From a36cd54c1581f5280d537fdcb5b3ce773e5e9cf7 Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Sun, 18 Aug 2024 12:46:07 +0100 Subject: [PATCH 1/2] show-expire: Add CA certificate to report Signed-off-by: Richard T Bonhomme --- dev/easyrsa-tools.lib | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/dev/easyrsa-tools.lib b/dev/easyrsa-tools.lib index 4d299f19..c1104b98 100644 --- a/dev/easyrsa-tools.lib +++ b/dev/easyrsa-tools.lib @@ -675,6 +675,26 @@ read_db() { done < "$db_in" + # Add CA to show-expire + case "$report" in + expire) + # Extract -endate + ca_enddate="$( + "$EASYRSA_OPENSSL" x509 -in "$EASYRSA_PKI"/ca.crt \ + -noout -enddate + )" + ca_enddate="${ca_enddate#*=}" + + # Check CA for expiry + if ! will_cert_expire "$EASYRSA_PKI"/ca.crt \ + "$pre_expire_window_s" 1>/dev/null + then + # Print CA expiry date + printf '%s%s\n' \ + "CA certificate will expire on $ca_enddate" + fi + esac + # Check for target found/valid commonName, if given if [ "$target" ]; then [ "$target_found" ] || \ From 35aeca0f2e8b1783c3288b7c93d67a08412ef1ce Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Sun, 18 Aug 2024 13:21:45 +0100 Subject: [PATCH 2/2] ChangeLog: easyrsa-tools.lib/show-expire: Add CA certificate to report Signed-off-by: Richard T Bonhomme --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 0c0a7584..1c20404a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,7 @@ Easy-RSA 3 ChangeLog 3.2.1 (TBD) + * easyrsa-tools.lib, show-expire: Add CA certificate to report (a36cd54) (#1215) * inline: OpenVPN TLS Keys inlining for TLS-AUTH, TLS-CRYPT-V1 (6e9e4a2) (#1185) Note: Command inline only writes directly to inline file not stdout. * easyrsa-tools.lib: OpenVPN TLS Key gen. TLS-AUTH, TLS-CRYPT-V1 (cf0da16) (#1185)