Skip to content

Commit 605d34d

Browse files
TinCanTechTinCanTech
committed
Merge branch 'TinCanTech-pkcs12-base64-inline'
Signed-off-by: Richard T Bonhomme <[email protected]>
2 parents 4f62ba3 + 1e3f594 commit 605d34d

File tree

2 files changed

+37
-0
lines changed

2 files changed

+37
-0
lines changed

ChangeLog

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ Easy-RSA 3 ChangeLog
22

33
3.2.1 (TBD)
44

5+
* export-p12: Automatically generate inline file (9d90370) (#1181)
56
* Introduce global option --auto-san, use commonName as SAN (5c36d44) (#1180)
67
* Introduce global option --san-crit, mark SAN critical (dd69f50) (#1179)
78
* Introduce new global options: --ku-crit and --bc-crit (b79abee) (#1176)

easyrsa3/easyrsa

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3661,9 +3661,12 @@ Missing User Certificate, expected at:
36613661
fi
36623662

36633663
# Complete export
3664+
inline_out=
3665+
inline_msg=
36643666
case "$pkcs_type" in
36653667
p12)
36663668
pkcs_out="$EASYRSA_PKI/private/$file_name_base.p12"
3669+
inline_out="$EASYRSA_PKI/inline/$file_name_base-p12.inline"
36673670

36683671
[ "$legacy" ] && \
36693672
error_info="SSL library may not support -legacy mode"
@@ -3682,6 +3685,37 @@ Missing User Certificate, expected at:
36823685
${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} \
36833686
${EASYRSA_PASSOUT:+ -passout "$EASYRSA_PASSOUT"} \
36843687
|| die "Failed to export PKCS#12"
3688+
3689+
# Inline .p12 only
3690+
# Get cert CN
3691+
inline_CN="$(
3692+
"$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -subject \
3693+
-nameopt multiline,-esc_msb | grep 'commonName'
3694+
)" || die "export_pkcs - inline_CN FAILED"
3695+
inline_CN="${inline_CN##*= }"
3696+
3697+
# BASE64 encode pkcs12
3698+
inline_tmp=
3699+
easyrsa_mktemp inline_tmp || die "export_pkcs - inline_tmp"
3700+
if "$EASYRSA_OPENSSL" enc -a -in "$pkcs_out" > "$inline_tmp"
3701+
then
3702+
# make inline file
3703+
{
3704+
print "\
3705+
# Easy-RSA inline file: pkcs12
3706+
# commonName: ${inline_CN}${NL}"
3707+
print "<pkcs12>"
3708+
cat "$inline_tmp"
3709+
print "</pkcs12>"
3710+
} > "$inline_out" || die "export_pkcs - make inline"
3711+
3712+
inline_msg="\
3713+
A BASE64 encoded inline file has also been created at:
3714+
* ${inline_out}${NL}"
3715+
else
3716+
inline_msg="\
3717+
Failed to create a BASE64 encoded inline file${NL}"
3718+
fi
36853719
;;
36863720
p7)
36873721
pkcs_out="$EASYRSA_PKI/issued/$file_name_base.p7b"
@@ -3731,9 +3765,11 @@ Missing User Certificate, expected at:
37313765
*) die "Unknown PKCS type: $pkcs_type"
37323766
esac
37333767

3768+
# User messages
37343769
notice "\
37353770
Successful export of $pkcs_type file. Your exported file is at:
37363771
* $pkcs_out"
3772+
[ "$inline_msg" ] && print "$inline_msg"
37373773

37383774
return 0
37393775
} # => export_pkcs()

0 commit comments

Comments
 (0)