Commit graph

13 commits

Author SHA1 Message Date
nia
3df0f20e22 security: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
2021-10-26 11:16:56 +00:00
nia
fa4b2904a6 security: Remove SHA1 hashes for distfiles 2021-10-07 14:53:40 +00:00
adam
416401b734 easy-rsa: updated to 3.0.8
3.0.8 (2020-09-09)
* Provide --version option
* Version information now within generated certificates like on *nix
* Fixed issue where gen-dh overwrote existing files without warning
* Fixed issue with ED/EC certificates were still signed by RSA
* Added support for export-p8
* Clarified error message
* 2->3 upgrade now errors and prints message when vars isn't found
* Update OpenSSL Windows binaries to 1.1.1g
2020-11-17 12:14:17 +00:00
adam
f74c5112c5 easy-rsa: updated to 3.0.7
3.0.7:
Include OpenSSL libs and binary for Windows 1.1.0j
Remove RANDFILE environment variable
Workaround for bug in win32 mktemp
Handle IP address in SAN and renewals
Workaround for ash and no set -o echo
Shore up windows testing framework
Provide upgrade mechanism for older versions of EasyRSA
Add support for KDC certificates
Add support for Edward Curves
Add support for EASYRSA_PASSIN and EASYRSA_PASSOUT env vars
Add support for RID to SAN
2020-04-03 08:27:05 +00:00
adam
2303583ab6 easy-rsa: updated to 3.0.6
3.0.6:
Certifcates that are revoked now move to a revoked subdirectory
EasyRSA no longer clobbers non-EASYRSA environment variables
More sane string checking, allowingn for commas in CN
Support for reasonCode in CRL
Better handling for capturing passphrases
Improved LibreSSL/MacOS support
Adds support to renew certificates up to 30 days before expiration
This changes previous behavior allowing for certificate creation using
duplicate CNs.
2019-02-06 08:07:59 +00:00
adam
7468cfe03d easy-rsa: updated to 3.0.5
3.0.5:
Fix: use AES256 for CA key
Also, don't use read -s, use stty -echo
Fix broken "nopass" option
Add -r to read to stop errors reported by shellcheck (and to behave)
remove overzealous quotes around $pkcs_opts (more SC errors)
Support for LibreSSL (now works on latest version of MacOS)
EasyRSA version will be reported in certificate comments
Client certificates now expire in 3 year (1080 days) by default
2018-10-11 09:13:30 +00:00
jperkin
5393242c73 *: Move SUBST_STAGE from post-patch to pre-configure
Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.
2018-07-04 13:40:07 +00:00
adam
62490be85c easy-rsa: downgraded to 3.0.4 (3.0.5 has not been released) 2018-06-24 07:31:09 +00:00
mef
2c03bffcc1 Updated security/easy-rsa to 3.0.5
3.0.5
   * Fix #17 & #58: use AES256 for CA key
        * Also, don't use read -s, use stty -echo

3.0.4
    * Remove use of egrep (#154)
    * Integrate with Travis-CI (#165)
    * Remove "local" from variable assignment (#165)
        * Other changes related to Travis-CI fixes
        * Assign values to variables defined previously w/local
    * Finally(?) fix the subjectAltName issues I presented earlier (really
    fixes #168
2018-01-30 14:34:06 +00:00
jnemeth
0f612ec608 set sane default location for config file 2018-01-15 09:26:23 +00:00
wiz
327733d070 easy-rsa: remove DIST_SUBDIR, not necessary 2017-12-04 07:19:55 +00:00
jnemeth
453d769fd2 Fix version number. Since this is brand new and didn't create a
proper package, don't bother with PKGREVISION bump.
2017-12-04 06:55:56 +00:00
jnemeth
e9cb7c49f2 Import easy-rsa 3.0.3.
This is a shell script to aid with creating a Certificate Authority
and certificates for use with an OpenVPN server.  See
http://openvpn.net/howto.html for usage instructions along with
the documentation provided in this package.
2017-12-04 06:15:23 +00:00