head 1.2; access; symbols pkgsrc-2026Q1:1.2.0.24 pkgsrc-2026Q1-base:1.2 pkgsrc-2025Q4:1.2.0.22 pkgsrc-2025Q4-base:1.2 pkgsrc-2025Q3:1.2.0.20 pkgsrc-2025Q3-base:1.2 pkgsrc-2025Q2:1.2.0.18 pkgsrc-2025Q2-base:1.2 pkgsrc-2025Q1:1.2.0.16 pkgsrc-2025Q1-base:1.2 pkgsrc-2024Q4:1.2.0.14 pkgsrc-2024Q4-base:1.2 pkgsrc-2024Q3:1.2.0.12 pkgsrc-2024Q3-base:1.2 pkgsrc-2024Q2:1.2.0.10 pkgsrc-2024Q2-base:1.2 pkgsrc-2024Q1:1.2.0.8 pkgsrc-2024Q1-base:1.2 pkgsrc-2023Q4:1.2.0.6 pkgsrc-2023Q4-base:1.2 pkgsrc-2023Q3:1.2.0.4 pkgsrc-2023Q3-base:1.2 pkgsrc-2023Q2:1.2.0.2 pkgsrc-2023Q2-base:1.2 pkgsrc-2023Q1:1.1.0.40 pkgsrc-2023Q1-base:1.1 pkgsrc-2022Q4:1.1.0.38 pkgsrc-2022Q4-base:1.1 pkgsrc-2022Q3:1.1.0.36 pkgsrc-2022Q3-base:1.1 pkgsrc-2022Q2:1.1.0.34 pkgsrc-2022Q2-base:1.1 pkgsrc-2022Q1:1.1.0.32 pkgsrc-2022Q1-base:1.1 pkgsrc-2021Q4:1.1.0.30 pkgsrc-2021Q4-base:1.1 pkgsrc-2021Q3:1.1.0.28 pkgsrc-2021Q3-base:1.1 pkgsrc-2021Q2:1.1.0.26 pkgsrc-2021Q2-base:1.1 pkgsrc-2021Q1:1.1.0.24 pkgsrc-2021Q1-base:1.1 pkgsrc-2020Q4:1.1.0.22 pkgsrc-2020Q4-base:1.1 pkgsrc-2020Q3:1.1.0.20 pkgsrc-2020Q3-base:1.1 pkgsrc-2020Q2:1.1.0.18 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.14 pkgsrc-2020Q1-base:1.1 pkgsrc-2019Q4:1.1.0.16 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.12 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.10 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.8 pkgsrc-2019Q1-base:1.1 pkgsrc-2018Q4:1.1.0.6 pkgsrc-2018Q4-base:1.1 pkgsrc-2018Q3:1.1.0.4 pkgsrc-2018Q3-base:1.1 pkgsrc-2018Q2:1.1.0.2 pkgsrc-2018Q2-base:1.1; locks; strict; comment @# @; 1.2 date 2023.06.07.11.10.38; author leot; state Exp; branches; next 1.1; commitid 9gG4N0gaykayq0sE; 1.1 date 2018.06.24.07.31.09; author adam; state Exp; branches; next ; commitid 5RieoiRB24HimvHA; desc @@ 1.2 log @easyrsa: Update to 3.1.4 3.1.4 ----- * build-ca: New option --ca-via-stdin, use SSL -pass* argument 'stdin' * build-ca: Revert manual CA password method to temp-files Release v3.1.3 was fatally flawed, it would fail to build a CA under Windows. Release v3.1.4 is specifically a bugfix ONLY, to resolve the Windows problem. See the following commits for further details: 5d7ad1306d5ebf1588aef77eb3445e70cf5b4ebc build-ca: Revert manual CA password method to temp-files c11135d19b2e7e7385d28abb1132978c849dfa74 build-ca: Use OpenSSL password I/O argument 'stdin' 27870d695a324e278854146afdac5d6bdade9bba build-ca: Replace password temp-file method with file-descriptors Superseded by 5d7ad13 above. 3.1.3 ----- * build-ca: Replace password temp-files with file-descriptors * Replace --fix-offset with --startdate, --enddate * Introduce option -S|--silent-ssl: Silence SSL output * Only create a random serial number file when expected * Always verify SSL lib, for all commands * Option --fix-offset: Adjust off-by-one day * Update OpenSSL to v3.0.8 3.1.2 ----- * build-full: Always enable inline file creation * Make default Edwards curve ED25519 * Allow --fix-offset to create post-dated certificates * Introduce command 'set-pass' * Introduce global option '--nopass|--no-pass' * Introduce global option '--notext|--no-text' * Command 'help': For unknown command, exit with error * Find data-files in the correct order * Update OpenSSL to 3.0.7 for Windows distribution 3.1.1 ----- * Remove command 'renewable' (#715) * Expand 'show-renew', include 'renewed/certs_by_serial' * Resolve long-standing issue with --subca-len=N * ++ NOTICE: Add EasyRSA-Renew-and-Revoke.md * Require 'openssl-easyrsa.cnf' is up to date * Introduce 'renew' (version 3). Only renew cert * Always ensure X509-types files exist * Expand alias '--days' to all suitable options with a period * Introduce --keep-tmp, keep temp files for debugging * Add serialNumber (OID 2.5.4.5) to DN 'org' mode * Support ampersand and dollar-sign in vars file * Introduce 'rewind-renew' * Expand status reports to include checking a single cert * Introduce 'revoke-renewed' * update OpenSSL for Windows to 3.0.5 3.1.0 ----- * Introduce basic support for OpenSSL version 3 * Update regex in grep to be POSIX compliant * Introduce status reporting tools * Display certificates using UTF8 * Allow certificates to be created with fixed date offset * Add 'verify' to verify certificate against CA * Add PKCS#12 alias 'friendlyName' * Support multiple IP-Addresses in SAN * Add option '--renew-days=NN', custom renew grace period * Add 'nopass' option to the 'export-pkcs' functions * Add support for 'busybox' * Add option '--tmp-dir=DIR' to declare Temp-dir 3.0.9 ----- * Upgrade OpenSSL from 1.1.0j to 1.1.1o - We are buliding this ourselves now. * Fix --version so it uses EASYRSA_OPENSSL * Use openssl rand instead of non-POSIX mktemp * Fix paths with spaces * Correct OpenSSL version from Homebrew on macOs * Fix revoking a renewed certificate Follow-up commit: ef22701878bb10df567d60f2ac50dce52a82c9ee * Introduce 'show-crl' * Support Windows-Git 'version of bash' * Disallow use of single quote (') in vars file, Warning * Creating a CA uses x509-types/ca and COMMON * Prefer 'PKI/vars' over all other locations * Introduce 'init-pki soft' option * Warnings are no longer silenced by --batch * Improve packaging options * Update regex for POSIX compliance * Correct date format for Darwin/BSD @ text @$NetBSD: patch-vars.example,v 1.1 2018/06/24 07:31:09 adam Exp $ Set default location for configuration files. --- vars.example.orig 2023-05-24 12:02:30.000000000 +0000 +++ vars.example @@@@ -43,11 +43,7 @@@@ fi # easyrsa. More specific variables for specific files (eg: EASYRSA_SSL_CONF) # may override this default. # -# The default value of this variable is the location of the easyrsa script -# itself, which is also where the configuration files are located in the -# easy-rsa tree. -# -#set_var EASYRSA "${0%/*}" +set_var EASYRSA "@@SYSCONFDIR@@" # If your OpenSSL command is not in the system PATH, you will need to define # the path here. Normally this means a full path to the executable, otherwise @ 1.1 log @easy-rsa: downgraded to 3.0.4 (3.0.5 has not been released) @ text @d1 1 a1 1 $NetBSD$ d5 1 a5 1 --- vars.example.orig 2018-01-21 15:37:26.000000000 +0000 d7 2 a8 3 @@@@ -42,12 +42,8 @@@@ fi # This variable is used as the base location of configuration files needed by # easyrsa. More specific variables for specific files (e.g., EASYRSA_SSL_CONF) d10 1 a10 1 -# d14 1 a14 1 d18 2 a19 2 # If your OpenSSL command is not in the system PATH, you will need to define the # path to it here. Normally this means a full path to the executable, otherwise @