A disabled key is not detected when no sub-key is used in easytls-cryptv2-verify.sh

[jivco]

Hi,

The check if a key is in disabled list is not working if there is no subkey:

266 # Search disabled list for client serial number
267 fn_search_disabled_list ()
268 {
269         grep -c "^${md_serial}[[:blank:]]${md_name}[[:blank:]]${md_subkey}$" \
270                 "$disabled_list"
271 }

If ${md_subkey} is empty the blank match before it should not be present.

Maybe the function has to be something like that:

266 # Search disabled list for client serial number
267 fn_search_disabled_list ()
268 {
269         if [ "${md_subkey}" = "000000000000" ]; then
270             grep -c "^${md_serial}[[:blank:]]${md_name}$" \
271                 "$disabled_list"
272         else
273             grep -c "^${md_serial}[[:blank:]]${md_name}[[:blank:]]${md_subkey}$" \
274                 "$disabled_list"
275         fi
276 }

[TinCanTech]

HI, thanks for reporting this.

sub-key-name was complicated to integrate and so I do expect there to be some problems.

What you describe certainly makes sense and I'll take a close look soon.

[TinCanTech]

#104

[TinCanTech]

Please let me know if this works for you. It passed my tests.

[TinCanTech]

I don't know when you created your keys, so this may not work for you as-is.

If you have time, please try again with git/master/easy-tls and easytls-crypt-v2-verify.sh and new keys.

Tip:

• Do not change Easy-RSA
• Use ./easytls init-tls to start Easy-TLS again, this will not effect Easy-RSA.

[jivco]

I have tested with the new versions of easy-tls and easytls-crypt-v2-verify.sh and new keys and it is working OK.
Thank you.

[TinCanTech]

Thank you.