" respect silent, batch and quiet modes by @TinCanTech in #652
  • Overhaul vars detection by @TinCanTech in #655
  • detect_host: Use SSL Library version from EasyRSA version by @TinCanTech in #656
  • Options: Add '-s' to also enabe --silent mode. by @TinCanTech in #657
  • Options: Rescind deprecation notice of option --req-cn by @TinCanTech in #660
  • x509-types: Add x509-types location to usage() STATUS by @TinCanTech in #662
  • vars_setup: Correctly locate x509-types for usage() directory STATUS by @TinCanTech in #665
  • x509-types: Reset non-existent x509-types dir set by vars by @TinCanTech in #666
  • fixed typo by @ashutoshojha5 in #670
  • Options: Expand alias '--days' to all suitable options with a period by @TinCanTech in #674
  • Options: Introduce --keep-tmp=NAME; Keep the temporary session data by @TinCanTech in #667
  • Option --req-cn: Restore original behavior from v30x series by @TinCanTech in #682
  • renew-req: Add command option 'nopass' by @TinCanTech in #683
  • Remove renew-req by @TinCanTech in #685
  • Documentation: Add EasyRSA-Renew-and-Revoke.md by @TinCanTech in #690
  • X509-types: Always check SSL config file for EasyRSA insert-markers by @TinCanTech in #695
  • Rename 'renew' to 'rebuild' - Introduce 'renew' version 3 by @TinCanTech in #688
  • build-ca: Check x509-types 'ca' and 'COMMON' files exist by @TinCanTech in #697
  • Status Report 'show-renew': Include renewed certs from /cert_by_serial by @TinCanTech in #700
  • Doc-Update: Note that all changes were included with Easy-RSA v3.1.1 by @TinCanTech in #701
  • ChangeLog: Final update for v3.1.1 by @TinCanTech in #702
  • build_full: Remove sign_req() subshell and do full cleanup by @TinCanTech in #705
  • Option --keep-tmp: Append EASYRSA_TEMP_DIR_session random number by @TinCanTech in #711
  • Option --keep-tmp: Reliability improvements by @TinCanTech in #712
  • Opt. --subca-len: basicConstraints CA extension, Append 'pathlen:N' by @TinCanTech in #706
  • Refactor Netscape support by @TinCanTech in #710
  • help: Document supported certificate X509 types by @TinCanTech in #704
  • Remove obsolete command 'renewable' by @TinCanTech in #715
  • Doc: EasyRSA-Contributing.md - Update by @TinCanTech in #719
  • init-pki soft: Include delete of revoked and renewed sub-directories by @TinCanTech in #720

New Contributors

Full Changelog: v3.1.0...v3.1.1

EasyRSA 3.1.0

19 May 02:00
1600b3f
Compare
Choose a tag to compare

NOTICE

This version of EasyRSA introduces OpenSSL 3 (3.0.3). Effectively, v3.1.0 is nearly identical to v3.0.9, but we ship different binaries in the Windows package. @TinCanTech has put a ton of work in to support for the new OpenSSL, but there may be bugs. We intend to make big changes early in the v3.1.x branch and only back-port bug fixes to v3.0.x going forward.

What's Changed

New Contributors

Full Changelog: v3.0.9...v3.1.0

Our ChangeLog

3.1.0 (2022-05-18)
   * Introduce basic support for OpenSSL version 3 (#492)
   * Update regex in grep to be POSIX compliant (#556)
   * Introduce status reporting tools (#555 & #557)
   * Display certificates using UTF8 (#551)
   * Allow certificates to be created with fixed date offset (#550)
   * Add 'verify' to verify certificate against CA (#549)
   * Add PKCS#12 alias 'friendlyName' (#544)
   * Disallow use of '--vars=FILE init-pki' (#566)
   * Support multiple IP-Addresses in SAN (#564)
   * Add option '--renew-days=NN', custom renew grace period (#557)
   * Add 'nopass' option to the 'export-pkcs' functions (#411)
   * Add support for 'busybox' (#543)
   * Add option '--tmp-dir=DIR' to declare Temp-dir (Commit f503a22)  

EasyRSA 3.0.9

18 May 02:33
150e96e
Compare
Choose a tag to compare

** Note: Files here were updated to remove a test pki mistakenly included with the original. There are no functional changes to the release. **

What's Changed

New Contributors

Full Changelog: v3.0.8...v3.0.9

v3.0.9-rc1

05 May 03:04
ecc7cb7
Compare
Choose a tag to compare
v3.0.9-rc1 Pre-release
Pre-release

3.0.9 (2022-05-04)

  • Upgrade OpenSSL from 1.1.0j to 1.1.1o (#405, #407)
    • We are buliding this ourselves now.
  • Fix --version so it uses EASYRSA_OPENSSL (#416)
  • Use openssl rand instead of non-POSIX mktemp (#478)
  • Fix paths with spaces (#443)
  • Correct OpenSSL version from Homebrew on macOs (#416)
  • Fix revoking a renewed certificate (Original PR #394)
    Follow-up commit: ef22701
  • Introduce 'show-crl' (d199389)
  • Support Windows-Git 'version of bash' (#533)
  • Disallow use of single quote (') in vars file, Warning (#530)
  • Creating a CA uses x509-types/ca and COMMON (#526)
  • Prefer 'PKI/vars' over all other locations (#528)
  • Introduce 'init-pki soft' option (#197)
  • Warnings are no longer silenced by --batch (#523)
  • Improve packaging options (#510)

*** Lots of work by Richard Bonhomme on this release! ***

What's Changed

New Contributors

Full Changelog: v3.0.8...v3.0.9-rc1

EasyRSA 3.0.8

16 Sep 13:04
a9cecc7
Compare
Choose a tag to compare

3.0.8 (2020-09-09)

  • Provide --version option (#372)
  • Version information now within generated certificates like on *nix
  • Fixed issue where gen-dh overwrote existing files without warning (#373)
  • Fixed issue with ED/EC certificates were still signed by RSA (#374)
  • Added support for export-p8 (#339)
  • Clarified error message (#384)
  • 2->3 upgrade now errors and prints message when vars isn't found (#377)
  • Update OpenSSL Windows binaries to 1.1.1g
  • Reverted OpenSSL back to 1.1.0j

EasyRSA 3.0.7

31 Mar 00:11
945c935
Compare
Choose a tag to compare

3.0.7 (2020-03-30)

  • Include OpenSSL libs and binary for Windows 1.1.0j
  • Remove RANDFILE environment variable (#261)
  • Workaround for bug in win32 mktemp (#247, #305, PR #312)
  • Handle IP address in SAN and renewals (#317)
  • Workaround for ash and no set -o echo (#319)
  • Shore up windows testing framework (#314)
  • Provide upgrade mechanism for older versions of EasyRSA (#349)
  • Add support for KDC certificates (#322)
  • Add support for Edward Curves (#354, #350)
  • Add support for EASYRSA_PASSIN and EASYRSA_PASSOUT env vars (#368)
  • Add support for RID to SAN (#362)

EasyRSA 3.0.6

02 Feb 04:13
9918b67
Compare
Choose a tag to compare

3.0.6 (2019-02-01)

  • Certifcates that are revoked now move to a revoked subdirectory (#63)
  • EasyRSA no longer clobbers non-EASYRSA environment variables (#277)
  • More sane string checking, allowingn for commas in CN (#267)
  • Support for reasonCode in CRL (#280)
  • Better handling for capturing passphrases (#230, others)
  • Improved LibreSSL/MacOS support
  • Adds support to renew certificates up to 30 days before expiration (#286)
    • This changes previous behavior allowing for certificate creation using
      duplicate CNs.

EasyRSA 3.0.5

15 Sep 04:33
Compare
Choose a tag to compare

3.0.5 (2018-09-15)

  • Fix #17 & #58: use AES256 for CA key
  • Also, don't use read -s, use stty -echo
  • Fix broken "nopass" option
  • Add -r to read to stop errors reported by shellcheck (and to behave)
  • remove overzealous quotes around $pkcs_opts (more SC errors)
  • Support for LibreSSL (now works on latest version of MacOS)
  • EasyRSA version will be reported in certificate comments
  • Client certificates now expire in 3 year (1080 days) by default

v3.0.4

21 Jan 15:55
Compare
Choose a tag to compare

3.0.4
* Remove use of egrep (#154)
* Integrate with Travis-CI (#165)
* Remove "local" from variable assignment (#165)
* Other changes related to Travis-CI fixes
* Assign values to variables defined previously w/local
* Finally(?) fix the subjectAltName issues I presented earlier (really
fixes #168

v3.0.3

22 Aug 13:10
v3.0.3
Compare
Choose a tag to compare

Minor update that includes the mktemp Windows binary.