Merge branch 'TinCanTech-inline_file-decimal-serial'

Signed-off-by: Richard T Bonhomme <[email protected]>
OpenVPN · Sep 5, 2024 · 3f60a68 · 3f60a68
2 parents 47db1c3 + 9da8727
commit 3f60a68
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -2,6 +2,7 @@ Easy-RSA 3 ChangeLog
 
 3.2.1 (TBD)
 
+   * inline: Add decimal value for cert. serial (Linux Only) (b33038e) (#1222)
    * Always exit with error for unknown command options (Except nopass) (#1221)
      (build-ca: b2f7912); (gen-req: 07f21d3); (build_full(): 0ff7f4c);
      (export_pkcs(): 2c51288); (set-pass: 1266d4e)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
@@ -2991,6 +2991,23 @@ inline_file() {
 $(cat "$crt_source")
 </cert>"
 
+		# Calculate decimal value for serial number
+		# because openvpn uses decimal serial ?!?
+		# for '--crl-verify /path/to/dir dir'
+		# For reasons unknown..
+		if which bc >/dev/null; then
+			crt_serial="$(
+				"$EASYRSA_OPENSSL" x509 -in "$crt_source" \
+					-noout -serial
+				)" || die "inline_file - SSL -serial failed"
+			crt_serial="${crt_serial#*=}"
+			crt_serial_dec="$(
+					echo "ibase=16; $crt_serial" | bc
+				)" || die "inline_file - HEX to DEC failed"
+		else
+			crt_serial_dec="Unavailable"
+		fi
+
 		# Generate fingerprint
 		crt_fingerprint="$(
 			"$EASYRSA_OPENSSL" x509 -in "$crt_source" \
@@ -3133,6 +3150,7 @@ ${tls_key_data}
 # commonName: $crt_CN
 # SHA256 fingerprint:
 # $crt_fingerprint
+# Decimal serial number: $crt_serial_dec
 
 $crt_data