Path to this page:
./
security/easy-rsa,
CLI utility to build and manage a PKI CA
Branch: CURRENT,
Version: 3.2.1,
Package name: easy-rsa-3.2.1,
Maintainer: pkgsrc-userseasy-rsa is a CLI utility to build and manage a PKI CA. In laymen's terms,
this means to create a root certificate authority, and request and sign
certificates, including sub-CAs and certificate revokation lists (CRL).
Required to build:[
pkgtools/cwrappers]
Master sites:
Filesize: 78.044 KB
Version history: (Expand)
- (2024-09-23) Updated to version: easy-rsa-3.2.1
- (2024-06-08) Updated to version: easy-rsa-3.2.0
- (2023-12-05) Updated to version: easy-rsa-3.1.7
- (2023-09-06) Updated to version: easy-rsa-3.1.6
- (2023-08-05) Updated to version: easy-rsa-3.1.5
- (2023-06-07) Updated to version: easy-rsa-3.1.4
CVS history: (Expand)
2023-12-05 19:29:16 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
easy-rsa: updated to 3.1.7
3.1.7 (2023-10-13)
Rewrite vars-auto-detect, adhere to EasyRSA-Advanced.md
Under the hood, this is a considerable change but there are no user
noticable differences. With the exception of:
Caveat: The default '$PWD/pki/vars' file is forbidden to change either
EASYRSA or EASYRSA_PKI, which are both implied by default.
EasyRSA-Advanced.md: Correct vars-auto-detect hierarchy
Commit: ecd6506
EASYRSA/vars is moved to a higher priority than a default PKI.
vars-auto-detect no longer searches 'easyrsa' program directory.
gen-crl: preserve existing crl.pem ownership+mode
New command: make-vars - Print vars.example (here-doc) to stdout
show-expire: Calculate cert. expire seconds from DB date
Update OpenSSL to 3.1.2
|
2023-09-06 22:13:08 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
easy-rsa: updated to 3.1.6
3.1.6 (2023-07-18)
* New commands: 'inline' and 'x509-eku'
inline: Build an inline file for a commonName
x509-eku: Extract X509v3 extended key usage from a certificate
* Expose serial-check, display-dn, display-san and default-san to
command line.
* Expand default status to include vars-file and CA status
* sign-req: Allow the CSR DN-field order to be preserved
|
2023-08-05 09:11:08 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
easy-rsa: updated to 3.1.5
3.1.5 (2023-06-10)
Build Update: script now supports signing and verifying
Automate support-file creation (Free packaging)
build-ca: New command option 'raw-ca', abbrevation: 'raw'
This 'raw' method, is the most reliable way to build a CA,
with a password, without writing the CA password to a temp-file.
This option completely replaces both methods below:
build-ca: New option --ca-via-stdin, use SSL -pass* argument 'stdin'
Option '--ca-via-stdin' offers no more security than standard method.
Easy-RSA version 3.1.4 ONLY.
build-ca: Replace password temp-files with file-descriptors
Using file-descriptors does not work in Windows.
Easy-RSA version 3.1.3 ONLY.
|
2023-06-07 13:10:38 by Leonardo Taccari | Files touched by this commit (5) | |
Log message:
easyrsa: Update to 3.1.4
3.1.4
-----
* build-ca: New option --ca-via-stdin, use SSL -pass* argument 'stdin'
* build-ca: Revert manual CA password method to temp-files
Release v3.1.3 was fatally flawed, it would fail to build a CA under Windows.
Release v3.1.4 is specifically a bugfix ONLY, to resolve the Windows problem.
See the following commits for further details:
5d7ad1306d5ebf1588aef77eb3445e70cf5b4ebc
build-ca: Revert manual CA password method to temp-files
c11135d19b2e7e7385d28abb1132978c849dfa74
build-ca: Use OpenSSL password I/O argument 'stdin'
27870d695a324e278854146afdac5d6bdade9bba
build-ca: Replace password temp-file method with file-descriptors
Superseded by 5d7ad13 above.
3.1.3
-----
* build-ca: Replace password temp-files with file-descriptors
* Replace --fix-offset with --startdate, --enddate
* Introduce option -S|--silent-ssl: Silence SSL output
* Only create a random serial number file when expected
* Always verify SSL lib, for all commands
* Option --fix-offset: Adjust off-by-one day
* Update OpenSSL to v3.0.8
3.1.2
-----
* build-full: Always enable inline file creation
* Make default Edwards curve ED25519
* Allow --fix-offset to create post-dated certificates
* Introduce command 'set-pass'
* Introduce global option '--nopass|--no-pass'
* Introduce global option '--notext|--no-text'
* Command 'help': For unknown command, exit with error
* Find data-files in the correct order
* Update OpenSSL to 3.0.7 for Windows distribution
3.1.1
-----
* Remove command 'renewable' (#715)
* Expand 'show-renew', include 'renewed/certs_by_serial'
* Resolve long-standing issue with --subca-len=N
* ++ NOTICE: Add EasyRSA-Renew-and-Revoke.md
* Require 'openssl-easyrsa.cnf' is up to date
* Introduce 'renew' (version 3). Only renew cert
* Always ensure X509-types files exist
* Expand alias '--days' to all suitable options with a period
* Introduce --keep-tmp, keep temp files for debugging
* Add serialNumber (OID 2.5.4.5) to DN 'org' mode
* Support ampersand and dollar-sign in vars file
* Introduce 'rewind-renew'
* Expand status reports to include checking a single cert
* Introduce 'revoke-renewed'
* update OpenSSL for Windows to 3.0.5
3.1.0
-----
* Introduce basic support for OpenSSL version 3
* Update regex in grep to be POSIX compliant
* Introduce status reporting tools
* Display certificates using UTF8
* Allow certificates to be created with fixed date offset
* Add 'verify' to verify certificate against CA
* Add PKCS#12 alias 'friendlyName'
* Support multiple IP-Addresses in SAN
* Add option '--renew-days=NN', custom renew grace period
* Add 'nopass' option to the 'export-pkcs' functions
* Add support for 'busybox'
* Add option '--tmp-dir=DIR' to declare Temp-dir
3.0.9
-----
* Upgrade OpenSSL from 1.1.0j to 1.1.1o
- We are buliding this ourselves now.
* Fix --version so it uses EASYRSA_OPENSSL
* Use openssl rand instead of non-POSIX mktemp
* Fix paths with spaces
* Correct OpenSSL version from Homebrew on macOs
* Fix revoking a renewed certificate
Follow-up commit: ef22701878bb10df567d60f2ac50dce52a82c9ee
* Introduce 'show-crl'
* Support Windows-Git 'version of bash'
* Disallow use of single quote (') in vars file, Warning
* Creating a CA uses x509-types/ca and COMMON
* Prefer 'PKI/vars' over all other locations
* Introduce 'init-pki soft' option
* Warnings are no longer silenced by --batch
* Improve packaging options
* Update regex for POSIX compliance
* Correct date format for Darwin/BSD
|
2023-06-06 18:15:25 by Leonardo Taccari | Files touched by this commit (3) |
Log message:
easy-rsa: Add some portability fixes
Gracefully handle date(1) calls on NetBSD and stick with POSIX "basic" \
regular
expression when using sed(1).
(Not shared upstream because probably both of these problems are solved
by a quick code skim.)
PKGREVISION++
|
2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605) |
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
|
2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606) |
Log message:
security: Remove SHA1 hashes for distfiles
|
2020-11-17 13:14:17 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
easy-rsa: updated to 3.0.8
3.0.8 (2020-09-09)
* Provide --version option
* Version information now within generated certificates like on *nix
* Fixed issue where gen-dh overwrote existing files without warning
* Fixed issue with ED/EC certificates were still signed by RSA
* Added support for export-p8
* Clarified error message
* 2->3 upgrade now errors and prints message when vars isn't found
* Update OpenSSL Windows binaries to 1.1.1g
|