search

OpenVPN / openvpn-build

OpenVPN Build
323 stars 236 forks source link

chore(deps): update dependency openvpn/easy-rsa to v3.2.0 (master) - autoclosed #646

Closed openvpn-inc-ci closed 2 weeks ago

openvpn-inc-ci commented 1 month ago

This PR contains the following updates:

Package Update Change
OpenVPN/easy-rsa minor 3.1.7 -> 3.2.0

Release Notes

OpenVPN/easy-rsa (OpenVPN/easy-rsa) ### [`v3.2.0`](https://togithub.com/OpenVPN/easy-rsa/releases/tag/v3.2.0): 3.2.0 [Compare Source](https://togithub.com/OpenVPN/easy-rsa/compare/v3.1.7...v3.2.0) #### **NOTICE**: EasyRSA version `3.2.0` is a *development snapshot*. ##### EasyRSA v3.2.0 - Most significant changes **New commands**: - `self-sign-server` and `self-sign-client` ([#​1127](https://togithub.com/OpenVPN/easy-rsa/issues/1127)) Create self-signed certificates for use with OpenVPN Peer Fingerprint mode. These certificates comply with other EasyRSA signing policies. - `expire` ([#​1109](https://togithub.com/OpenVPN/easy-rsa/issues/1109)) Selectively move certificates from the `issued/` to `expired/` directory. This allows a **new certificate** to be signed from the original signing request file. This allows all custom signing options to be applied as required. This replaces the old command `renew`, which has been removed. Further details: [doc/EasyRSA-Renew-and-Revoke.md](https://togithub.com/OpenVPN/easy-rsa/blob/master/doc/EasyRSA-Renew-and-Revoke.md) - `write` (Commit: [`c814e0a`](https://togithub.com/OpenVPN/easy-rsa/commit/c814e0a)) Create legacy support files: `openssl-easyrsa.cnf`, `x509-types/*` and `vars.example`. This allows EasyRSA to be used without having copies of the support files installed. **Removed commands**: - `renew` ([#​1109](https://togithub.com/OpenVPN/easy-rsa/issues/1109)) Replaced by command `expire`, followed by command `sign-req`. This allows all custom options to be used when signing, which `renew` did not. - `rebuild` (Commit: [`d6953cc`](https://togithub.com/OpenVPN/easy-rsa/commit/d6953cc)) and `rewind-renew` (Commit: [`72b4079`](https://togithub.com/OpenVPN/easy-rsa/commit/72b4079)) No longer required. - `upgrade` (Commit: [`6a88edd`](https://togithub.com/OpenVPN/easy-rsa/commit/6a88edd)) No longer supported. **New Global Option**: - `--new-subject` -- Command `sign-req` option: `newsubj` ([#​1111](https://togithub.com/OpenVPN/easy-rsa/issues/1111)) Edit Request Subject during command `sign-req` **New files**: - `easyrsa-tools.lib` (Commit: [`214b909`](https://togithub.com/OpenVPN/easy-rsa/commit/214b909)) Moved code for commands `show-expire`, `show-revoke` and `show-renew` to the new file. `easyrsa-tools.lib` is auto-loaded, if it is found in a supported location. eg. `$pwd` *** - Revert [`ca76697`](https://togithub.com/OpenVPN/easy-rsa/commit/ca76697): Restore escape_hazard() ([`b1e9d7a`](https://togithub.com/OpenVPN/easy-rsa/commit/b1e9d7a)) ([#​1137](https://togithub.com/OpenVPN/easy-rsa/issues/1137)) - New X509 Type: 'selfsign' Internal only ([`999533e`](https://togithub.com/OpenVPN/easy-rsa/commit/999533e)) ([#​1135](https://togithub.com/OpenVPN/easy-rsa/issues/1135)) - New commands: self-sign-server and self-sign-client ([`9f8a1d1`](https://togithub.com/OpenVPN/easy-rsa/commit/9f8a1d1)) ([#​1127](https://togithub.com/OpenVPN/easy-rsa/issues/1127)) - build-ca: Command 'req', remove SSL option '-keyout' ([`4e02c8a`](https://togithub.com/OpenVPN/easy-rsa/commit/4e02c8a)) ([#​1123](https://togithub.com/OpenVPN/easy-rsa/issues/1123)) - Remove escape_hazard(), obsolete ([`ca76697`](https://togithub.com/OpenVPN/easy-rsa/commit/ca76697)) - Remove command and function display_cn(), unused ([`be8f400`](https://togithub.com/OpenVPN/easy-rsa/commit/be8f400)) ([#​1114](https://togithub.com/OpenVPN/easy-rsa/issues/1114)) - Introduce Options to edit Request Subject during command 'sign-req' Global Option: --new-subject -- Command 'sign-req' option: 'newsubj' First proposed in: ([#​439](https://togithub.com/OpenVPN/easy-rsa/issues/439)) -- Completed: ([`83b81c7`](https://togithub.com/OpenVPN/easy-rsa/commit/83b81c7)) ([#​1111](https://togithub.com/OpenVPN/easy-rsa/issues/1111)) - docs: Update EasyRSA-Renew-and-Revoke.md ([`f6c2bf5`](https://togithub.com/OpenVPN/easy-rsa/commit/f6c2bf5)) ([#​1109](https://togithub.com/OpenVPN/easy-rsa/issues/1109)) - Remove all 'renew' code; replaced by 'expire' code ([`9d94207`](https://togithub.com/OpenVPN/easy-rsa/commit/9d94207)) ([#​1109](https://togithub.com/OpenVPN/easy-rsa/issues/1109)) - Introduce commands: 'expire' and 'revoke-expired' ([`a1890fa`](https://togithub.com/OpenVPN/easy-rsa/commit/a1890fa)) ([#​1109](https://togithub.com/OpenVPN/easy-rsa/issues/1109)) - Keep request files \[CSR] when revoking certificates ([`6d6e8d8`](https://togithub.com/OpenVPN/easy-rsa/commit/6d6e8d8)) ([#​1109](https://togithub.com/OpenVPN/easy-rsa/issues/1109)) - Restrict use of --req-cn to build-ca ([`0a46164`](https://togithub.com/OpenVPN/easy-rsa/commit/0a46164)) ([#​1098](https://togithub.com/OpenVPN/easy-rsa/issues/1098)) - Remove command 'display-san' (Code removed in [`5a06f94`](https://togithub.com/OpenVPN/easy-rsa/commit/5a06f94)) ([`50e6002`](https://togithub.com/OpenVPN/easy-rsa/commit/50e6002)) ([#​1096](https://togithub.com/OpenVPN/easy-rsa/issues/1096)) - help: Add 'copyext'; How to use --copy-ext and --san ([`5a06f94`](https://togithub.com/OpenVPN/easy-rsa/commit/5a06f94)) ([#​1096](https://togithub.com/OpenVPN/easy-rsa/issues/1096)) - Allow --san to be used multiple times ([`5a06f94`](https://togithub.com/OpenVPN/easy-rsa/commit/5a06f94)) ([#​1096](https://togithub.com/OpenVPN/easy-rsa/issues/1096)) - Remove default server subject alternative name ([`0b85a5d`](https://togithub.com/OpenVPN/easy-rsa/commit/0b85a5d)) ([#​576](https://togithub.com/OpenVPN/easy-rsa/issues/576)) - Move Status Reports to 'easyrsa-tools.lib' ([`214b909`](https://togithub.com/OpenVPN/easy-rsa/commit/214b909)) ([#​1080](https://togithub.com/OpenVPN/easy-rsa/issues/1080)) - export-p12, OpenSSL v1.x: Upgrade PBE and MAC options ([`60a508a`](https://togithub.com/OpenVPN/easy-rsa/commit/60a508a)) ([#​1084](https://togithub.com/OpenVPN/easy-rsa/issues/1084) - Based on [#​1081](https://togithub.com/OpenVPN/easy-rsa/issues/1081)) - Windows: Introduce 'Non-Admin' mode ([`c2823c4`](https://togithub.com/OpenVPN/easy-rsa/commit/c2823c4)) ([#​1073](https://togithub.com/OpenVPN/easy-rsa/issues/1073)) - LibreSSL: Add fix for missing 'x509' option '-ext' ([`96dd959`](https://togithub.com/OpenVPN/easy-rsa/commit/96dd959)) ([#​1068](https://togithub.com/OpenVPN/easy-rsa/issues/1068)) - Variable heredoc expansion for SSL/Safe Config file ([`9c5d423`](https://togithub.com/OpenVPN/easy-rsa/commit/9c5d423)) ([#​1064](https://togithub.com/OpenVPN/easy-rsa/issues/1064)) Branch-merge: v3.2.0-beta2 ([#​1055](https://togithub.com/OpenVPN/easy-rsa/issues/1055)) 2024/01/13 Commit: [`d51d79b`](https://togithub.com/OpenVPN/easy-rsa/commit/d51d79b) - Always use here-doc version of openssl-easyrsa.cnf ([`2a8c0de`](https://togithub.com/OpenVPN/easy-rsa/commit/2a8c0de)) Only use here-doc if the current version is recognised by sha256 hash. The current file is NEVER deleted ([`60216d5`](https://togithub.com/OpenVPN/easy-rsa/commit/60216d5)). Partially revert: [`2a8c0de`](https://togithub.com/OpenVPN/easy-rsa/commit/2a8c0de) - export-p12: New command option 'legacy'. OpenSSL V3 Only ([`f8514de`](https://togithub.com/OpenVPN/easy-rsa/commit/f8514de)) Fallback to encryption algorithm RC2\_CBC or 3DES_CBC - export-p12: Always set 'friendlyName' to file-name-base ([`da9e594`](https://togithub.com/OpenVPN/easy-rsa/commit/da9e594)) - Update OpenSSL to 3.2.0 ([`03e4829`](https://togithub.com/OpenVPN/easy-rsa/commit/03e4829)) Branch-merge: v3.2.0-beta1 ([#​1046](https://togithub.com/OpenVPN/easy-rsa/issues/1046)) 2023/12/15 Commit: [`7120876`](https://togithub.com/OpenVPN/easy-rsa/commit/7120876) - Important note: As of Easy-RSA version 3.2.0-beta1, the configuration files `vars.example`, `openssl-eayrsa.cnf` and all files in `x509-types` directory are no longer required. Package maintainers can omit these files in the future. All files are created as required and deleted upon command completion. `vars.example` is created during `init-pki` and placed in the fresh PKI. These files will be retained for downstream packaging compatibility. - Rename X509-type file `code-signing` to `codeSigning` ([`1c6b31a`](https://togithub.com/OpenVPN/easy-rsa/commit/1c6b31a)) The original file will be retained as `code-signing`, however, the automatic X509-types creation will name the file `codeSigning`. This effectively means that both are valid X509-types, until `code-signing` is dropped. - init-pki: Always write vars.example file to fresh PKI ([`66a8f3e`](https://togithub.com/OpenVPN/easy-rsa/commit/66a8f3e)) - New command 'write': Write 'legacy' files to stdout or files ([`c814e0a`](https://togithub.com/OpenVPN/easy-rsa/commit/c814e0a)) - Remove command 'make-safe-ssl': Replaced by command 'write safe-cnf' ([`c814e0a`](https://togithub.com/OpenVPN/easy-rsa/commit/c814e0a)) - New Command 'rand': Expose easyrsa_random() to the command line ([`6131cbf`](https://togithub.com/OpenVPN/easy-rsa/commit/6131cbf)) - Remove function 'set_pass_legacy()' ([`7470c2a`](https://togithub.com/OpenVPN/easy-rsa/commit/7470c2a)) - Remove command 'rewind-renew' ([`72b4079`](https://togithub.com/OpenVPN/easy-rsa/commit/72b4079)) - Remove command 'rebuild' ([`d6953cc`](https://togithub.com/OpenVPN/easy-rsa/commit/d6953cc)) - Remove command 'upgrade' ([`6a88edd`](https://togithub.com/OpenVPN/easy-rsa/commit/6a88edd)) Branch-merge: v3.2.0-alpha2 ([#​1043](https://togithub.com/OpenVPN/easy-rsa/issues/1043)) 2023/12/7 Commit: [`ed0dc46`](https://togithub.com/OpenVPN/easy-rsa/commit/ed0dc46) - Remove EASYRSA_NO_VARS; Allow graceful use without a vars file ([`3c0ca17`](https://togithub.com/OpenVPN/easy-rsa/commit/3c0ca17)) Branch-merge: v3.2.0-alpha1 ([#​1041](https://togithub.com/OpenVPN/easy-rsa/issues/1041)) 2023/12/2 Commit: [`42c2e95`](https://togithub.com/OpenVPN/easy-rsa/commit/42c2e95) - New diagnostic command 'display-cn' ([#​1040](https://togithub.com/OpenVPN/easy-rsa/issues/1040)) - Expand renewable certificate types to include code-signing ([#​1039](https://togithub.com/OpenVPN/easy-rsa/issues/1039)) #### What's Changed - Command: `x509-eku` `v2` by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1039](https://togithub.com/OpenVPN/easy-rsa/pull/1039) - `v3.2.0-alpha1` by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1041](https://togithub.com/OpenVPN/easy-rsa/pull/1041) - Remove unwanted code - Minor improvements by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1036](https://togithub.com/OpenVPN/easy-rsa/pull/1036) - escape_hazarrd(): Reuse source_vars() by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1037](https://togithub.com/OpenVPN/easy-rsa/pull/1037) - `v3.2.0-alpha2` by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1043](https://togithub.com/OpenVPN/easy-rsa/pull/1043) - `v3.2.0-Remove-commands` by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1045](https://togithub.com/OpenVPN/easy-rsa/pull/1045) - `v3.2.0-beta1` by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1046](https://togithub.com/OpenVPN/easy-rsa/pull/1046) - export-p12: New command option 'legacy' by [@​spacefreak86](https://togithub.com/spacefreak86) in [https://github.com/OpenVPN/easy-rsa/pull/1057](https://togithub.com/OpenVPN/easy-rsa/pull/1057) - `v3.2.0-beta2` by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1055](https://togithub.com/OpenVPN/easy-rsa/pull/1055) - Replace use of `sed` with `heredoc` expansion by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1064](https://togithub.com/OpenVPN/easy-rsa/pull/1064) - Restore 128bit-random certificate serial-number by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1070](https://togithub.com/OpenVPN/easy-rsa/pull/1070) - LibreSSL: Add band-aid fix for missing 'x509' command option '-ext' by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1071](https://togithub.com/OpenVPN/easy-rsa/pull/1071) - Windows: Introduce 'Non-Admin' mode by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1073](https://togithub.com/OpenVPN/easy-rsa/pull/1073) - export-p12, OpenSSL v1.x: Upgrade PBE and MAC options by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1084](https://togithub.com/OpenVPN/easy-rsa/pull/1084) - Completely remove status reports and date functions by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1080](https://togithub.com/OpenVPN/easy-rsa/pull/1080) - sign-req: Remove default server 'subject alternative name' SAN by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1091](https://togithub.com/OpenVPN/easy-rsa/pull/1091) - Separate SAN from DN - Refactor display_dn() by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1096](https://togithub.com/OpenVPN/easy-rsa/pull/1096) - Restrict use of --req-cn to build-ca by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1098](https://togithub.com/OpenVPN/easy-rsa/pull/1098) - New function easyrsa_mkdir_p(): Replace use of 'mkdir -p' by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1101](https://togithub.com/OpenVPN/easy-rsa/pull/1101) - Shellcheck directives and minor tweak by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1105](https://togithub.com/OpenVPN/easy-rsa/pull/1105) - easyrsa_mkdir_p(): Ignore 'mkdir.exe' error code in favor of 'test' by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1106](https://togithub.com/OpenVPN/easy-rsa/pull/1106) - Revoke keep request by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1109](https://togithub.com/OpenVPN/easy-rsa/pull/1109) - Add an option to change the subject when signing a request. `V2` by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1111](https://togithub.com/OpenVPN/easy-rsa/pull/1111) - Remove command and function display_cn(), unused by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1114](https://togithub.com/OpenVPN/easy-rsa/pull/1114) - Remove escape_hazard() by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1115](https://togithub.com/OpenVPN/easy-rsa/pull/1115) - build-ca: Command 'req', remove SSL option '-keyout' by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1123](https://togithub.com/OpenVPN/easy-rsa/pull/1123) - Improve ssl_cert_x509v3\_eku() by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1125](https://togithub.com/OpenVPN/easy-rsa/pull/1125) - Remove variable 'makesafeconf' as obsolete by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1126](https://togithub.com/OpenVPN/easy-rsa/pull/1126) - Introduce commands: self-sign-server and self-sign-client by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1127](https://togithub.com/OpenVPN/easy-rsa/pull/1127) - Command inline: Support self-signed certificate called from cmd-line by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1128](https://togithub.com/OpenVPN/easy-rsa/pull/1128) - self-sign: Improve default algorithm and curve selection by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1134](https://togithub.com/OpenVPN/easy-rsa/pull/1134) - self-sign: Adjust 'X509v3 Key Usage' by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1135](https://togithub.com/OpenVPN/easy-rsa/pull/1135) - Revert [`ca76697`](https://togithub.com/OpenVPN/easy-rsa/commit/ca76697): Remove escape_hazard() by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1137](https://togithub.com/OpenVPN/easy-rsa/pull/1137) - LibreSSL: Ignore and discard missing config file warning by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1138](https://togithub.com/OpenVPN/easy-rsa/pull/1138) - Minor corrections and improvements by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1140](https://togithub.com/OpenVPN/easy-rsa/pull/1140) - sign-req: Improve confirmation details by [@​TinCanTech](https://togithub.com/TinCanTech) in [https://github.com/OpenVPN/easy-rsa/pull/1141](https://togithub.com/OpenVPN/easy-rsa/pull/1141) #### New Contributors - [@​spacefreak86](https://togithub.com/spacefreak86) made their first contribution in [https://github.com/OpenVPN/easy-rsa/pull/1057](https://togithub.com/OpenVPN/easy-rsa/pull/1057) **Full Changelog**: https://github.com/OpenVPN/easy-rsa/compare/v3.1.7...v3.2.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Renovate Bot.