Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Wishlist] Remove all date code #916

Closed
TinCanTech opened this issue Mar 15, 2023 · 5 comments · Fixed by #918
Closed

[Wishlist] Remove all date code #916

TinCanTech opened this issue Mar 15, 2023 · 5 comments · Fixed by #918
Assignees
@TinCanTech
Labels
ChangeLog Item discussion Full-Approval Merge is imminent MAJOR CHANGE Sticky Remain open Version 3.1.x version 3.1.3
Milestone
v3.1.3

Comments

@TinCanTech
Copy link
Collaborator

TinCanTech commented Mar 15, 2023
edited
Loading

This includes:

  • Status reports.
  • Option --fix-offset.

EasyRSA should not dabble in date related code.

Background information:
The reason for ALL date related code was as a prerequisite of the original version of renew. #286

This prerequisite was to arbitrate an acceptable period, within which a certificate was a viable candidate for renewal. The default chosen was 30 days before expiry. (At that time, an existing certificate had been signed for 10 years..)

This prerequisite introduced the HARD requirement for EasyRSA to calculate dates in various shells.

This arbitrary prerequisite has subsequently been discarded.

The current version of renew does not require that a certificate be within any period of expiry, before it can be renewed. A certificate can be renewed immediately, if desired.

There is no longer any reason for EasyRSA to attempt to use date.

Size-wise -- Current: 151kB, expected: 120kB (~10kB)
@TinCanTech TinCanTech self-assigned this Mar 15, 2023
@TinCanTech
Copy link
Collaborator Author

TinCanTech commented Mar 17, 2023
edited
Loading

First stage: Group ALL date related code together.

Translation of CA database dates for reports is still viable.

@TinCanTech TinCanTech added this to the v3.1.3 - 13/10/2023 milestone Mar 17, 2023
@TinCanTech TinCanTech mentioned this issue Mar 17, 2023
Closed
@TinCanTech
Copy link
Collaborator Author

Fixed dates can be reworked to use the same method as --passin and --passout. IE. Pass formatted dates directly to SSL -startdate and -enddate. eg: --startdate=[YY]YYMMDDHHMMSSZ

@TinCanTech TinCanTech linked a pull request Mar 17, 2023 that will close this issue
Replace fixed offset date code #918
Merged
@TinCanTech TinCanTech pinned this issue Mar 17, 2023
@TinCanTech TinCanTech added the Sticky Remain open label Mar 22, 2023
@TinCanTech TinCanTech reopened this Mar 22, 2023
@TinCanTech
Copy link
Collaborator Author

TinCanTech commented Mar 23, 2023
edited
Loading

After merging #918 there is only one reason for Easy-RSA to manipulate dates:

  • To create a period, during which, easyrsa could warn about imminent expiry.
    a.k.a. EASYRSA_CERT_RENEW, default: 90 days.
    Used by show-expire (offset_days_to_cert_date()).

This can be done without the use of date but only for SSL which supports the -dateopt iso_8601 flag. (OpenSSL v3, LibreSSL untested.)

So ... this is a good time to integrate new code, without use of date, for use with OpenSSL v3. (wishlist)

@TinCanTech TinCanTech linked a pull request Mar 30, 2023 that will close this issue
Status reports: Use ISO-8601 date format #922
Closed
@TinCanTech
Copy link
Collaborator Author

#922 final result is as follows:

  • With OpenSSL v3, easyrsa only requires date to produce a timestamp +%s for status report show-expire. A residual check remains, in order to verify that easyrsa calculated "seconds since epoch" matches the value produced by date.
  • With OpenSSL v1, easyrsa requires date to generate a timestamp +%s from a non-ISO-8601 date string, which is produced by OpenSSL -enddate default.

All of these changes ONLY effect status reports.

@TinCanTech
Copy link
Collaborator Author

Closed via e8ad9fb

@TinCanTech TinCanTech unpinned this issue Apr 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TinCanTech TinCanTech

Labels
ChangeLog Item discussion Full-Approval Merge is imminent MAJOR CHANGE Sticky Remain open Version 3.1.x version 3.1.3
Projects
None yet
Milestone
v3.1.3
1 participant
@TinCanTech