Compare commits

..

No commits in common. "dev" and "22.12.1" have entirely different histories.
dev ... 22.12.1

4 changed files with 9 additions and 23 deletions

View File

@ -12,23 +12,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Fixed
* Fix mode of shellpki script in README file when installing it
### Removed
### Security
## [22.12.2] 2022-12-13
### Changed
* Defaults default_crl_days to 2 years instead of 1
### Fixed
* Fix ${CRL} and ${CA_DIR} rights so that CRL file can be read by openvpn
## [22.12.1] 2022-12-02
## [22.12] 2022-12-02
### Fixed

View File

@ -16,7 +16,7 @@ be copied to [ansible-roles/openvpn](https://gitea.evolix.org/evolix/ansible-rol
useradd shellpki --system -M --home-dir /etc/shellpki --shell /usr/sbin/nologin
mkdir /etc/shellpki
install -m 0640 openssl.cnf /etc/shellpki/
install -m 0750 shellpki /usr/local/sbin/shellpki
install -m 0755 shellpki /usr/local/sbin/shellpki
chown -R shellpki: /etc/shellpki
~~~
@ -31,7 +31,7 @@ chown -R shellpki: /etc/shellpki
useradd -r 1..1000 -d /etc/shellpki -s /sbin/nologin _shellpki
mkdir /etc/shellpki
install -m 0640 openssl.cnf /etc/shellpki/
install -m 0750 shellpki /usr/local/sbin/shellpki
install -m 0755 shellpki /usr/local/sbin/shellpki
chown -R _shellpki:_shellpki /etc/shellpki
~~~

View File

@ -1,4 +1,4 @@
# VERSION="22.12.2"
# VERSION="22.04"
[ ca ]
default_ca = CA_default
@ -14,7 +14,7 @@ crl = $dir/crl.pem
private_key = $dir/cakey.key
RANDFILE = $dir/.rand
default_days = 365
default_crl_days= 730
default_crl_days= 365
default_md = sha256
preserve = no
policy = policy_match

View File

@ -5,7 +5,7 @@
set -u
VERSION="22.12.2"
VERSION="22.12"
show_version() {
cat <<END
@ -224,7 +224,7 @@ replace_existing_or_abort() {
init() {
umask 0177
[ -d "${CA_DIR}" ] || mkdir -m 0751 "${CA_DIR}"
[ -d "${CA_DIR}" ] || mkdir -m 0750 "${CA_DIR}"
[ -d "${CRT_DIR}" ] || mkdir -m 0750 "${CRT_DIR}"
[ -f "${INDEX_FILE}" ] || touch "${INDEX_FILE}"
[ -f "${INDEX_FILE}.attr" ] || touch "${INDEX_FILE}.attr"
@ -1103,11 +1103,9 @@ main() {
# fix right
chown -R "${PKI_USER}":"${PKI_USER}" "${CA_DIR}"
chmod 750 "${CRT_DIR}" "${KEY_DIR}" "${CSR_DIR}" "${PKCS12_DIR}" "${OVPN_DIR}" "${TMP_DIR}"
chmod 600 "${INDEX_FILE}"* "${SERIAL}"* "${CA_KEY}"
chmod 750 "${CA_DIR}" "${CRT_DIR}" "${KEY_DIR}" "${CSR_DIR}" "${PKCS12_DIR}" "${OVPN_DIR}" "${TMP_DIR}"
chmod 600 "${INDEX_FILE}"* "${SERIAL}"* "${CA_KEY}" "${CRL}"
chmod 640 "${CA_CERT}"
chmod 604 "${CRL}"
chmod 751 "${CA_DIR}"
}
main "$@"