show-expire: Add CA certificate to report

ChangeLog

@@ -2,6 +2,7 @@ Easy-RSA 3 ChangeLog
 
 3.2.1 (TBD)
 
+   * easyrsa-tools.lib, show-expire: Add CA certificate to report (a36cd54) (#1215)
    * inline: OpenVPN TLS Keys inlining for TLS-AUTH, TLS-CRYPT-V1 (6e9e4a2) (#1185)
      Note: Command inline only writes directly to inline file not stdout.
    * easyrsa-tools.lib: OpenVPN TLS Key gen. TLS-AUTH, TLS-CRYPT-V1 (cf0da16) (#1185)

dev/easyrsa-tools.lib

@@ -675,6 +675,26 @@ read_db() {
 
 	done < "$db_in"
 
+	# Add CA to show-expire
+	case  "$report" in
+	expire)
+		# Extract -endate
+		ca_enddate="$(
+			"$EASYRSA_OPENSSL" x509 -in "$EASYRSA_PKI"/ca.crt \
+				-noout -enddate
+		)"
+		ca_enddate="${ca_enddate#*=}"
+
+		# Check CA for expiry
+		if ! will_cert_expire "$EASYRSA_PKI"/ca.crt \
+			"$pre_expire_window_s" 1>/dev/null
+		then
+			# Print CA expiry date
+			printf '%s%s\n' \
+				"CA certificate will expire on $ca_enddate"
+		fi
+	esac
+
 	# Check for target found/valid commonName, if given
 	if [ "$target" ]; then
 		[ "$target_found" ] || \