Teco Boot

No warnings anymore on my invalid PKI db. Before: ``` root@host:~/easy-rsa/easyrsa3# ./easyrsa --renew-days=99999 show-expire Notice ------ * Showing certificates which expire in less than 99999 days (--renew-days): ./easyrsa: 3482: [:...

OK, I'll produce test results. Attached test result with master. [Issue 626 - problem.txt](https://github.com/OpenVPN/easy-rsa/files/9280366/Issue.626.-.problem.txt) Couple of findings: - vars handling is different in v3.0.6 and current master; - with unique_subject...

There is an issue with show-expire caused by the older but still valid certs: .. show-expire: ./easyrsa: 3478: [: Illegal number: ./easyrsa: 3478: [: Illegal number: Line is: if [...

The rewind-renew doesn't work for these older certs. [Issue 626 - revoke-renewed.txt](https://github.com/OpenVPN/easy-rsa/files/9280557/Issue.626.-.revoke-renewed.txt) Easy-RSA error: Unable to revoke as no renewed certificate was found. Certificate was expected at: /root/easy-rsa/easyrsa3/pki/renewed/issued/17F4A03B99101C17986D7CC955855B86.crt The problem...

Here first attempt to fix show-expire or basics for show-older: ``` root@host:~/easy-rsa/easyrsa3# git diff easyrsa diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 256c878..1464a03 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -3475,10 +3475,17 @@...

> > * vars handling is different in v3.0.6 and current master > > True - However, the only _serious difference_ is that the preferred location of `vars` is now...

> Your work for `show-older` is based on certificates which should **not** exist, so I cannot proceed with that option. OK, with the protection by https://github.com/OpenVPN/easy-rsa/commit/5b4fd2b484adc6e2f506b62eb54fc38adc802766 it is not needed....

> EasyRSA version `3.1.1` (**git/master**) now includes these status reports: > > * `show-expire` - List certificates which will expire soon. > * `show-revoke` - List certificates which are revoked....

Have a fix for the "corrupt" PKI? Now I have: ``` root@host:~/easy-rsa/easyrsa3# ./easyrsa --renew-days=99999 show-expire Notice ------ * Showing certificates which expire in less than 99999 days (--renew-days): V |...

I revoked the fix and reran the testscript. Result: ``` root@host:~/easy-rsa/easyrsa3# cat pki/index.txt V 241110155612Z A347D033EBB501418145AC840E2E4A5B unknown /CN=client-1 V 241110155612Z A6FAE9867E46635386C490CAF91F81FC unknown /CN=client-1 R 241110155612Z 220808155612Z A08D3B46F37861CDEF1804E02276C484 unknown /CN=client-1 root@host:~/easy-rsa/easyrsa3#...