Merge branch 'TinCanTech-crl-to-der'

Signed-off-by: Richard T Bonhomme <[email protected]>
OpenVPN · Aug 3, 2024 · 7a372a4 · 7a372a4
2 parents bdfa8ea + f648650
commit 7a372a4
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -2,6 +2,7 @@ Easy-RSA 3 ChangeLog
 
 3.2.1 (TBD)
 
+   * gen-crl: Create additional CRL in DER format (69df0d8) (#1198)
    * self-sign: Allow Edwards Curve based keys (81b749b) (#1197)
    * Re-enable command 'renew' (version 2): Requires EasyRSA Tools (30fe311) (#1195)
    * bug-fix: revoke: Pass the correct certificate location (24d5514)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
@@ -3439,6 +3439,7 @@ It is now possible to sign a new certificate for '$file_name_base'"
 # gen-crl backend
 gen_crl() {
 	out_file="$EASYRSA_PKI/crl.pem"
+	out_der="$EASYRSA_PKI/crl.der"
 
 	out_file_tmp=""
 	easyrsa_mktemp out_file_tmp || \
@@ -3461,7 +3462,19 @@ gen_crl() {
 		die "Failed to move temp CRL file."
 	fi
 
+	# Copy to DER - As published by OpenSSL
+	if "$EASYRSA_OPENSSL" crl -in "$out_file" -out "$out_der" \
+		 -outform DER
+	then
+		crl_der_note="An updated CRL DER copy has been created:
+* $out_der"
+	else
+		crl_der_note="Failed to create CRL DER copy!"
+	fi
+
 	notice "\
+$crl_der_note
+
 An updated CRL has been created:
 * $out_file"