From a36cd54c1581f5280d537fdcb5b3ce773e5e9cf7 Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Sun, 18 Aug 2024 12:46:07 +0100 Subject: [PATCH] show-expire: Add CA certificate to report Signed-off-by: Richard T Bonhomme --- dev/easyrsa-tools.lib | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/dev/easyrsa-tools.lib b/dev/easyrsa-tools.lib index 4d299f19..c1104b98 100644 --- a/dev/easyrsa-tools.lib +++ b/dev/easyrsa-tools.lib @@ -675,6 +675,26 @@ read_db() { done < "$db_in" + # Add CA to show-expire + case "$report" in + expire) + # Extract -endate + ca_enddate="$( + "$EASYRSA_OPENSSL" x509 -in "$EASYRSA_PKI"/ca.crt \ + -noout -enddate + )" + ca_enddate="${ca_enddate#*=}" + + # Check CA for expiry + if ! will_cert_expire "$EASYRSA_PKI"/ca.crt \ + "$pre_expire_window_s" 1>/dev/null + then + # Print CA expiry date + printf '%s%s\n' \ + "CA certificate will expire on $ca_enddate" + fi + esac + # Check for target found/valid commonName, if given if [ "$target" ]; then [ "$target_found" ] || \