diff --git a/dev/easyrsa-tools.lib b/dev/easyrsa-tools.lib index b632f9bd2..bc68935a7 100644 --- a/dev/easyrsa-tools.lib +++ b/dev/easyrsa-tools.lib @@ -8,6 +8,9 @@ if [ -z "$EASYRSA_TOOLS_CALLER" ]; then return 1 fi +# Set tools version +EASYRSA_TOOLS_VERSION=1.0.1 + # Get certificate start date # shellcheck disable=2317 # Unreach - ssl_cert_not_before_date() ssl_cert_not_before_date() { @@ -18,7 +21,7 @@ ssl_cert_not_before_date - input error" ssl_cert_not_before_date - missing cert" fn_ssl_out="$( - easyrsa_openssl x509 -in "$1" -noout -startdate + "$EASYRSA_OPENSSL" x509 -in "$1" -noout -startdate )" || die "\ ssl_cert_not_before_date - failed: -startdate" @@ -39,7 +42,7 @@ ssl_cert_not_after_date - input error" ssl_cert_not_after_date - missing cert" fn_ssl_out="$( - easyrsa_openssl x509 -in "$1" -noout -enddate + "$EASYRSA_OPENSSL" x509 -in "$1" -noout -enddate )" || die "\ ssl_cert_not_after_date - failed: -enddate" @@ -62,7 +65,7 @@ iso_8601_cert_startdate: missing cert" # On error return, let the caller decide what to do if fn_ssl_out="$( - easyrsa_openssl x509 -in "$1" -noout \ + "$EASYRSA_OPENSSL" x509 -in "$1" -noout \ -startdate -dateopt iso_8601 )" then @@ -92,8 +95,7 @@ iso_8601_cert_enddate: missing cert" # On error return, let the caller decide what to do if fn_ssl_out="$( - EASYRSA_VERBOSE= - easyrsa_openssl x509 -in "$1" -noout \ + "$EASYRSA_OPENSSL" x509 -in "$1" -noout \ -enddate -dateopt iso_8601 )" then @@ -664,8 +666,7 @@ expire_status: FALL-BACK completed" # Check cert expiry against window # openssl direct call because error is expected - if OPENSSL_CONF=/dev/null \ - "$EASYRSA_OPENSSL" x509 -in "$cert_issued" \ + if "$EASYRSA_OPENSSL" x509 -in "$cert_issued" \ -noout -checkend "$pre_expire_window_s" \ 1>/dev/null then diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 56a9a623c..92cc68fa8 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -5639,6 +5639,20 @@ Use of Status Reports requires Easy-RSA tools library, source: Place a copy of easyrsa-tools.lib in a standard system location." fi + # Verify tools version + if [ "$EASYRSA_TOOLS_VERSION" = 1.0.1 ]; then + verbose "EASYRSA_TOOLS_VERSION: $EASYRSA_TOOLS_VERSION" + else + warn "\ +EasyRSA Tools version is out of date: +* EASYRSA_TOOLS_VERSION: $EASYRSA_TOOLS_VERSION" + fi + + # Validate or create openssl-easyrsa.cnf + write_easyrsa_ssl_cnf_tmp + export OPENSSL_CONF="$EASYRSA_SSL_CONF" + verbose "$cmd: OPENSSL_CONF = $OPENSSL_CONF" + case "$cmd" in show-expire) [ -z "$alias_days" ] || \