Skip to content

Commit

Permalink
Merge branch 'TinCanTech-add-ca-to-show-expire'
Browse files Browse the repository at this point in the history
Signed-off-by: Richard T Bonhomme <[email protected]>
  • Loading branch information
TinCanTech committed Aug 18, 2024
2 parents 7cf1f1e + 8f0201a commit 775e021
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 0 deletions.
1 change: 1 addition & 0 deletions ChangeLog
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ Easy-RSA 3 ChangeLog

3.2.1 (TBD)

* easyrsa-tools.lib, show-expire: Add CA certificate to report (a36cd54) (#1215)
* inline: OpenVPN TLS Keys inlining for TLS-AUTH, TLS-CRYPT-V1 (6e9e4a2) (#1185)
Note: Command inline only writes directly to inline file not stdout.
* easyrsa-tools.lib: OpenVPN TLS Key gen. TLS-AUTH, TLS-CRYPT-V1 (cf0da16) (#1185)
Expand Down
20 changes: 20 additions & 0 deletions dev/easyrsa-tools.lib
Original file line number Diff line number Diff line change
Expand Up @@ -675,6 +675,26 @@ read_db() {

done < "$db_in"

# Add CA to show-expire
case "$report" in
expire)
# Extract -endate
ca_enddate="$(
"$EASYRSA_OPENSSL" x509 -in "$EASYRSA_PKI"/ca.crt \
-noout -enddate
)"
ca_enddate="${ca_enddate#*=}"

# Check CA for expiry
if ! will_cert_expire "$EASYRSA_PKI"/ca.crt \
"$pre_expire_window_s" 1>/dev/null
then
# Print CA expiry date
printf '%s%s\n' \
"CA certificate will expire on $ca_enddate"
fi
esac

# Check for target found/valid commonName, if given
if [ "$target" ]; then
[ "$target_found" ] || \
Expand Down

0 comments on commit 775e021

Please sign in to comment.