1 --- openvpn-2.2.0-orig/easy-rsa/2.0/build-ca 2011-04-06 18:05:52.000000000 +0200
2 +++ openvpn-2.2.0/easy-rsa/2.0/build-ca 2011-04-27 22:34:59.357652908 +0200
4 # Build a root certificate
7 -export EASY_RSA="${EASY_RSA:-.}"
8 -"$EASY_RSA/pkitool" --interact --initca $*
9 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
10 +/usr/sbin/pkitool --interact --initca $*
11 --- openvpn-2.2.0-orig/easy-rsa/2.0/build-dh 2011-04-06 18:05:52.000000000 +0200
12 +++ openvpn-2.2.0/easy-rsa/2.0/build-dh 2011-04-27 22:36:11.867656490 +0200
14 # Build Diffie-Hellman parameters for the server side
15 # of an SSL/TLS connection.
17 +if [ -z "$EASY_RSA" ]; then
18 + . /etc/easy-rsa/vars
21 if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then
22 - $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
23 + openssl dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
25 echo 'Please source the vars script first (i.e. "source ./vars")'
26 echo 'Make sure you have edited it to reflect your configuration.'
27 --- openvpn-2.2.0-orig/easy-rsa/2.0/build-inter 2011-04-06 18:05:52.000000000 +0200
28 +++ openvpn-2.2.0/easy-rsa/2.0/build-inter 2011-04-27 22:37:59.789289422 +0200
30 # Make an intermediate CA certificate/private key pair using a locally generated
33 -export EASY_RSA="${EASY_RSA:-.}"
34 -"$EASY_RSA/pkitool" --interact --inter $*
35 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
36 +/usr/sbin/pkitool --interact --inter $*
37 --- openvpn-2.2.0-orig/easy-rsa/2.0/build-key 2011-04-06 18:05:52.000000000 +0200
38 +++ openvpn-2.2.0/easy-rsa/2.0/build-key 2011-04-27 22:38:35.330924876 +0200
40 # Make a certificate/private key pair using a locally generated
43 -export EASY_RSA="${EASY_RSA:-.}"
44 -"$EASY_RSA/pkitool" --interact $*
45 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
46 +/usr/sbin/pkitool --interact $*
47 --- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-pass 2011-04-06 18:05:52.000000000 +0200
48 +++ openvpn-2.2.0/easy-rsa/2.0/build-key-pass 2011-04-27 22:39:23.919827311 +0200
50 # Similar to build-key, but protect the private key
53 -export EASY_RSA="${EASY_RSA:-.}"
54 -"$EASY_RSA/pkitool" --interact --pass $*
55 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
56 +/usr/sbin/pkitool --interact --pass $*
57 --- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-pkcs12 2011-04-06 18:05:52.000000000 +0200
58 +++ openvpn-2.2.0/easy-rsa/2.0/build-key-pkcs12 2011-04-27 22:40:10.288627524 +0200
60 # root certificate and convert it to a PKCS #12 file including the
61 # the CA certificate as well.
63 -export EASY_RSA="${EASY_RSA:-.}"
64 -"$EASY_RSA/pkitool" --interact --pkcs12 $*
65 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
66 +/usr/sbin/pkitool --interact --pkcs12 $*
67 --- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-server 2011-04-06 18:05:52.000000000 +0200
68 +++ openvpn-2.2.0/easy-rsa/2.0/build-key-server 2011-04-27 22:41:24.715385295 +0200
70 # Explicitly set nsCertType to server using the "server"
71 # extension in the openssl.cnf file.
73 -export EASY_RSA="${EASY_RSA:-.}"
74 -"$EASY_RSA/pkitool" --interact --server $*
75 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
76 +/usr/sbin/pkitool --interact --server $*
77 --- openvpn-2.2.0-orig/easy-rsa/2.0/build-req 2011-04-06 18:05:52.000000000 +0200
78 +++ openvpn-2.2.0/easy-rsa/2.0/build-req 2011-04-27 22:41:59.636992013 +0200
80 # Build a certificate signing request and private key. Use this
81 # when your root certificate and key is not available locally.
83 -export EASY_RSA="${EASY_RSA:-.}"
84 -"$EASY_RSA/pkitool" --interact --csr $*
85 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
86 +/usr/sbin/pkitool --interact --csr $*
87 --- openvpn-2.2.0-orig/easy-rsa/2.0/build-req-pass 2011-04-06 18:05:52.000000000 +0200
88 +++ openvpn-2.2.0/easy-rsa/2.0/build-req-pass 2011-04-27 22:43:36.938135257 +0200
90 # Like build-req, but protect your private key
93 -export EASY_RSA="${EASY_RSA:-.}"
94 -"$EASY_RSA/pkitool" --interact --csr --pass $*
95 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
96 +/usr/sbin/pkitool --interact --csr --pass $*
97 --- openvpn-2.2.0-orig/easy-rsa/2.0/clean-all 2011-04-06 18:05:52.000000000 +0200
98 +++ openvpn-2.2.0/easy-rsa/2.0/clean-all 2011-04-27 22:44:36.544210785 +0200
100 # Note that this script does a
101 # rm -rf on $KEY_DIR so be careful!
103 +if [ -z "$EASY_RSA" ]; then
104 + . /etc/easy-rsa/vars
107 if [ "$KEY_DIR" ]; then
109 mkdir "$KEY_DIR" && \
110 --- openvpn-2.2.0-orig/easy-rsa/2.0/inherit-inter 2011-04-06 18:05:52.000000000 +0200
111 +++ openvpn-2.2.0/easy-rsa/2.0/inherit-inter 2011-04-27 22:45:20.809580498 +0200
113 # To build an intermediate CA, follow the same steps for a regular PKI but
114 # replace ./build-key or ./pkitool --initca with this script.
116 +if [ -z "$EASY_RSA" ]; then
117 + . /etc/easy-rsa/vars
120 # The EXPORT_CA file will contain the CA certificate chain and should be
121 # referenced by the OpenVPN "ca" directive in config files. The ca.crt file
122 # will only contain the local intermediate CA -- it's needed by the easy-rsa
123 --- easy-rsa-2.2.2/easy-rsa/2.0/list-crl~ 2013-11-09 05:38:30.000000000 +0200
124 +++ easy-rsa-2.2.2/easy-rsa/2.0/list-crl 2015-06-02 21:09:57.640431912 +0300
127 # list revoked certificates
129 +if [ -z "$EASY_RSA" ]; then
130 + . /etc/easy-rsa/vars
135 if [ "$KEY_DIR" ]; then
137 - $OPENSSL crl -text -noout -in "$CRL"
138 + openssl crl -text -noout -in "$CRL"
140 echo 'Please source the vars script first (i.e. "source ./vars")'
141 echo 'Make sure you have edited it to reflect your configuration.'
142 --- easy-rsa-2.2.2/easy-rsa/2.0/pkitool~ 2015-06-02 21:08:57.000000000 +0300
143 +++ easy-rsa-2.2.2/easy-rsa/2.0/pkitool 2015-06-02 21:11:42.382534794 +0300
148 +if [ -z "$EASY_RSA" ]; then
149 + . /etc/easy-rsa/vars
154 echo ' Please edit the vars script to reflect your configuration,'
155 --- openvpn-2.2.0-orig/easy-rsa/2.0/revoke-full 2011-04-06 18:05:52.000000000 +0200
156 +++ openvpn-2.2.0/easy-rsa/2.0/revoke-full 2011-04-27 22:56:07.449351374 +0200
158 # revoke a certificate, regenerate CRL,
159 # and verify revocation
161 +if [ -z "$EASY_RSA" ]; then
162 + . /etc/easy-rsa/vars
171 # revoke key and generate a new CRL
172 - $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG"
173 + openssl ca -revoke "$1" -config "$KEY_CONFIG"
175 # generate a new CRL -- try to be compatible with
177 - $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
178 + openssl ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
179 if [ -e export-ca.crt ]; then
180 cat export-ca.crt "$CRL" >"$RT"
185 # verify the revocation
186 - $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt"
187 + openssl verify -CAfile "$RT" -crl_check "$1"
189 echo 'Please source the vars script first (i.e. "source ./vars")'
190 echo 'Make sure you have edited it to reflect your configuration.'
191 --- openvpn-2.2.0-orig/easy-rsa/2.0/sign-req 2011-04-06 18:05:52.000000000 +0200
192 +++ openvpn-2.2.0/easy-rsa/2.0/sign-req 2011-04-27 22:56:46.124465700 +0200
194 # Sign a certificate signing request (a .csr file)
195 # with a local root certificate and key.
197 -export EASY_RSA="${EASY_RSA:-.}"
198 -"$EASY_RSA/pkitool" --interact --sign $*
199 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
200 +/usr/sbin/pkitool --interact --sign $*
201 --- openvpn-2.2.0-orig/easy-rsa/2.0/vars 2010-10-21 11:18:17.000000000 +0200
202 +++ openvpn-2.2.0/easy-rsa/2.0/vars 2011-04-27 22:58:41.789791888 +0200
204 # This variable should point to
205 # the top level of the easy-rsa
207 -export EASY_RSA="`pwd`"
210 -# This variable should point to
211 -# the requested executables
213 -export OPENSSL="openssl"
214 -export PKCS11TOOL="pkcs11-tool"
217 +export EASY_RSA="/etc/easy-rsa"
219 # This variable should point to
220 # the openssl.cnf file included
222 -export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
223 +export KEY_CONFIG="$EASY_RSA/openssl.cnf"
225 # Edit this variable to point to
226 # your soon-to-be-created key
229 export KEY_DIR="$EASY_RSA/keys"
231 -# Issue rm -rf warning
232 -echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
235 export PKCS11_MODULE_PATH="dummy"
236 export PKCS11_PIN="dummy"