gen-crl: Use SSL option '-crldays' not '-days'

SSL option -days only configures certificate lifetime, it does not
apply to the life-time of a CRL. For a CRL SSL option -crldays is
required.

The script only succeeded before because openssl-easyrsa.cnf file
always configured "default_crl_days = $EASYRSA_CRL_DAYS".

Changing the function to use -crldays means that 'default_crl_days'
field can be removed from openssl-easyrsa.cnf file.

However, this change only removes 'default_crl_days' from the auto-
generated version of openssl-easyrsa.cnf - This means no changes
are required for packaging the SSL config file.

Signed-off-by: Richard T Bonhomme <[email protected]>

easyrsa3/easyrsa

@@ -3187,7 +3187,7 @@ gen_crl() {
 	fi
 
 	easyrsa_openssl ca -utf8 -gencrl -out "$out_file_tmp" \
-		${EASYRSA_CRL_DAYS:+ -days "$EASYRSA_CRL_DAYS"} \
+		${EASYRSA_CRL_DAYS:+ -crldays "$EASYRSA_CRL_DAYS"} \
 		${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} || \
 			die "CRL Generation failed."
 
@@ -5801,8 +5801,14 @@ x509_extensions	= basic_exts		# The extensions to add to the cert
 # is designed for will. In return, we get the Issuer attached to CRLs.
 crl_extensions	= crl_ext
 
+# These fields are always configured via the command line.
+# These fields are removed from this here-doc but retained
+# in 'openssl-easyrsa.cnf' file, in case something breaks.
+# default_days is no longer required by Easy-RSA
 default_days	= $ENV::EASYRSA_CERT_EXPIRE	# how long to certify for
-default_crl_days	= $ENV::EASYRSA_CRL_DAYS	# how long before next CRL
+# default_crl_days is no longer required by Easy-RSA
+#default_crl_days	= $ENV::EASYRSA_CRL_DAYS	# how long before next CRL
+
 default_md	= $ENV::EASYRSA_DIGEST		# use public key default MD
 preserve	= no			# keep passed DN ordering