Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Command revoke: Do not remove duplicate certificate by serial #1177

Merged
merged 4 commits into from
Jun 27, 2024

Conversation

TinCanTech
Copy link
Collaborator

No description provided.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
For 'revoke',  always move the req/key files.
It is assumed that revoking an issued cert implies that renewal
is not desired.

For 'revoke-expired' and 'revoke-renewed', never move the req/key files.
It is assumed that revoking an expired or renewed cert implies that
renewal is desired.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
@TinCanTech TinCanTech linked an issue Jun 26, 2024 that may be closed by this pull request
@TinCanTech TinCanTech added this to the v3.2.1 milestone Jun 26, 2024
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
@TinCanTech TinCanTech linked an issue Jun 27, 2024 that may be closed by this pull request
revoke: Always remove old req/key files.
It is assumed that revoking an issued certificate does not require
subsequesnt renewal.

revoke-expired/revoke-renewed: Never remove old req/key files.
It is assumed that revoking an expired or renewed certificate does
require subsequent renewal.

Never remove the duplicate certificate by serial, this file must
always be unique, so it does not need to be removed.
This also allows status reports to have simple access to all signed
certificates, regardless of status.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
@TinCanTech TinCanTech merged commit 4510178 into OpenVPN:master Jun 27, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant