1 --- openvpn-2.2.0-orig/easy-rsa/2.0/build-ca 2011-04-06 18:05:52.000000000 +0200
2 +++ openvpn-2.2.0/easy-rsa/2.0/build-ca 2011-04-27 22:34:59.357652908 +0200
4 # Build a root certificate
7 -export EASY_RSA="${EASY_RSA:-.}"
8 -"$EASY_RSA/pkitool" --interact --initca $*
9 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
10 +/usr/sbin/pkitool --interact --initca $*
11 --- openvpn-2.2.0/easy-rsa/2.0/build-dh 2011-04-27 22:36:11.867656490 +0200
12 +++ easy-rsa-2.2.2/easy-rsa/2.0/build-dh 2015-06-02 21:31:45.871587248 +0300
14 # Build Diffie-Hellman parameters for the server side
15 # of an SSL/TLS connection.
17 +if [ -z "$EASY_RSA" ]; then
18 + . /etc/easy-rsa/vars
22 +[ -n "$OPENSSL" ] || export OPENSSL="openssl"
24 if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then
25 --- openvpn-2.2.0-orig/easy-rsa/2.0/build-inter 2011-04-06 18:05:52.000000000 +0200
26 +++ openvpn-2.2.0/easy-rsa/2.0/build-inter 2011-04-27 22:37:59.789289422 +0200
28 # Make an intermediate CA certificate/private key pair using a locally generated
31 -export EASY_RSA="${EASY_RSA:-.}"
32 -"$EASY_RSA/pkitool" --interact --inter $*
33 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
34 +/usr/sbin/pkitool --interact --inter $*
35 --- openvpn-2.2.0-orig/easy-rsa/2.0/build-key 2011-04-06 18:05:52.000000000 +0200
36 +++ openvpn-2.2.0/easy-rsa/2.0/build-key 2011-04-27 22:38:35.330924876 +0200
38 # Make a certificate/private key pair using a locally generated
41 -export EASY_RSA="${EASY_RSA:-.}"
42 -"$EASY_RSA/pkitool" --interact $*
43 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
44 +/usr/sbin/pkitool --interact $*
45 --- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-pass 2011-04-06 18:05:52.000000000 +0200
46 +++ openvpn-2.2.0/easy-rsa/2.0/build-key-pass 2011-04-27 22:39:23.919827311 +0200
48 # Similar to build-key, but protect the private key
51 -export EASY_RSA="${EASY_RSA:-.}"
52 -"$EASY_RSA/pkitool" --interact --pass $*
53 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
54 +/usr/sbin/pkitool --interact --pass $*
55 --- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-pkcs12 2011-04-06 18:05:52.000000000 +0200
56 +++ openvpn-2.2.0/easy-rsa/2.0/build-key-pkcs12 2011-04-27 22:40:10.288627524 +0200
58 # root certificate and convert it to a PKCS #12 file including the
59 # the CA certificate as well.
61 -export EASY_RSA="${EASY_RSA:-.}"
62 -"$EASY_RSA/pkitool" --interact --pkcs12 $*
63 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
64 +/usr/sbin/pkitool --interact --pkcs12 $*
65 --- openvpn-2.2.0-orig/easy-rsa/2.0/build-key-server 2011-04-06 18:05:52.000000000 +0200
66 +++ openvpn-2.2.0/easy-rsa/2.0/build-key-server 2011-04-27 22:41:24.715385295 +0200
68 # Explicitly set nsCertType to server using the "server"
69 # extension in the openssl.cnf file.
71 -export EASY_RSA="${EASY_RSA:-.}"
72 -"$EASY_RSA/pkitool" --interact --server $*
73 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
74 +/usr/sbin/pkitool --interact --server $*
75 --- openvpn-2.2.0-orig/easy-rsa/2.0/build-req 2011-04-06 18:05:52.000000000 +0200
76 +++ openvpn-2.2.0/easy-rsa/2.0/build-req 2011-04-27 22:41:59.636992013 +0200
78 # Build a certificate signing request and private key. Use this
79 # when your root certificate and key is not available locally.
81 -export EASY_RSA="${EASY_RSA:-.}"
82 -"$EASY_RSA/pkitool" --interact --csr $*
83 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
84 +/usr/sbin/pkitool --interact --csr $*
85 --- openvpn-2.2.0-orig/easy-rsa/2.0/build-req-pass 2011-04-06 18:05:52.000000000 +0200
86 +++ openvpn-2.2.0/easy-rsa/2.0/build-req-pass 2011-04-27 22:43:36.938135257 +0200
88 # Like build-req, but protect your private key
91 -export EASY_RSA="${EASY_RSA:-.}"
92 -"$EASY_RSA/pkitool" --interact --csr --pass $*
93 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
94 +/usr/sbin/pkitool --interact --csr --pass $*
95 --- openvpn-2.2.0-orig/easy-rsa/2.0/clean-all 2011-04-06 18:05:52.000000000 +0200
96 +++ openvpn-2.2.0/easy-rsa/2.0/clean-all 2011-04-27 22:44:36.544210785 +0200
98 # Note that this script does a
99 # rm -rf on $KEY_DIR so be careful!
101 +if [ -z "$EASY_RSA" ]; then
102 + . /etc/easy-rsa/vars
105 if [ "$KEY_DIR" ]; then
107 mkdir "$KEY_DIR" && \
108 --- openvpn-2.2.0-orig/easy-rsa/2.0/inherit-inter 2011-04-06 18:05:52.000000000 +0200
109 +++ openvpn-2.2.0/easy-rsa/2.0/inherit-inter 2011-04-27 22:45:20.809580498 +0200
111 # To build an intermediate CA, follow the same steps for a regular PKI but
112 # replace ./build-key or ./pkitool --initca with this script.
114 +if [ -z "$EASY_RSA" ]; then
115 + . /etc/easy-rsa/vars
118 # The EXPORT_CA file will contain the CA certificate chain and should be
119 # referenced by the OpenVPN "ca" directive in config files. The ca.crt file
120 # will only contain the local intermediate CA -- it's needed by the easy-rsa
121 --- easy-rsa-2.2.2/easy-rsa/2.0/list-crl 2015-06-02 21:09:57.640431912 +0300
122 +++ easy-rsa-2.2.2/easy-rsa/2.0/list-crl 2015-06-02 21:28:49.245772384 +0300
125 # list revoked certificates
127 +if [ -z "$EASY_RSA" ]; then
128 + . /etc/easy-rsa/vars
132 +[ -n "$OPENSSL" ] || export OPENSSL="openssl"
136 if [ "$KEY_DIR" ]; then
137 --- easy-rsa-2.2.2/easy-rsa/2.0/pkitool~ 2015-06-02 21:08:57.000000000 +0300
138 +++ easy-rsa-2.2.2/easy-rsa/2.0/pkitool 2015-06-02 21:11:42.382534794 +0300
143 +if [ -z "$EASY_RSA" ]; then
144 + . /etc/easy-rsa/vars
149 echo ' Please edit the vars script to reflect your configuration,'
150 --- openvpn-2.2.0/easy-rsa/2.0/revoke-full 2011-04-27 22:56:07.449351374 +0200
151 +++ easy-rsa-2.2.2/easy-rsa/2.0/revoke-full 2015-06-02 21:30:26.690819476 +0300
153 # revoke a certificate, regenerate CRL,
154 # and verify revocation
156 +if [ -z "$EASY_RSA" ]; then
157 + . /etc/easy-rsa/vars
161 +[ -n "$OPENSSL" ] || export OPENSSL="openssl"
166 --- openvpn-2.2.0-orig/easy-rsa/2.0/sign-req 2011-04-06 18:05:52.000000000 +0200
167 +++ openvpn-2.2.0/easy-rsa/2.0/sign-req 2011-04-27 22:56:46.124465700 +0200
169 # Sign a certificate signing request (a .csr file)
170 # with a local root certificate and key.
172 -export EASY_RSA="${EASY_RSA:-.}"
173 -"$EASY_RSA/pkitool" --interact --sign $*
174 +export EASY_RSA="${EASY_RSA:-/etc/easy-rsa}"
175 +/usr/sbin/pkitool --interact --sign $*
176 --- openvpn-2.2.0-orig/easy-rsa/2.0/vars 2010-10-21 11:18:17.000000000 +0200
177 +++ openvpn-2.2.0/easy-rsa/2.0/vars 2011-04-27 22:58:41.789791888 +0200
179 # This variable should point to
180 # the top level of the easy-rsa
182 -export EASY_RSA="`pwd`"
185 -# This variable should point to
186 -# the requested executables
188 -export OPENSSL="openssl"
189 -export PKCS11TOOL="pkcs11-tool"
192 +export EASY_RSA="/etc/easy-rsa"
194 # This variable should point to
195 # the openssl.cnf file included
197 -export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
198 +export KEY_CONFIG="$EASY_RSA/openssl.cnf"
200 # Edit this variable to point to
201 # your soon-to-be-created key
204 export KEY_DIR="$EASY_RSA/keys"
206 -# Issue rm -rf warning
207 -echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
210 export PKCS11_MODULE_PATH="dummy"
211 export PKCS11_PIN="dummy"