Path to this page:
Subject: CVS commit: pkgsrc/security/easy-rsa
From: Leonardo Taccari
Date: 2023-06-07 13:10:38
Message id: 20230607111038.90EBDFA89@cvs.NetBSD.org
Log Message:
easyrsa: Update to 3.1.4
3.1.4
-----
* build-ca: New option --ca-via-stdin, use SSL -pass* argument 'stdin'
* build-ca: Revert manual CA password method to temp-files
Release v3.1.3 was fatally flawed, it would fail to build a CA under Windows.
Release v3.1.4 is specifically a bugfix ONLY, to resolve the Windows problem.
See the following commits for further details:
5d7ad1306d5ebf1588aef77eb3445e70cf5b4ebc
build-ca: Revert manual CA password method to temp-files
c11135d19b2e7e7385d28abb1132978c849dfa74
build-ca: Use OpenSSL password I/O argument 'stdin'
27870d695a324e278854146afdac5d6bdade9bba
build-ca: Replace password temp-file method with file-descriptors
Superseded by 5d7ad13 above.
3.1.3
-----
* build-ca: Replace password temp-files with file-descriptors
* Replace --fix-offset with --startdate, --enddate
* Introduce option -S|--silent-ssl: Silence SSL output
* Only create a random serial number file when expected
* Always verify SSL lib, for all commands
* Option --fix-offset: Adjust off-by-one day
* Update OpenSSL to v3.0.8
3.1.2
-----
* build-full: Always enable inline file creation
* Make default Edwards curve ED25519
* Allow --fix-offset to create post-dated certificates
* Introduce command 'set-pass'
* Introduce global option '--nopass|--no-pass'
* Introduce global option '--notext|--no-text'
* Command 'help': For unknown command, exit with error
* Find data-files in the correct order
* Update OpenSSL to 3.0.7 for Windows distribution
3.1.1
-----
* Remove command 'renewable' (#715)
* Expand 'show-renew', include 'renewed/certs_by_serial'
* Resolve long-standing issue with --subca-len=N
* ++ NOTICE: Add EasyRSA-Renew-and-Revoke.md
* Require 'openssl-easyrsa.cnf' is up to date
* Introduce 'renew' (version 3). Only renew cert
* Always ensure X509-types files exist
* Expand alias '--days' to all suitable options with a period
* Introduce --keep-tmp, keep temp files for debugging
* Add serialNumber (OID 2.5.4.5) to DN 'org' mode
* Support ampersand and dollar-sign in vars file
* Introduce 'rewind-renew'
* Expand status reports to include checking a single cert
* Introduce 'revoke-renewed'
* update OpenSSL for Windows to 3.0.5
3.1.0
-----
* Introduce basic support for OpenSSL version 3
* Update regex in grep to be POSIX compliant
* Introduce status reporting tools
* Display certificates using UTF8
* Allow certificates to be created with fixed date offset
* Add 'verify' to verify certificate against CA
* Add PKCS#12 alias 'friendlyName'
* Support multiple IP-Addresses in SAN
* Add option '--renew-days=NN', custom renew grace period
* Add 'nopass' option to the 'export-pkcs' functions
* Add support for 'busybox'
* Add option '--tmp-dir=DIR' to declare Temp-dir
3.0.9
-----
* Upgrade OpenSSL from 1.1.0j to 1.1.1o
- We are buliding this ourselves now.
* Fix --version so it uses EASYRSA_OPENSSL
* Use openssl rand instead of non-POSIX mktemp
* Fix paths with spaces
* Correct OpenSSL version from Homebrew on macOs
* Fix revoking a renewed certificate
Follow-up commit: ef22701878bb10df567d60f2ac50dce52a82c9ee
* Introduce 'show-crl'
* Support Windows-Git 'version of bash'
* Disallow use of single quote (') in vars file, Warning
* Creating a CA uses x509-types/ca and COMMON
* Prefer 'PKI/vars' over all other locations
* Introduce 'init-pki soft' option
* Warnings are no longer silenced by --batch
* Improve packaging options
* Update regex for POSIX compliance
* Correct date format for Darwin/BSD
Files: