easy-rsa

easy-rsa copied to clipboard

SHA1 Key signature warnings in Debian build for releases 3.x

16

I am the Debian maintainer for easy-rsa. While building the latest release, I received the following output: ``` dpkg-source: info: using source format '3.0 (quilt)' dpkg-source: info: verifying ./easy-rsa_3.1.5.orig.tar.gz.asc gpgv:...

linqigang888

Documentation: `doc/EasyRSA-Passphrase-Automation.md`

3

Passphrases and automation .. it is a conundrum. However, it would be useful if EasyRSA had some documentation on how it is done here .. Options: `--passin=something` and `--passout=something`. FTR:...

TinCanTech

init-pki: Option SOFT, keep certificate signing requests

2

This allows a new CA to sign certificates "in the field".

TinCanTech

Ref: #409 Not strictly `POSIX`. And not at all Windows. Follow-up: #561

TinCanTech

#1073, #1075 and more.. Improve the safe-guard made here: https://github.com/OpenVPN/easy-rsa/blob/f92ca403ac9ac3e9522d0caca513cd3b314efc8c/distro/windows/bin/easyrsa-shell-init.sh#L111-L124 If Windows does not work then there is no point going further than here. Revert: - https://github.com/OpenVPN/easy-rsa/commit/14ffb55115cf67632d19ef37257338a5b1f2cffc

TinCanTech

With certain exceptions, e.g. 'help', use standard indentation rules for shell-command 'case'. (Use 'git diff -w' for a clean summary)

TinCanTech

TinCanTech

[SECURITY] Possible Code Injection Issue

6

[deleted for security purposes]

jmrcsnchz

Until there is a POC to define the point to a `soft` init, this is history.

TinCanTech

A `soft` option infers that there is history to a PKI. Command `init-pki` _specifically_ **destroys** ALL history. While there may be obscure reasons to preserve history, preserving `vars` is better...

TinCanTech