Merge branch 'TinCanTech-crl-to-der'

TinCanTech · TinCanTech · commit 7a372a4a8f84 · 2024-08-03T17:33:38.000+01:00
Signed-off-by: Richard T Bonhomme &lt;tincantech@protonmail.com&gt;
diff --git a/ChangeLog b/ChangeLog
@@ -2,6 +2,7 @@ Easy-RSA 3 ChangeLog
 
 3.2.1 (TBD)
 
+   * gen-crl: Create additional CRL in DER format (69df0d8) (#1198)
    * self-sign: Allow Edwards Curve based keys (81b749b) (#1197)
    * Re-enable command 'renew' (version 2): Requires EasyRSA Tools (30fe311) (#1195)
    * bug-fix: revoke: Pass the correct certificate location (24d5514)
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
@@ -3439,6 +3439,7 @@ It is now possible to sign a new certificate for '$file_name_base'"
 # gen-crl backend
 gen_crl() {
 	out_file="$EASYRSA_PKI/crl.pem"
+	out_der="$EASYRSA_PKI/crl.der"
 
 	out_file_tmp=""
 	easyrsa_mktemp out_file_tmp || \
@@ -3461,7 +3462,19 @@ gen_crl() {
 		die "Failed to move temp CRL file."
 	fi
 
+	# Copy to DER - As published by OpenSSL
+	if "$EASYRSA_OPENSSL" crl -in "$out_file" -out "$out_der" \
+		 -outform DER
+	then
+		crl_der_note="An updated CRL DER copy has been created:
+* $out_der"
+	else
+		crl_der_note="Failed to create CRL DER copy!"
+	fi
+
 	notice "\
+$crl_der_note
+
 An updated CRL has been created:
 * $out_file"
 
