]>
Commit | Line | Data |
---|---|---|
7b891ac1 AM |
1 | --- openvpn-2.2.0-orig/easy-rsa/2.0/build-ca 2011-04-06 18:05:52.000000000 +0200 |
2 | +++ openvpn-2.2.0/easy-rsa/2.0/build-ca 2011-04-27 22:34:59.357652908 +0200 | |
3 | @@ -4,5 +4,5 @@ | |
4 | # Build a root certificate | |
5 | # | |
6 | ||
7 | -export EASY_RSA="${EASY_RSA:-.}" | |
8 | -"$EASY_RSA/pkitool" --interact --initca $* | |
9 | +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}" | |
10 | +/usr/sbin/pkitool --interact --initca $* | |
948aa51d ER |
11 | --- openvpn-2.2.0/easy-rsa/2.0/build-dh 2011-04-27 22:36:11.867656490 +0200 |
12 | +++ easy-rsa-2.2.2/easy-rsa/2.0/build-dh 2015-06-02 21:31:45.871587248 +0300 | |
13 | @@ -3,4 +3,11 @@ | |
7b891ac1 AM |
14 | # Build Diffie-Hellman parameters for the server side |
15 | # of an SSL/TLS connection. | |
16 | ||
17 | +if [ -z "$EASY_RSA" ]; then | |
18 | + . /etc/easy-rsa/vars | |
19 | +fi | |
948aa51d ER |
20 | + |
21 | +# Set tool defaults | |
22 | +[ -n "$OPENSSL" ] || export OPENSSL="openssl" | |
7b891ac1 AM |
23 | + |
24 | if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then | |
7b891ac1 AM |
25 | --- openvpn-2.2.0-orig/easy-rsa/2.0/build-inter 2011-04-06 18:05:52.000000000 +0200 |
26 | +++ openvpn-2.2.0/easy-rsa/2.0/build-inter 2011-04-27 22:37:59.789289422 +0200 | |
27 | @@ -3,5 +3,5 @@ | |
28 | # Make an intermediate CA certificate/private key pair using a locally generated | |
29 | # root certificate. | |
30 | ||
31 | -export EASY_RSA="${EASY_RSA:-.}" | |
32 | -"$EASY_RSA/pkitool" --interact --inter $* | |
33 | +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}" | |
34 | +/usr/sbin/pkitool --interact --inter $* | |
7b891ac1 AM |
35 | --- openvpn-2.2.0-orig/easy-rsa/2.0/build-key 2011-04-06 18:05:52.000000000 +0200 |
36 | +++ openvpn-2.2.0/easy-rsa/2.0/build-key 2011-04-27 22:38:35.330924876 +0200 | |
37 | @@ -3,5 +3,5 @@ | |
38 | # Make a certificate/private key pair using a locally generated | |
39 | # root certificate. | |
40 | ||
41 | -export EASY_RSA="${EASY_RSA:-.}" | |
42 | -"$EASY_RSA/pkitool" --interact $* | |
43 | +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}" | |
44 | +/usr/sbin/pkitool --interact $* | |
7b891ac1 AM |
45 | --- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-pass 2011-04-06 18:05:52.000000000 +0200 |
46 | +++ openvpn-2.2.0/easy-rsa/2.0/build-key-pass 2011-04-27 22:39:23.919827311 +0200 | |
47 | @@ -3,5 +3,5 @@ | |
48 | # Similar to build-key, but protect the private key | |
49 | # with a password. | |
50 | ||
51 | -export EASY_RSA="${EASY_RSA:-.}" | |
52 | -"$EASY_RSA/pkitool" --interact --pass $* | |
53 | +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}" | |
54 | +/usr/sbin/pkitool --interact --pass $* | |
7b891ac1 AM |
55 | --- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-pkcs12 2011-04-06 18:05:52.000000000 +0200 |
56 | +++ openvpn-2.2.0/easy-rsa/2.0/build-key-pkcs12 2011-04-27 22:40:10.288627524 +0200 | |
57 | @@ -4,5 +4,5 @@ | |
58 | # root certificate and convert it to a PKCS #12 file including the | |
59 | # the CA certificate as well. | |
60 | ||
61 | -export EASY_RSA="${EASY_RSA:-.}" | |
62 | -"$EASY_RSA/pkitool" --interact --pkcs12 $* | |
63 | +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}" | |
64 | +/usr/sbin/pkitool --interact --pkcs12 $* | |
7b891ac1 AM |
65 | --- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-server 2011-04-06 18:05:52.000000000 +0200 |
66 | +++ openvpn-2.2.0/easy-rsa/2.0/build-key-server 2011-04-27 22:41:24.715385295 +0200 | |
67 | @@ -6,5 +6,5 @@ | |
68 | # Explicitly set nsCertType to server using the "server" | |
69 | # extension in the openssl.cnf file. | |
70 | ||
71 | -export EASY_RSA="${EASY_RSA:-.}" | |
72 | -"$EASY_RSA/pkitool" --interact --server $* | |
73 | +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}" | |
74 | +/usr/sbin/pkitool --interact --server $* | |
7b891ac1 AM |
75 | --- openvpn-2.2.0-orig/easy-rsa/2.0/build-req 2011-04-06 18:05:52.000000000 +0200 |
76 | +++ openvpn-2.2.0/easy-rsa/2.0/build-req 2011-04-27 22:41:59.636992013 +0200 | |
77 | @@ -3,5 +3,5 @@ | |
78 | # Build a certificate signing request and private key. Use this | |
79 | # when your root certificate and key is not available locally. | |
80 | ||
81 | -export EASY_RSA="${EASY_RSA:-.}" | |
82 | -"$EASY_RSA/pkitool" --interact --csr $* | |
83 | +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}" | |
84 | +/usr/sbin/pkitool --interact --csr $* | |
7b891ac1 AM |
85 | --- openvpn-2.2.0-orig/easy-rsa/2.0/build-req-pass 2011-04-06 18:05:52.000000000 +0200 |
86 | +++ openvpn-2.2.0/easy-rsa/2.0/build-req-pass 2011-04-27 22:43:36.938135257 +0200 | |
87 | @@ -3,5 +3,5 @@ | |
88 | # Like build-req, but protect your private key | |
89 | # with a password. | |
90 | ||
91 | -export EASY_RSA="${EASY_RSA:-.}" | |
92 | -"$EASY_RSA/pkitool" --interact --csr --pass $* | |
93 | +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}" | |
94 | +/usr/sbin/pkitool --interact --csr --pass $* | |
7b891ac1 AM |
95 | --- openvpn-2.2.0-orig/easy-rsa/2.0/clean-all 2011-04-06 18:05:52.000000000 +0200 |
96 | +++ openvpn-2.2.0/easy-rsa/2.0/clean-all 2011-04-27 22:44:36.544210785 +0200 | |
97 | @@ -4,6 +4,10 @@ | |
98 | # Note that this script does a | |
99 | # rm -rf on $KEY_DIR so be careful! | |
100 | ||
101 | +if [ -z "$EASY_RSA" ]; then | |
102 | + . /etc/easy-rsa/vars | |
103 | +fi | |
104 | + | |
105 | if [ "$KEY_DIR" ]; then | |
106 | rm -rf "$KEY_DIR" | |
107 | mkdir "$KEY_DIR" && \ | |
7b891ac1 AM |
108 | --- openvpn-2.2.0-orig/easy-rsa/2.0/inherit-inter 2011-04-06 18:05:52.000000000 +0200 |
109 | +++ openvpn-2.2.0/easy-rsa/2.0/inherit-inter 2011-04-27 22:45:20.809580498 +0200 | |
110 | @@ -9,6 +9,10 @@ | |
111 | # To build an intermediate CA, follow the same steps for a regular PKI but | |
112 | # replace ./build-key or ./pkitool --initca with this script. | |
113 | ||
114 | +if [ -z "$EASY_RSA" ]; then | |
115 | + . /etc/easy-rsa/vars | |
116 | +fi | |
117 | + | |
118 | # The EXPORT_CA file will contain the CA certificate chain and should be | |
119 | # referenced by the OpenVPN "ca" directive in config files. The ca.crt file | |
120 | # will only contain the local intermediate CA -- it's needed by the easy-rsa | |
948aa51d ER |
121 | --- easy-rsa-2.2.2/easy-rsa/2.0/list-crl 2015-06-02 21:09:57.640431912 +0300 |
122 | +++ easy-rsa-2.2.2/easy-rsa/2.0/list-crl 2015-06-02 21:28:49.245772384 +0300 | |
123 | @@ -2,6 +2,13 @@ | |
7b891ac1 AM |
124 | |
125 | # list revoked certificates | |
126 | ||
127 | +if [ -z "$EASY_RSA" ]; then | |
d5801c5f | 128 | + . /etc/easy-rsa/vars |
7b891ac1 | 129 | +fi |
948aa51d ER |
130 | + |
131 | +# Set tool defaults | |
132 | +[ -n "$OPENSSL" ] || export OPENSSL="openssl" | |
7b891ac1 AM |
133 | + |
134 | CRL="${1:-crl.pem}" | |
135 | ||
136 | if [ "$KEY_DIR" ]; then | |
d5801c5f ER |
137 | --- easy-rsa-2.2.2/easy-rsa/2.0/pkitool~ 2015-06-02 21:08:57.000000000 +0300 |
138 | +++ easy-rsa-2.2.2/easy-rsa/2.0/pkitool 2015-06-02 21:11:42.382534794 +0300 | |
7b891ac1 AM |
139 | @@ -42,6 +42,10 @@ |
140 | exit 1 | |
141 | } | |
142 | ||
143 | +if [ -z "$EASY_RSA" ]; then | |
144 | + . /etc/easy-rsa/vars | |
145 | +fi | |
146 | + | |
147 | need_vars() | |
148 | { | |
149 | echo ' Please edit the vars script to reflect your configuration,' | |
948aa51d ER |
150 | --- openvpn-2.2.0/easy-rsa/2.0/revoke-full 2011-04-27 22:56:07.449351374 +0200 |
151 | +++ easy-rsa-2.2.2/easy-rsa/2.0/revoke-full 2015-06-02 21:30:26.690819476 +0300 | |
152 | @@ -3,6 +3,13 @@ | |
7b891ac1 AM |
153 | # revoke a certificate, regenerate CRL, |
154 | # and verify revocation | |
155 | ||
156 | +if [ -z "$EASY_RSA" ]; then | |
157 | + . /etc/easy-rsa/vars | |
158 | +fi | |
948aa51d ER |
159 | + |
160 | +# Set tool defaults | |
161 | +[ -n "$OPENSSL" ] || export OPENSSL="openssl" | |
7b891ac1 AM |
162 | + |
163 | CRL="crl.pem" | |
164 | RT="revoke-test.pem" | |
165 | ||
7b891ac1 AM |
166 | --- openvpn-2.2.0-orig/easy-rsa/2.0/sign-req 2011-04-06 18:05:52.000000000 +0200 |
167 | +++ openvpn-2.2.0/easy-rsa/2.0/sign-req 2011-04-27 22:56:46.124465700 +0200 | |
168 | @@ -3,5 +3,5 @@ | |
169 | # Sign a certificate signing request (a .csr file) | |
170 | # with a local root certificate and key. | |
171 | ||
172 | -export EASY_RSA="${EASY_RSA:-.}" | |
173 | -"$EASY_RSA/pkitool" --interact --sign $* | |
174 | +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}" | |
175 | +/usr/sbin/pkitool --interact --sign $* | |
7b891ac1 AM |
176 | --- openvpn-2.2.0-orig/easy-rsa/2.0/vars 2010-10-21 11:18:17.000000000 +0200 |
177 | +++ openvpn-2.2.0/easy-rsa/2.0/vars 2011-04-27 22:58:41.789791888 +0200 | |
178 | @@ -12,21 +12,12 @@ | |
179 | # This variable should point to | |
180 | # the top level of the easy-rsa | |
181 | # tree. | |
182 | -export EASY_RSA="`pwd`" | |
183 | - | |
184 | -# | |
185 | -# This variable should point to | |
186 | -# the requested executables | |
187 | -# | |
188 | -export OPENSSL="openssl" | |
189 | -export PKCS11TOOL="pkcs11-tool" | |
190 | -export GREP="grep" | |
191 | - | |
192 | +export EASY_RSA="/etc/easy-rsa" | |
193 | ||
194 | # This variable should point to | |
195 | # the openssl.cnf file included | |
196 | # with easy-rsa. | |
197 | -export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` | |
198 | +export KEY_CONFIG="$EASY_RSA/openssl.cnf" | |
199 | ||
200 | # Edit this variable to point to | |
201 | # your soon-to-be-created key | |
202 | @@ -38,9 +29,6 @@ | |
203 | # it correctly! | |
204 | export KEY_DIR="$EASY_RSA/keys" | |
205 | ||
206 | -# Issue rm -rf warning | |
207 | -echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR | |
208 | - | |
209 | # PKCS11 fixes | |
210 | export PKCS11_MODULE_PATH="dummy" | |
211 | export PKCS11_PIN="dummy" |