-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Comparing changes
Open a pull request
base repository: OpenVPN/easy-rsa
base: v3.1.3
head repository: OpenVPN/easy-rsa
compare: v3.1.4
- 7 commits
- 2 files changed
- 1 contributor
Commits on May 21, 2023
-
build-ca: Use OpenSSL password I/O argument 'stdin'
When OpenSSL is built "for Windows", it does not support password input/output via argument 'fd:N', file-descriptors. However, OpenSSL built "for Windows" does allow use of 'stdin'. eg: -pass:stdin (-passin/-passout) There is one drawback; When using 'stdin' openssl cannot allow further user input to customise the 'commonName', or any other organisational fields used by '--dn-mode=org'. OpenSSL enforces '-batch' when 'stdin' is used. Therefore, EasyRSA must set batch mode, to correctly use 'stdin' to pass the CA password. Creating CA key pair this way also requires that SSL option '-keyout' be dropped from the create CA request command. Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c11135d - Browse repository at this point
Copy the full SHA c11135dView commit details
Commits on May 22, 2023
-
build-ca: Force the unit-test to build CA with pass via 'stdin' method
ERSA_UTEST_VERSION and EASYRSA_USE_PASS are only defined when the unit-tests are run. When they are detected, force use of CA password via 'stdin'. Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 51cb520 - Browse repository at this point
Copy the full SHA 51cb520View commit details -
build-ca: Revert manual CA password method to temp-files
Change the integration of the following: * build-ca: Replace password temp-file method with file-descriptors * commit 27870d6 Instead of 'replacing' the standard temp-file method, the new 'stdin' method is offered as an alternative by using option '--ca-via-stdin' Discussion: Using EasyRSA temp-files means that these files can be written to specific places. In the case of the CA password, it is recommended to use a RAM-Disk to write CA password temp-files to. Using heredocs to pass data via file-descriptors, in all probability, will write the heredoc data to a temp-file managed by the shell in use. Thus, there are temp-files written in both methods. The difference being that, the EasyRSA managed temp-files can be written to specific places, while the shell managed temp-files are out of EasyRSA scope. In conclusion, both methods are offered, however, the default remains as EasyRSA temp-files for the CA password method. Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5d7ad13 - Browse repository at this point
Copy the full SHA 5d7ad13View commit details
Commits on May 23, 2023
-
build-ca: Remove obsolete unit-test CA password variant
If this code s left in then the unit test always falls through to testing a CA without a password. Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c1bf6a4 - Browse repository at this point
Copy the full SHA c1bf6a4View commit details -
Merge branch 'quick-fix-win-ca-pw' of ssh://github.com/TinCanTech/eas…
…y-rsa into TinCanTech-quick-fix-win-ca-pw Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b59cf55 - Browse repository at this point
Copy the full SHA b59cf55View commit details -
Merge branch 'TinCanTech-quick-fix-win-ca-pw'
Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ff749d2 - Browse repository at this point
Copy the full SHA ff749d2View commit details -
ChangeLog: Update for Easy-RSA version 3.1.4 release
Signed-off-by: Richard T Bonhomme <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a7284a1 - Browse repository at this point
Copy the full SHA a7284a1View commit details
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v3.1.3...v3.1.4