-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revoke keep request #1109
Merged
Merged
Revoke keep request #1109
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Richard T Bonhomme <[email protected]>
Command: expire Move certificates from 'pki/issued' to 'pki/expired'. Allows existing requests to be signed again. (IE. Renewal) Command: revoke-expired Revoke certificates in the 'pki/expired' directory. This is achieved by allowing command 'revoke' to also work with files from 'pki/expired'. This is intended to completely replace renewal commands. Signed-off-by: Richard T Bonhomme <[email protected]>
Signed-off-by: Richard T Bonhomme <[email protected]>
Signed-off-by: Richard T Bonhomme <[email protected]>
Windows sh.exe does not provide /dev/null Signed-off-by: Richard T Bonhomme <[email protected]>
Signed-off-by: Richard T Bonhomme <[email protected]>
Signed-off-by: Richard T Bonhomme <[email protected]>
TinCanTech
added
MAJOR CHANGE
ChangeLog Item
Full-Approval
Merge is imminent
Version 3.2.0-Release
and removed
development
Possible changes
labels
Apr 6, 2024
Command 'revoke' accepts a source directory as a variable, to determine which type of certificate to revoke. The types are: 'issued' (standard certificates), 'expired' expired certificates) and 'renewed' (the old renewed directory). The source directory is determined by the command in use. Signed-off-by: Richard T Bonhomme <[email protected]>
Signed-off-by: Richard T Bonhomme <[email protected]>
TinCanTech
force-pushed
the
revoke-keep-request
branch
from
April 7, 2024 21:56
cf5407e
to
2bcfef3
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
EasyRSA command 'renew' has been flawed since its ill-fated inception.
The first version of 'renew' did not renew a certificate from
the original request. Instead, it built a new request, key and
certificate which bore no relation to the original request or key.
Also, certificates which had been "renewed" left a dangling, valid
certificate, which could not be revoked by EasyRSA.
After many attempts to rectify the process of renewal, it is clear
that this is an unnecessary maintenance burden.
This change replaces the renewal process by simply allowing the
original request to be signed again, exactly as it was first signed,
without the need for code to jump through absurd hoops.
In honor of Wayne's World. oooooo baby!