From 69df0d805e3cf709ecb50ce6c78c493e94965ae7 Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Sat, 3 Aug 2024 05:06:25 +0100 Subject: [PATCH 1/2] gen-crl: Create additional CRL in DER format Signed-off-by: Richard T Bonhomme --- easyrsa3/easyrsa | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 1fcabbc6..4c554a20 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -3439,6 +3439,7 @@ It is now possible to sign a new certificate for '$file_name_base'" # gen-crl backend gen_crl() { out_file="$EASYRSA_PKI/crl.pem" + out_der="$EASYRSA_PKI/crl.der" out_file_tmp="" easyrsa_mktemp out_file_tmp || \ @@ -3461,7 +3462,19 @@ gen_crl() { die "Failed to move temp CRL file." fi + # Copy to DER - As published by OpenSSL + if "$EASYRSA_OPENSSL" crl -in "$out_file" -out "$out_der" \ + -outform DER + then + crl_der_note="An updated CRL DER copy has been created: +* $out_der" + else + crl_der_note="Failed to create CRL DER copy!" + fi + notice "\ +$crl_der_note + An updated CRL has been created: * $out_file" From 28d2fba4f388e12c026f5c4ae32160740d8e4b9f Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Sat, 3 Aug 2024 17:24:43 +0100 Subject: [PATCH 2/2] ChangeLog: gen-crl, create additional CRL in DER format Signed-off-by: Richard T Bonhomme --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 1479888b..c1cc7091 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,7 @@ Easy-RSA 3 ChangeLog 3.2.1 (TBD) + * gen-crl: Create additional CRL in DER format (69df0d8) (#1198) * self-sign: Allow Edwards Curve based keys (81b749b) (#1197) * Re-enable command 'renew' (version 2): Requires EasyRSA Tools (30fe311) (#1195) * bug-fix: revoke: Pass the correct certificate location (24d5514)