Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: OpenVPN/easy-rsa
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v3.1.3
Choose a base ref
...
head repository: OpenVPN/easy-rsa
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v3.1.4
Choose a head ref
  • 7 commits
  • 2 files changed
  • 1 contributor

Commits on May 21, 2023

  1. build-ca: Use OpenSSL password I/O argument 'stdin'

    When OpenSSL is built "for Windows", it does not support
    password input/output via argument 'fd:N', file-descriptors.
    
    However, OpenSSL built "for Windows" does allow use of 'stdin'.
    eg: -pass:stdin (-passin/-passout)
    
    There is one drawback; When using 'stdin' openssl cannot allow
    further user input to customise the 'commonName', or any other
    organisational fields used by '--dn-mode=org'. OpenSSL enforces
    '-batch' when 'stdin' is used. Therefore, EasyRSA must set batch
    mode, to correctly use 'stdin' to pass the CA password.
    
    Creating CA key pair this way also requires that SSL option
    '-keyout' be dropped from the create CA request command.
    
    Signed-off-by: Richard T Bonhomme <[email protected]>
    TinCanTech committed May 21, 2023
    Configuration menu
    Copy the full SHA
    c11135d View commit details
    Browse the repository at this point in the history

Commits on May 22, 2023

  1. build-ca: Force the unit-test to build CA with pass via 'stdin' method

    ERSA_UTEST_VERSION and EASYRSA_USE_PASS are only defined when the unit-tests are run.
    When they are detected, force use of CA password via 'stdin'.
    
    Signed-off-by: Richard T Bonhomme <[email protected]>
    TinCanTech committed May 22, 2023
    Configuration menu
    Copy the full SHA
    51cb520 View commit details
    Browse the repository at this point in the history
  2. build-ca: Revert manual CA password method to temp-files

    Change the integration of the following:
    * build-ca: Replace password temp-file method with file-descriptors
    * commit 27870d6
    
    Instead of 'replacing' the standard temp-file method, the new 'stdin'
    method is offered as an alternative by using option '--ca-via-stdin'
    
    Discussion:
    
    Using EasyRSA temp-files means that these files can be written to
    specific places. In the case of the CA password, it is recommended
    to use a RAM-Disk to write CA password temp-files to.
    
    Using heredocs to pass data via file-descriptors, in all probability,
    will write the heredoc data to a temp-file managed by the shell in use.
    
    Thus, there are temp-files written in both methods.
    
    The difference being that, the EasyRSA managed temp-files can be written to
    specific places, while the shell managed temp-files are out of EasyRSA scope.
    
    In conclusion, both methods are offered, however, the default remains
    as EasyRSA temp-files for the CA password method.
    
    Signed-off-by: Richard T Bonhomme <[email protected]>
    TinCanTech committed May 22, 2023
    Configuration menu
    Copy the full SHA
    5d7ad13 View commit details
    Browse the repository at this point in the history

Commits on May 23, 2023

  1. build-ca: Remove obsolete unit-test CA password variant

    If this code s left in then the unit test always falls through to
    testing a CA without a password.
    
    Signed-off-by: Richard T Bonhomme <[email protected]>
    TinCanTech committed May 23, 2023
    Configuration menu
    Copy the full SHA
    c1bf6a4 View commit details
    Browse the repository at this point in the history
  2. Merge branch 'quick-fix-win-ca-pw' of ssh://github.com/TinCanTech/eas…

    …y-rsa into TinCanTech-quick-fix-win-ca-pw
    
    Signed-off-by: Richard T Bonhomme <[email protected]>
    TinCanTech committed May 23, 2023
    Configuration menu
    Copy the full SHA
    b59cf55 View commit details
    Browse the repository at this point in the history
  3. Merge branch 'TinCanTech-quick-fix-win-ca-pw'

    Signed-off-by: Richard T Bonhomme <[email protected]>
    TinCanTech committed May 23, 2023
    Configuration menu
    Copy the full SHA
    ff749d2 View commit details
    Browse the repository at this point in the history
  4. ChangeLog: Update for Easy-RSA version 3.1.4 release

    Signed-off-by: Richard T Bonhomme <[email protected]>
    TinCanTech committed May 23, 2023
    Configuration menu
    Copy the full SHA
    a7284a1 View commit details
    Browse the repository at this point in the history
Loading