Jérémy Dubois
754c3455e0
Release 22.04
2022-04-14 17:20:04 +02:00
Jérémy Dubois
d614079138
Update CHANGELOG
2022-04-14 17:15:20 +02:00
Jérémy Dubois
7a034a2a17
Some files must be copied to ansible-roles/openvpn
2022-04-14 16:47:33 +02:00
Jérémy Dubois
42de07cb66
Add version to files that will be copied out of this repo so that we easily know if they will need an update
2022-04-14 16:21:38 +02:00
Jérémy Dubois
992fde0930
Precising that the --end-date hour is in UTC +0
2022-04-14 15:53:59 +02:00
Jérémy Dubois
6165ccec6c
Generate CRL only if (re)generating CA
2022-04-14 15:51:07 +02:00
Jérémy Dubois
55e02c6a13
Check if CN already exists only after having asked for user password
...
Otherwise, with "-p", "--replace-existing" and "--non-interactive", with
CA_PASSWORD set but PASSWORD unset, the existing certificate was revoked but
the new one could'nt be created. Now, PASSWORD must be set or the exisiting
certificate won't be revoked
2022-04-14 15:18:57 +02:00
Jérémy Dubois
ba2f553ef4
Do not use --password and --password-file together
2022-04-14 15:01:09 +02:00
Jérémy Dubois
97f1affa1b
Create crl file after init of PKI
2022-04-04 18:13:37 +02:00
Jérémy Dubois
14a65fa42d
Change SUFFIX to use human readable date instead of epoch
2022-04-04 17:55:37 +02:00
Jérémy Dubois
c76b7a02ca
Split show_usage for each subcommand, add --version and --help in addition to version and help, update VERSION
2022-04-04 17:37:20 +02:00
Jérémy Dubois
1fa4ff205e
Parse date in ISO format rather than US format
2022-04-04 17:01:19 +02:00
Jérémy Dubois
554f6166c9
Forget to delete a debug line
2022-03-29 18:59:09 +02:00
Jérémy Dubois
85c3324713
Update Copyright
2022-03-29 18:48:45 +02:00
Jérémy Dubois
9f13a42355
Handle the case where --days argument is not a number or a negative one
...
Before this test, the error was displayed but ignored and the certificate was
still created depending on the default_days value in openssl.cnf
2022-03-29 18:42:28 +02:00
Jérémy Dubois
abf6fb131c
Do not use --end-date and --days together
2022-03-29 18:20:16 +02:00
Jérémy Dubois
191ba257d9
Fix parsing options when no option is given
2022-03-29 18:19:33 +02:00
Jérémy Dubois
e42af2183c
Fix --non-interactive behavior: there were still some prompts to the user
2022-03-29 18:18:01 +02:00
Jérémy Dubois
a640892ecb
Syntax: no space before ":"
2022-03-29 18:17:03 +02:00
Jérémy Dubois
6d71a5a177
Fix end-date format depending on system
2022-03-29 18:15:57 +02:00
Jérémy Dubois
047c6e334a
Improve README and show_usage
2022-03-29 18:10:47 +02:00
Jérémy Dubois
5f27702f17
Delete ovpn.conf.example unnecessary here
...
shellpki alone is not enough to install OpenVPN, and the openvpn role provides
the openvpn server configuration
2022-03-29 18:01:23 +02:00
Jérémy Dubois
50fc8c2d21
README file : delete unnecessary leading spaces
2022-03-22 18:11:17 +01:00
Jérémy Dubois
d0c6a55538
README file and show_usage function : replace "cert" with "certificate"
2022-03-22 18:08:57 +01:00
Jérémy Dubois
da7809f3c0
Update README file and show_usage function : forgotten information
2022-03-22 18:04:03 +01:00
Jérémy Dubois
4a2e5c93f1
Update README file and show_usage function
2022-03-22 18:01:22 +01:00
Jérémy Lecour
d48dc132be
fix replace-existing and non-interactive confict
2022-03-14 14:40:50 +01:00
Jérémy Dubois
69db5a80aa
More conventional "list" parsing
2022-03-14 11:03:36 +01:00
Jérémy Dubois
c92f7a5a7e
Change ovpn example file to match the openvpn ansible role and wiki
2022-03-14 10:55:28 +01:00
Jérémy Dubois
af24b1469d
Add nobind option to client config
2022-03-14 10:55:06 +01:00
Jérémy Lecour
e8ced03988
add .ovpn example
2022-03-11 14:12:27 +01:00
Jérémy Lecour
4bb24707b0
simplify "list" options parsing
2022-03-11 14:10:53 +01:00
Jérémy Lecour
10edbb19fa
init can be "non-interactive"
2022-03-11 14:10:32 +01:00
Jérémy Lecour
6cc29fb1f8
reorder functions
2022-03-11 14:09:58 +01:00
Jérémy Lecour
68e4648694
fix shellcheck violations
2022-03-11 11:44:09 +01:00
Jérémy Lecour
41d0ca261d
extract get_real_path function to normalize readlink arguments
2022-03-11 11:38:01 +01:00
Jérémy Lecour
593cf4a9f3
show usage if list has no argument, instead of "set -u" error
2022-03-11 11:36:20 +01:00
Jérémy Dubois
4b2b8a95ff
cert-expirations.sh: search for valid certificates in the index file rather than in a directory where files could be deleted with the certificates still being valids
2022-02-18 11:45:12 +01:00
Jérémy Dubois
92ee845207
New script cn-validation.sh for OpenVPN
2021-06-14 14:30:34 +02:00
Jérémy Dubois
fb22db8dac
cert-expirations.sh => certificates names can contain upper case characters
2021-03-02 10:08:32 +01:00
Jérémy Dubois
0bf2bfe60c
cert-expirations.sh : warning about UTC hours
2021-02-08 15:36:31 +01:00
Jérémy Dubois
847694339c
cert-expirations.sh => certificates names can contain "_" in it
2020-11-06 11:19:38 +01:00
Jérémy Dubois
9deb73b548
cert-expirations.sh => certificates names can contain "@" in it
2020-11-06 10:53:00 +01:00
Jérémy Dubois
ff7737e733
Add backup carp check to cert-expirations.sh
2020-11-06 10:14:03 +01:00
Jérémy Lecour
9f3b0a4cd4
list: better options parsing
2020-10-12 23:49:51 +02:00
Jérémy Lecour
83d0ef2449
"shellpki revoke" can be run interactively or not
2020-10-12 23:38:32 +02:00
Jérémy Lecour
c83f210387
default values for variables in tests
2020-10-12 23:27:24 +02:00
Jérémy Lecour
75e36189c5
"shellpki init" can be executed interactively or not
2020-10-12 23:27:05 +02:00
Jérémy Lecour
530cd3b333
update changelog
2020-09-07 09:49:53 +02:00
Jérémy Lecour
c335b30623
cert-expirations.sh
script to print out certificates expiration dates
2020-09-04 14:50:13 +02:00
Jérémy Lecour
a6c153b546
Copy files if destination exists
2020-05-06 00:40:36 +02:00
Jérémy Lecour
99e5b8a386
whitespace
2020-05-06 00:39:39 +02:00
Jérémy Lecour
fdb9f46e35
Display key file path on success
2020-05-06 00:39:23 +02:00
Jérémy Lecour
ab4e3e5de1
Rename --revoke-existing
to --replace-existing
2020-05-06 00:38:57 +02:00
Jérémy Lecour
123d5f5c05
split lines
2020-05-06 00:00:00 +02:00
Jérémy Lecour
6bb05a6366
Add --revoke-existing
command line option
2020-05-05 23:50:04 +02:00
Jérémy Lecour
1c4b68f571
Use error() and warning() functions in options parsing
2020-05-05 23:49:10 +02:00
Jérémy Lecour
3e2bbe8de5
lowercase variable
2020-05-05 23:20:54 +02:00
Jérémy Lecour
e04f686651
Prevent use of uninitialized variables
2020-05-05 23:20:36 +02:00
Jérémy Lecour
f94f7d8cd3
Add --non-interactive
command line option
2020-05-05 23:19:29 +02:00
Jérémy Lecour
0c4d36cb57
improve error display
2020-05-05 15:24:06 +02:00
Jérémy Lecour
d9f866fc3a
typo
2020-05-05 15:06:15 +02:00
Jérémy Lecour
fa5a344ef4
Remove "set -e" and add many return code checks
2020-05-05 11:45:11 +02:00
Jérémy Lecour
229aab510a
Emit errors if files are missing
2020-05-05 11:30:37 +02:00
Jérémy Lecour
3161e93856
Restore forgotten output redirection
...
It had been removed temporarily to debug an issue
2020-05-05 10:49:33 +02:00
Jérémy Lecour
dfeaf77b9f
Extract ask_user_password() function
2020-05-05 10:47:09 +02:00
Jérémy Lecour
706608ca4a
Use inline pass phrase arguments
...
It doesn't seem more or less secure to embed the password as an argument
than an environment variable written at the begining of the line.
2020-05-05 10:46:42 +02:00
Jérémy Lecour
bb20053ba0
Simplify openssl commands composition
2020-05-05 09:42:54 +02:00
Jérémy Lecour
8e92d46ecd
Let OpenSSL read the password file itself
2020-05-05 09:24:09 +02:00
Jérémy Lecour
165c96ca55
Extract variables for files
2020-05-05 00:28:00 +02:00
Jérémy Lecour
7506003f53
Add --days and --end-date command line options
2020-05-05 00:22:35 +02:00
Jérémy Lecour
a30be3872f
Extract is_user() and is_group() functions
2020-05-04 23:16:19 +02:00
Jérémy Lecour
09c1a7a579
wording
2020-05-04 23:12:56 +02:00
Jérémy Lecour
d8a5d04fd0
Extract function cert_end_date()
2020-05-04 23:12:48 +02:00
Jérémy Lecour
7630d8b182
whitespaces
2020-05-04 23:08:19 +02:00
Jérémy Lecour
857bb4b239
explicit checks on exit code
2020-05-04 23:06:51 +02:00
Jérémy Lecour
df6d06d848
Add option to revoke the existing certificate when creating one.
2020-05-04 23:02:48 +02:00
Jérémy Lecour
a9b2fdd832
verify_ca_password() looks for a previously set password and verifies it
2020-05-04 18:55:10 +02:00
Jérémy Lecour
21182a8dcf
CA key length is configurable (minimum 4096)
2020-05-04 18:53:14 +02:00
Jérémy Lecour
b03e77d307
More readable variable names
2020-05-04 18:16:39 +02:00
Jérémy Lecour
420fcddb90
whitespaces and if/then normalization
2020-05-04 18:07:20 +02:00
Jérémy Lecour
f63caa0779
fix variable name
2020-05-04 17:58:13 +02:00
Jérémy Lecour
480077b600
update CHANGELOG for password-file option
2020-05-04 17:45:28 +02:00
Jérémy Lecour
1443df56bc
Rename internal function usage() to show_usage()
2020-05-04 17:44:01 +02:00
Jérémy Lecour
48b282c2df
Add a version number and version
command
2020-05-04 17:43:09 +02:00
Jérémy Lecour
536de976cc
Check on $USER was always true
2020-05-04 17:42:01 +02:00
Jérémy Lecour
2e6c4f541f
Create a CHANGELOG
2020-05-04 17:41:21 +02:00
Jérémy Lecour
921cba15b6
accept a password file
2020-05-04 14:21:58 +02:00
Jérémy Lecour
f4e53c374a
ask for CA password before user password
2020-04-30 16:00:34 +02:00