From da3c249a188603372ec7486495cf6e948cbd8c20 Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Mon, 30 Sep 2024 22:32:39 +0100 Subject: [PATCH 1/3] Remove redundant file: index.txt.attr The function of 'index.txt.attr' is to set SSL option "unique_subject = no". This function is handled by 'openssl-easyrsa.cnf' file. Signed-off-by: Richard T Bonhomme --- easyrsa3/easyrsa | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index f39f270e..4d2df172 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -954,6 +954,12 @@ cleanup() { print; cat "$easyrsa_err_log"; print fi + # Remove redundant file: index.txt.attr + if [ -f "$EASYRSA_PKI"/index.txt.attr ]; then + rm -f "$EASYRSA_PKI"/index.txt.attr + verbose "cleanup: DELETED $EASYRSA_PKI/index.txt.attr" + fi + # undo changes BEFORE delete temp-dir # Remove files when build_full()->sign_req() is interrupted [ "$error_build_full_cleanup" ] && \ @@ -1308,7 +1314,7 @@ Run easyrsa without commands for usage and command help." # Allow files to be regular files (or symlinks), # but also pipes, for flexibility with ca.key for i in ca.crt private/ca.key \ - index.txt index.txt.attr serial + index.txt serial do if [ ! -f "$EASYRSA_PKI/$i" ] && \ [ ! -p "$EASYRSA_PKI/$i" ] From da6d2baf2033a23d41dda2b1f0d003af5d1783e5 Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Tue, 1 Oct 2024 00:43:03 +0100 Subject: [PATCH 2/3] Remove redundant code related to 'index.txt.attr' Signed-off-by: Richard T Bonhomme --- dev/easyrsa-tools.lib | 4 ---- easyrsa3/easyrsa | 6 +----- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/dev/easyrsa-tools.lib b/dev/easyrsa-tools.lib index ba3e2e37..cf8b62b8 100644 --- a/dev/easyrsa-tools.lib +++ b/dev/easyrsa-tools.lib @@ -692,10 +692,6 @@ Run easyrsa without commands for usage and command help." creds_in="$in_dir/${file_name_base}.creds" inline_in="$in_dir/inline/${file_name_base}.inline" - # Upgrade CA index.txt.attr - unique_subject = no - print 'unique_subject = no' > "$EASYRSA_PKI/index.txt.attr" || \ - die "Failed to upgrade CA to support renewal." - # deprecate ALL options while [ "$1" ]; do case "$1" in diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 4d2df172..b504a375 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -1313,9 +1313,7 @@ Run easyrsa without commands for usage and command help." # Verify expected files are present. # Allow files to be regular files (or symlinks), # but also pipes, for flexibility with ca.key - for i in ca.crt private/ca.key \ - index.txt serial - do + for i in ca.crt private/ca.key index.txt serial; do if [ ! -f "$EASYRSA_PKI/$i" ] && \ [ ! -p "$EASYRSA_PKI/$i" ] then @@ -1677,8 +1675,6 @@ Unable to create necessary PKI files (permissions?)" # create necessary files: printf "" > \ "$EASYRSA_PKI/index.txt" || die "$err_msg" - printf '%s\n' 'unique_subject = no' \ - > "$EASYRSA_PKI/index.txt.attr" || die "$err_msg" printf '%s\n' "01" \ > "$EASYRSA_PKI/serial" || die "$err_msg" unset -v err_msg From feaaf3bc20e7febf587227aea3c7451a721fa0af Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Wed, 2 Oct 2024 21:31:20 +0100 Subject: [PATCH 3/3] ChangeLog: Remove redundant file index.txt.attr Signed-off-by: Richard T Bonhomme --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 2790f2c9..a07abecc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ Easy-RSA 3 ChangeLog +3.2.2 (TBD) + + * Remove redundant file index.txt.attr (da3c249) (#1233) + 3.2.1 (2024-09-13) * inline: Add decimal value for cert. serial (Linux Only) (b33038e) (#1222)