Merge branch 'add-ca-to-show-expire' of ssh://github.com/TinCanTech/e…

…asy-rsa into TinCanTech-add-ca-to-show-expire Signed-off-by: Richard T Bonhomme <[email protected]>
OpenVPN · Aug 18, 2024 · 8f0201a · 8f0201a
2 parents 7cf1f1e + 35aeca0
commit 8f0201a
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -2,6 +2,7 @@ Easy-RSA 3 ChangeLog
 
 3.2.1 (TBD)
 
+   * easyrsa-tools.lib, show-expire: Add CA certificate to report (a36cd54) (#1215)
    * inline: OpenVPN TLS Keys inlining for TLS-AUTH, TLS-CRYPT-V1 (6e9e4a2) (#1185)
      Note: Command inline only writes directly to inline file not stdout.
    * easyrsa-tools.lib: OpenVPN TLS Key gen. TLS-AUTH, TLS-CRYPT-V1 (cf0da16) (#1185)

diff --git a/dev/easyrsa-tools.lib b/dev/easyrsa-tools.lib
@@ -675,6 +675,26 @@ read_db() {
 
 	done < "$db_in"
 
+	# Add CA to show-expire
+	case  "$report" in
+	expire)
+		# Extract -endate
+		ca_enddate="$(
+			"$EASYRSA_OPENSSL" x509 -in "$EASYRSA_PKI"/ca.crt \
+				-noout -enddate
+		)"
+		ca_enddate="${ca_enddate#*=}"
+
+		# Check CA for expiry
+		if ! will_cert_expire "$EASYRSA_PKI"/ca.crt \
+			"$pre_expire_window_s" 1>/dev/null
+		then
+			# Print CA expiry date
+			printf '%s%s\n' \
+				"CA certificate will expire on $ca_enddate"
+		fi
+	esac
+
 	# Check for target found/valid commonName, if given
 	if [ "$target" ]; then
 		[ "$target_found" ] || \