Comparing changes
Open a pull request
- 7 commits
- 2 files changed
- 1 contributor
Commits on May 21, 2023
-
build-ca: Use OpenSSL password I/O argument 'stdin'
When OpenSSL is built "for Windows", it does not support password input/output via argument 'fd:N', file-descriptors. However, OpenSSL built "for Windows" does allow use of 'stdin'. eg: -pass:stdin (-passin/-passout) There is one drawback; When using 'stdin' openssl cannot allow further user input to customise the 'commonName', or any other organisational fields used by '--dn-mode=org'. OpenSSL enforces '-batch' when 'stdin' is used. Therefore, EasyRSA must set batch mode, to correctly use 'stdin' to pass the CA password. Creating CA key pair this way also requires that SSL option '-keyout' be dropped from the create CA request command. Signed-off-by: Richard T Bonhomme <[email protected]>
Commits on May 22, 2023
-
build-ca: Force the unit-test to build CA with pass via 'stdin' method
ERSA_UTEST_VERSION and EASYRSA_USE_PASS are only defined when the unit-tests are run. When they are detected, force use of CA password via 'stdin'. Signed-off-by: Richard T Bonhomme <[email protected]>
-
build-ca: Revert manual CA password method to temp-files
Change the integration of the following: * build-ca: Replace password temp-file method with file-descriptors * commit 27870d6 Instead of 'replacing' the standard temp-file method, the new 'stdin' method is offered as an alternative by using option '--ca-via-stdin' Discussion: Using EasyRSA temp-files means that these files can be written to specific places. In the case of the CA password, it is recommended to use a RAM-Disk to write CA password temp-files to. Using heredocs to pass data via file-descriptors, in all probability, will write the heredoc data to a temp-file managed by the shell in use. Thus, there are temp-files written in both methods. The difference being that, the EasyRSA managed temp-files can be written to specific places, while the shell managed temp-files are out of EasyRSA scope. In conclusion, both methods are offered, however, the default remains as EasyRSA temp-files for the CA password method. Signed-off-by: Richard T Bonhomme <[email protected]>
Commits on May 23, 2023
-
build-ca: Remove obsolete unit-test CA password variant
If this code s left in then the unit test always falls through to testing a CA without a password. Signed-off-by: Richard T Bonhomme <[email protected]>
-
Merge branch 'quick-fix-win-ca-pw' of ssh://github.com/TinCanTech/eas…
…y-rsa into TinCanTech-quick-fix-win-ca-pw Signed-off-by: Richard T Bonhomme <[email protected]>
-
Merge branch 'TinCanTech-quick-fix-win-ca-pw'
Signed-off-by: Richard T Bonhomme <[email protected]>
-
ChangeLog: Update for Easy-RSA version 3.1.4 release
Signed-off-by: Richard T Bonhomme <[email protected]>
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v3.1.3...v3.1.4