From c8663d51f90ac1ba5c02e220a7f978ddb28b483c Mon Sep 17 00:00:00 2001 From: Christoph Date: Tue, 16 Jul 2019 14:44:40 +0200 Subject: [PATCH] revoke_key.sh: fix errors old easysrsa layout. --- revoke_key.sh | 61 +++++++++++++++++++++------------------------------ 1 file changed, 25 insertions(+), 36 deletions(-) diff --git a/revoke_key.sh b/revoke_key.sh index eecc551..d8fc932 100755 --- a/revoke_key.sh +++ b/revoke_key.sh @@ -332,30 +332,6 @@ if $EASYRSA_LAYOUT_NEW ; then error "$(cat $log_file)" fi - # --- - # - Change group (nogroup) for file 'crl.pem' - # --- - echononl "Change group (to nogroup) for '${OPENVPN_KEY_DIR}/crl.pem'.." - chgrp nogroup "${OPENVPN_KEY_DIR}/crl.pem" > "$log_file" 2>&1 - if [[ $? -eq 0 ]] ; then - echo_ok - else - echo_failed - error "$(cat $log_file)" - fi - - # --- - # - Change permission (640) for file 'crl.pem' - # --- - echononl "Change permissions (640) for ${OPENVPN_KEY_DIR}/crl.pem" - chmod 644 ${OPENVPN_KEY_DIR}/crl.pem > "$log_file" 2>&1 - if [[ $? -eq 0 ]] ; then - echo_ok - else - echo_failed - error "$(cat $log_file)" - fi - else # --- @@ -379,18 +355,8 @@ else echo -e "\033[32m--\033[m" echo "" - #echononl "Change into key directory '$KEY_DIR'.." - #cd "$KEY_DIR" > "$log_file" 2>&1 - #if [[ $? -eq 0 ]] ; then - # echo_ok - #else - # echo_failed - # fatal "$(cat $log_file)" - #fi - echononl "Revoke key ${KEY_NAME_TO_REVOKE}.key and update data base .." - #$OPENSSL ca -revoke "${KEY_NAME_TO_REVOKE}.crt" -config "$KEY_CONFIG" > "$log_file" 2>&1 - $OPENSSL ca -revoke "${_CLIENT_KEY}" -config "$KEY_CONFIG" > "$log_file" 2>&1 + $OPENSSL ca -revoke "${_CLIENT_CERT}" -config "$KEY_CONFIG" > "$log_file" 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else @@ -399,7 +365,6 @@ else fi echononl "Generate a new CRL -- try to be compatible with intermediate PKIs" - #$OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG" > "$log_file" 2>&1 $OPENSSL ca -gencrl -out "$_CRL" -config "$KEY_CONFIG" > "$log_file" 2>&1 if [[ $? -eq 0 ]] ; then echo_ok @@ -409,6 +374,30 @@ else fi fi +# --- +# - Change group (nogroup) for file 'crl.pem' +# --- +echononl "Change group (to nogroup) for '${OPENVPN_KEY_DIR}/crl.pem'.." +chgrp nogroup "${_CRL}" > "$log_file" 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $log_file)" +fi + +# --- +# - Change permission (640) for file 'crl.pem' +# --- +echononl "Change permissions (640) for ${OPENVPN_KEY_DIR}/crl.pem" +chmod 640 "${_CRL}" > "$log_file" 2>&1 +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $log_file)" +fi + # --- # - Check if Revokation was sucessfully.