|
|
@@ -0,0 +1,152 @@
|
|
|
+--- a/easy-rsa/2.0/build-ca
|
|
|
++++ b/easy-rsa/2.0/build-ca
|
|
|
+@@ -5,4 +5,4 @@
|
|
|
+ #
|
|
|
+
|
|
|
+ export EASY_RSA="${EASY_RSA:-.}"
|
|
|
+-"$EASY_RSA/pkitool" --interact --initca $*
|
|
|
++"/usr/sbin/pkitool" --interact --initca $*
|
|
|
+--- a/easy-rsa/2.0/build-dh
|
|
|
++++ b/easy-rsa/2.0/build-dh
|
|
|
+@@ -1,5 +1,7 @@
|
|
|
+ #!/bin/sh
|
|
|
+
|
|
|
++. /etc/easy-rsa/vars
|
|
|
++
|
|
|
+ # Build Diffie-Hellman parameters for the server side
|
|
|
+ # of an SSL/TLS connection.
|
|
|
+
|
|
|
+--- a/easy-rsa/2.0/build-inter
|
|
|
++++ b/easy-rsa/2.0/build-inter
|
|
|
+@@ -4,4 +4,4 @@
|
|
|
+ # root certificate.
|
|
|
+
|
|
|
+ export EASY_RSA="${EASY_RSA:-.}"
|
|
|
+-"$EASY_RSA/pkitool" --interact --inter $*
|
|
|
++"/usr/sbin/pkitool" --interact --inter $*
|
|
|
+--- a/easy-rsa/2.0/build-key
|
|
|
++++ b/easy-rsa/2.0/build-key
|
|
|
+@@ -4,4 +4,4 @@
|
|
|
+ # root certificate.
|
|
|
+
|
|
|
+ export EASY_RSA="${EASY_RSA:-.}"
|
|
|
+-"$EASY_RSA/pkitool" --interact $*
|
|
|
++"/usr/sbin/pkitool" --interact $*
|
|
|
+--- a/easy-rsa/2.0/build-key-pass
|
|
|
++++ b/easy-rsa/2.0/build-key-pass
|
|
|
+@@ -4,4 +4,4 @@
|
|
|
+ # with a password.
|
|
|
+
|
|
|
+ export EASY_RSA="${EASY_RSA:-.}"
|
|
|
+-"$EASY_RSA/pkitool" --interact --pass $*
|
|
|
++"/usr/sbin/pkitool" --interact --pass $*
|
|
|
+--- a/easy-rsa/2.0/build-key-pkcs12
|
|
|
++++ b/easy-rsa/2.0/build-key-pkcs12
|
|
|
+@@ -5,4 +5,4 @@
|
|
|
+ # the CA certificate as well.
|
|
|
+
|
|
|
+ export EASY_RSA="${EASY_RSA:-.}"
|
|
|
+-"$EASY_RSA/pkitool" --interact --pkcs12 $*
|
|
|
++"/usr/sbin/pkitool" --interact --pkcs12 $*
|
|
|
+--- a/easy-rsa/2.0/build-key-server
|
|
|
++++ b/easy-rsa/2.0/build-key-server
|
|
|
+@@ -7,4 +7,4 @@
|
|
|
+ # extension in the openssl.cnf file.
|
|
|
+
|
|
|
+ export EASY_RSA="${EASY_RSA:-.}"
|
|
|
+-"$EASY_RSA/pkitool" --interact --server $*
|
|
|
++"/usr/sbin/pkitool" --interact --server $*
|
|
|
+--- a/easy-rsa/2.0/build-req
|
|
|
++++ b/easy-rsa/2.0/build-req
|
|
|
+@@ -4,4 +4,4 @@
|
|
|
+ # when your root certificate and key is not available locally.
|
|
|
+
|
|
|
+ export EASY_RSA="${EASY_RSA:-.}"
|
|
|
+-"$EASY_RSA/pkitool" --interact --csr $*
|
|
|
++"/usr/sbin/pkitool" --interact --csr $*
|
|
|
+--- a/easy-rsa/2.0/build-req-pass
|
|
|
++++ b/easy-rsa/2.0/build-req-pass
|
|
|
+@@ -4,4 +4,4 @@
|
|
|
+ # with a password.
|
|
|
+
|
|
|
+ export EASY_RSA="${EASY_RSA:-.}"
|
|
|
+-"$EASY_RSA/pkitool" --interact --csr --pass $*
|
|
|
++"/usr/sbin/pkitool" --interact --csr --pass $*
|
|
|
+--- a/easy-rsa/2.0/clean-all
|
|
|
++++ b/easy-rsa/2.0/clean-all
|
|
|
+@@ -1,5 +1,7 @@
|
|
|
+ #!/bin/sh
|
|
|
+
|
|
|
++. /etc/easy-rsa/vars
|
|
|
++
|
|
|
+ # Initialize the $KEY_DIR directory.
|
|
|
+ # Note that this script does a
|
|
|
+ # rm -rf on $KEY_DIR so be careful!
|
|
|
+--- a/easy-rsa/2.0/inherit-inter
|
|
|
++++ b/easy-rsa/2.0/inherit-inter
|
|
|
+@@ -1,5 +1,7 @@
|
|
|
+ #!/bin/sh
|
|
|
+
|
|
|
++. /etc/easy-rsa/vars
|
|
|
++
|
|
|
+ # Build a new PKI which is rooted on an intermediate certificate generated
|
|
|
+ # by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should
|
|
|
+ # have independent vars settings, and must use a different KEY_DIR directory
|
|
|
+--- a/easy-rsa/2.0/list-crl
|
|
|
++++ b/easy-rsa/2.0/list-crl
|
|
|
+@@ -1,5 +1,7 @@
|
|
|
+ #!/bin/sh
|
|
|
+
|
|
|
++. /etc/easy-rsa/vars
|
|
|
++
|
|
|
+ # list revoked certificates
|
|
|
+
|
|
|
+ CRL="${1:-crl.pem}"
|
|
|
+--- a/easy-rsa/2.0/pkitool
|
|
|
++++ b/easy-rsa/2.0/pkitool
|
|
|
+@@ -1,5 +1,7 @@
|
|
|
+ #!/bin/sh
|
|
|
+
|
|
|
++. /etc/easy-rsa/vars
|
|
|
++
|
|
|
+ # OpenVPN -- An application to securely tunnel IP networks
|
|
|
+ # over a single TCP/UDP port, with support for SSL/TLS-based
|
|
|
+ # session authentication and key exchange,
|
|
|
+--- a/easy-rsa/2.0/revoke-full
|
|
|
++++ b/easy-rsa/2.0/revoke-full
|
|
|
+@@ -1,5 +1,7 @@
|
|
|
+ #!/bin/sh
|
|
|
+
|
|
|
++. /etc/easy-rsa/vars
|
|
|
++
|
|
|
+ # revoke a certificate, regenerate CRL,
|
|
|
+ # and verify revocation
|
|
|
+
|
|
|
+--- a/easy-rsa/2.0/sign-req
|
|
|
++++ b/easy-rsa/2.0/sign-req
|
|
|
+@@ -4,4 +4,4 @@
|
|
|
+ # with a local root certificate and key.
|
|
|
+
|
|
|
+ export EASY_RSA="${EASY_RSA:-.}"
|
|
|
+-"$EASY_RSA/pkitool" --interact --sign $*
|
|
|
++"/usr/sbin/pkitool" --interact --sign $*
|
|
|
+--- a/easy-rsa/2.0/vars
|
|
|
++++ b/easy-rsa/2.0/vars
|
|
|
+@@ -12,7 +12,7 @@
|
|
|
+ # This variable should point to
|
|
|
+ # the top level of the easy-rsa
|
|
|
+ # tree.
|
|
|
+-export EASY_RSA="`pwd`"
|
|
|
++export EASY_RSA="/etc/easy-rsa"
|
|
|
+
|
|
|
+ #
|
|
|
+ # This variable should point to
|
|
|
+@@ -26,7 +26,7 @@
|
|
|
+ # This variable should point to
|
|
|
+ # the openssl.cnf file included
|
|
|
+ # with easy-rsa.
|
|
|
+-export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
|
|
|
++export KEY_CONFIG=`/usr/sbin/whichopensslcnf $EASY_RSA`
|
|
|
+
|
|
|
+ # Edit this variable to point to
|
|
|
+ # your soon-to-be-created key
|
Jo-Philipp Wich