`--days=0 show-expire` errors

OpenVPN / easy-rsa

easy-rsa - Simple shell based CA utility

Other

4.07k stars 1.2k forks source link

`--days=0 show-expire` errors #1247

Closed cyqsimon closed 2 weeks ago

cyqsimon commented 1 month ago

I was trying to list the certificate that have already expired; instead it produced this error:

Error
-----
--days - Number expected: '0'

I suppose it's because --days=0 does not make sense in other contexts, but it does make sense in this one. Is there a workaround?

Version

EasyRSA version 3.1.6 (EL9)

TinCanTech commented 1 month ago

@cyqsimon In what context does this make sense ?

The command will show expired certificates, regardless of --days.

cyqsimon commented 1 month ago

Well, without a --days arg, it prints certificates that are about to expire (which defaults to "will expire within 90 days"), as well as those that have already expired.

If you want to strictly only show those that have already expired, the natural thing to do is to specify --days=0, but it doesn't parse.

TinCanTech commented 1 month ago

@cyqsimon Here is a quick fix for you to try:

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 7ee87fa..f2ddd7d 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -5582,6 +5582,7 @@ while :; do
        case "$opt" in
                --days)
                        number_only=1
+                       zero_allowed=1
                        # Set the appropriate date variable
                        # when called by command later
                        alias_days="$val"

cyqsimon commented 1 month ago

Yep that fixes it. Thanks a lot for the swift response.

Will this change be included in tree?

TinCanTech commented 1 month ago

The patch only allows you to pass zero as a parameter to openssl x509 -checkend 0.

What fix are you expecting ?