Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows, build-ca: Add input password to re-open private key #813

Merged
merged 4 commits into from
Dec 15, 2022
Merged

Windows, build-ca: Add input password to re-open private key #813

merged 4 commits into from
Dec 15, 2022

Commits on Dec 11, 2022

  1. Windows, build-ca: Add input password to re-open private key 

    Using OpenSSL 3.0.7, packaged by OpenVPN Windows installer, causes
EasyRSA command 'build-ca' to fail, because it does not have an input
password to re-open the private key, which is required to generate
the CA certificate.

Provide the user specified CA passphrase as input password for build-ca.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
    @TinCanTech
    TinCanTech committed Dec 11, 2022
    Configuration menu
    Copy the full SHA
    8ae6bca View commit details
    Browse the repository at this point in the history

  2. Allow default CA generation method to be unit-tested 

    If 'easyrsa' is being run by the unit-test then allow the default method
for 'build-ca' to be exercised.

The default 'easyrsa' method is to use temp-files, generated by EasyRSA,
to pass the CA passphrase, provided by the user, to the SSL command.

The normal 'unit-test' method to use a passphrase is to configure EasyRSA
ommand line options '--passin' and '--passout'.

The change made here is to simulate user-interaction and to supply a
default passphrase, as a user, to the SSL command.
To NOT use EasyRSA command line options to set any passphrase.
ONLY when being run by the unit-test.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
    @TinCanTech
    TinCanTech committed Dec 11, 2022
    Configuration menu
    Copy the full SHA
    0063de0 View commit details
    Browse the repository at this point in the history

Commits on Dec 12, 2022

  1. build-ca: Use OpenSSL '-passout' with EasyRSA '--passout' correctly 

    Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
    @TinCanTech
    TinCanTech committed Dec 12, 2022
    Configuration menu
    Copy the full SHA
    9a495f7 View commit details
    Browse the repository at this point in the history

Commits on Dec 13, 2022

  1. build-ca: Error-exit on failure to write temp-CA-passphrase files 

    Also, prototype easyrsa_mktemp() errors.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
    @TinCanTech
    TinCanTech committed Dec 13, 2022
    Configuration menu
    Copy the full SHA
    0ce126a View commit details
    Browse the repository at this point in the history