Releases: OpenVPN/easy-rsa
v3.1.7
3.1.7 (2023-10-13)
- Rewrite vars-auto-detect, adhere to EasyRSA-Advanced.md (#1029)
Under the hood, this is a considerable change but there are no user
noticable differences. With the exception of:
Caveat: The default '$PWD/pki/vars' file is forbidden to change either
EASYRSA or EASYRSA_PKI, which are both implied by default. - EasyRSA-Advanced.md: Correct vars-auto-detect hierarchy (#1029)
Commit: ecd6506
EASYRSA/vars is moved to a higher priority than a default PKI.
vars-auto-detect no longer searches 'easyrsa' program directory. - gen-crl: preserve existing crl.pem ownership+mode (#1020)
- New command: make-vars - Print vars.example (here-doc) to stdout (#1024)
- show-expire: Calculate cert. expire seconds from DB date (#1023)
- Update OpenSSL to 3.1.2
What's Changed
- Completely Remove Upgrade Functionality by @TinCanTech in #1001
- Expand help to include undocumented commands by @TinCanTech in #1002
- Revert "Completely Remove Upgrade Functionality" by @TinCanTech in #1010
- Revert "Expand help to include undocumented commands" by @TinCanTech in #1011
- Forbid "default vars in the default PKI" for all commands by @TinCanTech in #1021
- CI: action, checkout v4 by @TinCanTech in #1016
- show-expire: Calculate certificate expire seconds from Database date by @TinCanTech in #1023
- Expand help to include undocumented commands by @TinCanTech in #1013
- New command: make-vars - Print vars.example (here-doc) to stdout by @TinCanTech in #1024
- gen-crl: preserve existing crl.pem ownership+mode by @Tabiskabis in #1020
- Improve vars auto load by @TinCanTech in #1025
- Vars hierarchy v2 by @TinCanTech in #1029
- doc: Update EasyRSA-Advanced.md environment variable list by @TinCanTech in #1030
- Replace santize_path() and ignore Windows "security" warning by @TinCanTech in #1033
- Improve select_vars() and source_vars() by @TinCanTech in #1034
New Contributors
- @Tabiskabis made their first contribution in #1020
Full Changelog: v3.1.6...v3.1.7
v3.1.6
Update: Before using v3.1.6
, please see this issue #1009
What's Changed
- sign-req: Allow the CSR DN-field order to be preserved by @TinCanTech in #970
- Post version 3.1.5 refactor by @TinCanTech in #967
- set_var(): Allow empty input to return without error by @TinCanTech in #971
- vars-file: Warn about EASYRSA_NO_VARS disabling vars-file use by @TinCanTech in #972
- Expand default status to include vars-file and CA status by @TinCanTech in #973
- verify_ssl_lib(): Minor style improvements by @TinCanTech in #974
- cleanup: Rename $easyrsa_error_exit to $easyrsa_exit_with_error by @TinCanTech in #976
- Very minor changes to comments, help/msg text, wrap lines, code by @TinCanTech in #977
- Expose 'sign-req' unique, random serial number check to command line by @TinCanTech in #980
- sign-req: Major refactor by @TinCanTech in #981
- Simplify run-once control for exanding conf files by @TinCanTech in #982
- Only verify working environment for recognised commands by @TinCanTech in #985
- easyrsa_openssl: Replace variable 'has_config' with OPENSSL_CONF by @TinCanTech in #987
- Export PKCS: Expand usage for incomplete PKI by @TinCanTech in #991
- Inline v2 by @TinCanTech in #993
- set_var and force_set_var: Guard against invalid user input by @TinCanTech in #994
- verify_working_env: sanitize_path(), forbid broken values by @TinCanTech in #1000
Full Changelog: v3.1.5...v3.1.6
v3.1.5
3.1.5 (2023-06-10)
-
Build Update: script now supports signing and verifying
-
Automate support-file creation (Free packaging) (#964)
-
build-ca: New command option 'raw-ca', abbrevation: 'raw' (#963)
This 'raw' method, is the most reliable way to build a CA,
with a password, without writing the CA password to a temp-file.
This option completely replaces both methods below:
-
build-ca: New option --ca-via-stdin, use SSL -pass* argument 'stdin' (#959)
Option '--ca-via-stdin' offers no more security than standard method.
Easy-RSA version 3.1.4 ONLY. -
build-ca: Replace password temp-files with file-descriptors (#955)
Using file-descriptors does not work in Windows.
Easy-RSA version 3.1.3 ONLY.
What's Changed
- build-ca: New command option 'raw-ca', abbrevation: 'raw' by @TinCanTech in #963
- Automate support-file creation (Free packaging) by @TinCanTech in #964
Full Changelog: v3.1.4...v3.1.5
v3.1.4
3.1.4 (2023-05-23)
-
build-ca: New option --ca-via-stdin, use SSL -pass* argument 'stdin' (#959)
-
build-ca: Revert manual CA password method to temp-files (#959)
Supersedes #955Release v3.1.3 was fatally flawed, it would fail to build a CA under Windows.
Release v3.1.4 is specifically a bugfix ONLY, to resolve the Windows problem.See the following commits for further details:
5d7ad13
build-ca: Revert manual CA password method to temp-files
c11135d
build-ca: Use OpenSSL password I/O argument 'stdin'
27870d6
build-ca: Replace password temp-file method with file-descriptors
Superseded by 5d7ad13 above.
Full Changelog: v3.1.3...v3.1.4
v3.1.3
What's Changed
- fixed_cert_dates(): Remove subshell by @TinCanTech in #849
- Add 'verify-cert' command to current 'verify' command by @TinCanTech in #850
- Re-order output messages and subsequent newlines for aesthetics by @TinCanTech in #851
- build_ca(): Wrap long lines by @TinCanTech in #852
- build-ca: Write 'unique_subject = no' to index.txt.attr file by @TinCanTech in #854
- Remove hard-coded unit-test password from build-ca by @TinCanTech in #857
- Rename safe_set_var() to force_set_var() by @TinCanTech in #858
- build-ca: Minor code reformat (aesthetics) by @TinCanTech in #860
- Wrap long lines: easyrsa_openssl(), sed command by @TinCanTech in #864
- Move calling show_host() to function die(), where it belongs by @TinCanTech in #868
- Remove ineffectual redirector by @TinCanTech in #869
- Remove redundant separator lines by @TinCanTech in #870
- Remove debug symbols by @TinCanTech in #865
- Move verify_ssl_lib() - Always verify SSL lib, for all commands by @TinCanTech in #877
- easyrsa_mktemp(): Use sequential numbered temp files by @TinCanTech in #876
- cleanup(): Only enable terminal echo when it has been disabled by @TinCanTech in #880
- set-var(): Check input, die on errors by @TinCanTech in #882
build-ca
: Manual password bug fixes by @TinCanTech in #886- sign-req: Only create a random serial number file when expected by @TinCanTech in #896
- sign-req: Use either SSL option -days OR -startdate/-enddate by @TinCanTech in #897
- Use set_var to correctly assign EASYRSA_REQ_SERIAL by @TinCanTech in #900
- gen-crl: Minor improvements by @TinCanTech in #903
- Upgrade_23: Prioritise new PKI creation to allow temp file creation by @TinCanTech in #906
- General improvements by @TinCanTech in #908
- Status reports: Warn if given commonName is not found in database by @TinCanTech in #911
- vars_setup(): Refactor 'Sanitize vars' by @TinCanTech in #912
- Introduce option -S|--silent-ssl: Silence SSL output by @TinCanTech in #913
- CI: Update checkout to v3 by @TinCanTech in #917
- Replace fixed offset date code by @TinCanTech in #918
- vars file: Allow 'EASYRSA_VARS_FILE' to be set externally by @TinCanTech in #924
- Status reports: Leap Years, apply Day Feb-29 after Feb-28 by @TinCanTech in #928
- easyrsa_openssl(): Create a safe SSL config once per instance ONLY by @TinCanTech in #931
- Windows: Warn when using Windows default location in 'Program Files' by @TinCanTech in #937
- secure_session(): Move in verify_working_env() Remove from 'init-pki' by @TinCanTech in #938
- Introduce global option --force-safe-ssl by @TinCanTech in #935
- vars: Prohibit use of
export
andunset
invars
file by @TinCanTech in #932 - Status reports: Additional check, Use SSL to determine expiration by @TinCanTech in #940
- import-req: Check input file exists by @TinCanTech in #945
- remove_secure_session(): Return-On-Success Only by @TinCanTech in #943
- X509-types insert markers: Move and improve by @TinCanTech in #946
- easyrsa_openssl(): makesafecnf - Copy temp-file do NOT move by @TinCanTech in #948
- mutual_exclusions(): Use of --silent and --verbose is unresolvable by @TinCanTech in #949
- Build Safe SSL config at correct stage by @TinCanTech in #954
- build-ca: Replace password temp-file method with file-descriptors by @TinCanTech in #955
Full Changelog: v3.1.2...v3.1.3
v3.1.2
What's Changed
- Command 'renew': Remove option 'nopass' by @TinCanTech in #741
- find_x509_types_dir(): Remove excess checks by @TinCanTech in #742
- Remove function find_x509_types_dir() by @TinCanTech in #743
- For 'init-pki hard' only, always try to create a new pki/vars file by @TinCanTech in #744
- Introduce global option '--notext|--no-text' by @TinCanTech in #745
- Minor style change by @TinCanTech in #746
- Introduce command 'set-pass' by @TinCanTech in #756
- Fix shellcheck warning for command set-pass case statement by @TinCanTech in #777
- cleanup(): Exit correctly for SIGINT by @TinCanTech in #775
- Update help: Standardise output; Improve code; Reprioritise options by @TinCanTech in #778
- vars.example: Add EASYRSA_NO_PASS and wrap long lines by @TinCanTech in #783
- Use 'unset -v', consistently by @TinCanTech in #784
- build-ca: Improve passphrase input mechanism by @TinCanTech in #786
- Remove global options '--verbose' and '--quiet' as not required by @TinCanTech in #789
- Remove all prerequisite code to build a safe SSL config file by @TinCanTech in #791
- Rename temp files to reflect the purpose by @TinCanTech in #793
- easyrsa_openssl(): Always set OPENSSL_CONF to EasyRSA safe SSL config by @TinCanTech in #794
- Replace SSL calls for serial number with function ssl_cert_serial() by @TinCanTech in #797
- Introduce OpenSSL only mode: No Safe SSL Config File by @TinCanTech in #800
- ff_date_to_cert_date(): Correct the input format for busybox date by @TinCanTech in #806
- Re-order easyrsa_openssl() temp-file assignment by @TinCanTech in #807
- Stop EASYRSA_DEBUG interfering with SSL output from subshells by @TinCanTech in #808
- Status reports: Recognise Expired certificates by @TinCanTech in #810
- New function safe_set_var(): Safe wrapper for set_var() by @TinCanTech in #811
- Windows, build-ca: Add input password to re-open private key by @TinCanTech in #813
- Renewal: General code improvements by @TinCanTech in #817
- cleanup(): General improvements - Create KNOWN error exit by @TinCanTech in #818
- build-ca: Change FATAL error to warning for old openssl-easyrsa.cnf by @TinCanTech in #821
- Allow --fix-offset to create post-dated certificates by @TinCanTech in #804
- Default settings: Make default Edwards curve ED25519 by @TinCanTech in #828
- cleanup(): Exit with numeric error-code only by @TinCanTech in #831
- init-pki(): Introduce second warning before HARD removal by @TinCanTech in #832
- build-full: Always enable inline file creation by @TinCanTech in #834
- Global option '--passout' always take priority ONLY by @TinCanTech in #839
- Status Reports: Set 'LC_TIME=C.UTF-8', only used for reports by @TinCanTech in #840
- Option --fix-offset: Adjust off-by-one day by @TinCanTech in #847
Full Changelog: v3.1.1...v3.1.2
v3.1.1
2022-10-14 - Signatures were corrupted on upload. Re-uploading verified sigs.
What's Changed
- Standardise all output for warn(), notice() and message():[New] by @TinCanTech in #574
- Expand status reports to include checking a single certificate by @TinCanTech in #577
- Introduce 'rewind-renew' - Recover "guineapig" renewed certificates by @TinCanTech in #579
- Improve revocation and renewal functions by @TinCanTech in #580
- Correctly quote 'sed' and auto-escape ampersand by @TinCanTech in #584
- Auto-escape '&' and '$' in 'org' mode fields - Other minor tweaks by @TinCanTech in #590
- Remove restrictive 30-day window hindering 'renew' by @TinCanTech in #594
- Replace cert dates by @TinCanTech in #595
- Introduce 'serialNumber' field for DN (OID 2.5.4.5) by @TinCanTech in #606
- Upgrade-23: Assign a secure session for temporary directory by @TinCanTech in #623
- Introduce 'renew-req': Create new CSR for an existing private key by @TinCanTech in #616
- Restore files when 'renew' fails during 'build_full()' phase by @TinCanTech in #617
- Ensure 'pki/renewed/' exist for 'rewind-renew' by @TinCanTech in #618
- Allow vars file to exist in current directory (Fix make-cadir) by @TinCanTech in #635
- gen-dh: Use temporary file by @TinCanTech in #636
- sign--req: Prohibit COMMON as a certificate type by @TinCanTech in #637
- show: Reorder parameter checks to guard against empty input by @TinCanTech in #639
- verify_ca_init: Reorder names to improve error message by @TinCanTech in #638
- Re-enable the use of --vars=file for init-pki by @TinCanTech in #640
- Expand the possible values of $prog_dir, include full path by @TinCanTech in #641
- vars_setup(): Always warn about unsupported characters in vars by @TinCanTech in #642
- renew: Improve notices and input check by @TinCanTech in #645
- Options: Check that $val is numeric when a number is expected by @TinCanTech in #646
- Unsupported characters: Correct check and warning message by @TinCanTech in #649
- sign-req: Enforce X509-type files exist and are used. (#581) by @TinCanTech in #650
- cleanup: Make "clean line" respect silent, batch and quiet modes by @TinCanTech in #652
- Overhaul vars detection by @TinCanTech in #655
- detect_host: Use SSL Library version from EasyRSA version by @TinCanTech in #656
- Options: Add '-s' to also enabe --silent mode. by @TinCanTech in #657
- Options: Rescind deprecation notice of option --req-cn by @TinCanTech in #660
- x509-types: Add x509-types location to usage() STATUS by @TinCanTech in #662
- vars_setup: Correctly locate x509-types for usage() directory STATUS by @TinCanTech in #665
- x509-types: Reset non-existent x509-types dir set by vars by @TinCanTech in #666
- fixed typo by @ashutoshojha5 in #670
- Options: Expand alias '--days' to all suitable options with a period by @TinCanTech in #674
- Options: Introduce --keep-tmp=NAME; Keep the temporary session data by @TinCanTech in #667
- Option --req-cn: Restore original behavior from v30x series by @TinCanTech in #682
- renew-req: Add command option 'nopass' by @TinCanTech in #683
- Remove renew-req by @TinCanTech in #685
- Documentation: Add EasyRSA-Renew-and-Revoke.md by @TinCanTech in #690
- X509-types: Always check SSL config file for EasyRSA insert-markers by @TinCanTech in #695
- Rename 'renew' to 'rebuild' - Introduce 'renew' version 3 by @TinCanTech in #688
- build-ca: Check x509-types 'ca' and 'COMMON' files exist by @TinCanTech in #697
- Status Report 'show-renew': Include renewed certs from /cert_by_serial by @TinCanTech in #700
- Doc-Update: Note that all changes were included with Easy-RSA v3.1.1 by @TinCanTech in #701
- ChangeLog: Final update for v3.1.1 by @TinCanTech in #702
- build_full: Remove sign_req() subshell and do full cleanup by @TinCanTech in #705
- Option --keep-tmp: Append EASYRSA_TEMP_DIR_session random number by @TinCanTech in #711
- Option --keep-tmp: Reliability improvements by @TinCanTech in #712
- Opt. --subca-len: basicConstraints CA extension, Append 'pathlen:N' by @TinCanTech in #706
- Refactor Netscape support by @TinCanTech in #710
- help: Document supported certificate X509 types by @TinCanTech in #704
- Remove obsolete command 'renewable' by @TinCanTech in #715
- Doc: EasyRSA-Contributing.md - Update by @TinCanTech in #719
- init-pki soft: Include delete of revoked and renewed sub-directories by @TinCanTech in #720
New Contributors
- @ashutoshojha5 made their first contribution in #670
Full Changelog: v3.1.0...v3.1.1
EasyRSA 3.1.0
NOTICE
This version of EasyRSA introduces OpenSSL 3 (3.0.3). Effectively, v3.1.0 is nearly identical to v3.0.9, but we ship different binaries in the Windows package. @TinCanTech has put a ton of work in to support for the new OpenSSL, but there may be bugs. We intend to make big changes early in the v3.1.x branch and only back-port bug fixes to v3.0.x going forward.
What's Changed
- Add 'verify' - SSL Verify certificate against CA by @TinCanTech in #549
- Release/3.0 by @ecrist in #558
- Backport patch for #559 to 3.0 by @ecrist in #563
- Always respect --vars=file by @nkakouros in #562
- Introduce extensible PKI reporting tool framework by @TinCanTech in #557
- Add command for testing which certificates are eligible for renewal by @AndersBlomdell in #555
- update ChangeLog for v3.0.9 final release by @ecrist in #570
- update python call, remove test pki on build by @ecrist in #575
New Contributors
Full Changelog: v3.0.9...v3.1.0
Our ChangeLog
3.1.0 (2022-05-18)
* Introduce basic support for OpenSSL version 3 (#492)
* Update regex in grep to be POSIX compliant (#556)
* Introduce status reporting tools (#555 & #557)
* Display certificates using UTF8 (#551)
* Allow certificates to be created with fixed date offset (#550)
* Add 'verify' to verify certificate against CA (#549)
* Add PKCS#12 alias 'friendlyName' (#544)
* Disallow use of '--vars=FILE init-pki' (#566)
* Support multiple IP-Addresses in SAN (#564)
* Add option '--renew-days=NN', custom renew grace period (#557)
* Add 'nopass' option to the 'export-pkcs' functions (#411)
* Add support for 'busybox' (#543)
* Add option '--tmp-dir=DIR' to declare Temp-dir (Commit f503a22)
EasyRSA 3.0.9
** Note: Files here were updated to remove a test pki mistakenly included with the original. There are no functional changes to the release. **
What's Changed
- fixed renew filename confusion by @patchhoernchen in #443
- Introduce support for OpenSSL version 3 by @TinCanTech in #492
- small typo fix by @thesteve0 in #463
- Re-arrange "# Signing a request" to fix markdown problem by @TinCanTech in #495
- OpenSSL Configuration: Add required white space separator by @TinCanTech in #496
- Simple maintenance improvements by @a1346054 in #455
- Add possibility to configure umask by @faxm0dem in #460
- Update EasyRSA-Readme.md by @noah-de in #426
- Windows unit test: On error then exit with error by @TinCanTech in #500
- Bugfix/spaces in path by @markus-t314 in #427
- Expand new verify_ssl_lib() to support LibreSSL version 2.x (again) by @TinCanTech in #505
- Add SSL Library version 2 to easyrsa_openssl() by @TinCanTech in #507
- Introduce install_data_to_pki() - Copy data-files to PKI by @TinCanTech in #510
- When initialising a new PKI, create "$EASYRSA_PKI/vars' from example by @TinCanTech in #513
- Improve install_data_to_pki(): Create pki/vars at 'init-pki' by @TinCanTech in #514
- added support to specify open-ssl config file using --ssl-conf command flag by @mxc5178 in #67
- Add notice to 'init-pki': 'vars' file has now moved to PKI above by @TinCanTech in #515
- copy_data_to_pki(): Immediate exit-with-error or 'shift' on success by @TinCanTech in #516
- Add authority information access example by @IPv4v6 in #307
- Fix renew on OpenBSD by @pacija in #418
- Remove obsolete function copy_data_to_pki() by @wiscii in #521
- Make gen_req() Always use EASYRSA_REQ_CN as intended by @TinCanTech in #524
- Remove inline file for revoke and renew by @TinCanTech in #529
- Use x509-types 'ca' and COMMON when building a CA by @TinCanTech in #526
- shellcheck recommendations (Ongoing) by @TinCanTech in #527
- Separate silent-mode from batch-mode - Respect batch-mode by @TinCanTech in #523
- Introduce new vars_setup() regime by @TinCanTech in #528
- Silence cleanup() by @TinCanTech in #534
- Detect Windows and Git-for-Windows bash by @TinCanTech in #533
- Remove EASYRSA_EXTRA_EXTS code injection inside 'sed' script. by @TinCanTech in #535
- Disallow use of single quote (') in vars file by @TinCanTech in #530
- easyrsa_openssl() - Minor syle changes by @TinCanTech in #536
- build_ca() - Quote temporary password file "$out_key_pass_tmp" by @TinCanTech in #537
- Replace non-POSIX mktemp with POSIX mkdir and mv by @TinCanTech in #541
- Make build-ca() almost completely SSL library version independent by @TinCanTech in #542
- added option to set PKCS#12 alias name by @jdelker in #544
- Adds export-p1 command by @nkakouros in #341
- revoke(): Purge unquoted $opts + General improvements by @TinCanTech in #546
- Introduce 'revoke-renewed' by @TinCanTech in #547
- Display certificates in UTF8 by @AndersBlomdell in #551
- Set notBefore/notAfter to the beginning of the year to issuing certificate (v2) by @ValdikSS in #550
- Add 'verify' - SSL Verify certificate against CA by @TinCanTech in #549
- Release/3.0 by @ecrist in #558
- Backport patch for #559 to 3.0 by @ecrist in #563
- Always respect --vars=file by @nkakouros in #562
- Introduce extensible PKI reporting tool framework by @TinCanTech in #557
- Add command for testing which certificates are eligible for renewal by @AndersBlomdell in #555
New Contributors
- @patchhoernchen made their first contribution in #443
- @thesteve0 made their first contribution in #463
- @noah-de made their first contribution in #426
- @markus-t314 made their first contribution in #427
- @mxc5178 made their first contribution in #67
- @pacija made their first contribution in #418
- @wiscii made their first contribution in #521
- @jdelker made their first contribution in #544
- @AndersBlomdell made their first contribution in #551
- @ecrist made their first contribution in #558
Full Changelog: v3.0.8...v3.0.9
v3.0.9-rc1
3.0.9 (2022-05-04)
- Upgrade OpenSSL from 1.1.0j to 1.1.1o (#405, #407)
- We are buliding this ourselves now.
- Fix --version so it uses EASYRSA_OPENSSL (#416)
- Use openssl rand instead of non-POSIX mktemp (#478)
- Fix paths with spaces (#443)
- Correct OpenSSL version from Homebrew on macOs (#416)
- Fix revoking a renewed certificate (Original PR #394)
Follow-up commit: ef22701 - Introduce 'show-crl' (d199389)
- Support Windows-Git 'version of bash' (#533)
- Disallow use of single quote (') in vars file, Warning (#530)
- Creating a CA uses x509-types/ca and COMMON (#526)
- Prefer 'PKI/vars' over all other locations (#528)
- Introduce 'init-pki soft' option (#197)
- Warnings are no longer silenced by --batch (#523)
- Improve packaging options (#510)
*** Lots of work by Richard Bonhomme on this release! ***
What's Changed
- fixed renew filename confusion by @patchhoernchen in #443
- Introduce support for OpenSSL version 3 by @TinCanTech in #492
- small typo fix by @thesteve0 in #463
- Re-arrange "# Signing a request" to fix markdown problem by @TinCanTech in #495
- OpenSSL Configuration: Add required white space separator by @TinCanTech in #496
- Simple maintenance improvements by @a1346054 in #455
- Add possibility to configure umask by @faxm0dem in #460
- Update EasyRSA-Readme.md by @noah-de in #426
- Windows unit test: On error then exit with error by @TinCanTech in #500
- Bugfix/spaces in path by @markus-t314 in #427
- Expand new verify_ssl_lib() to support LibreSSL version 2.x (again) by @TinCanTech in #505
- Add SSL Library version 2 to easyrsa_openssl() by @TinCanTech in #507
- Introduce install_data_to_pki() - Copy data-files to PKI by @TinCanTech in #510
- When initialising a new PKI, create "$EASYRSA_PKI/vars' from example by @TinCanTech in #513
- Improve install_data_to_pki(): Create pki/vars at 'init-pki' by @TinCanTech in #514
- added support to specify open-ssl config file using --ssl-conf command flag by @mxc5178 in #67
- Add notice to 'init-pki': 'vars' file has now moved to PKI above by @TinCanTech in #515
- copy_data_to_pki(): Immediate exit-with-error or 'shift' on success by @TinCanTech in #516
- Add authority information access example by @IPv4v6 in #307
- Fix renew on OpenBSD by @pacija in #418
- Remove obsolete function copy_data_to_pki() by @wiscii in #521
- Make gen_req() Always use EASYRSA_REQ_CN as intended by @TinCanTech in #524
- Remove inline file for revoke and renew by @TinCanTech in #529
- Use x509-types 'ca' and COMMON when building a CA by @TinCanTech in #526
- shellcheck recommendations (Ongoing) by @TinCanTech in #527
- Separate silent-mode from batch-mode - Respect batch-mode by @TinCanTech in #523
- Introduce new vars_setup() regime by @TinCanTech in #528
- Silence cleanup() by @TinCanTech in #534
- Detect Windows and Git-for-Windows bash by @TinCanTech in #533
- Remove EASYRSA_EXTRA_EXTS code injection inside 'sed' script. by @TinCanTech in #535
- Disallow use of single quote (') in vars file by @TinCanTech in #530
- easyrsa_openssl() - Minor syle changes by @TinCanTech in #536
- build_ca() - Quote temporary password file "$out_key_pass_tmp" by @TinCanTech in #537
- Replace non-POSIX mktemp with POSIX mkdir and mv by @TinCanTech in #541
- Make build-ca() almost completely SSL library version independent by @TinCanTech in #542
- added option to set PKCS#12 alias name by @jdelker in #544
- Adds export-p1 command by @nkakouros in #341
- revoke(): Purge unquoted $opts + General improvements by @TinCanTech in #546
- Introduce 'revoke-renewed' by @TinCanTech in #547
- Display certificates in UTF8 by @AndersBlomdell in #551
- Set notBefore/notAfter to the beginning of the year to issuing certificate (v2) by @ValdikSS in #550
New Contributors
- @patchhoernchen made their first contribution in #443
- @thesteve0 made their first contribution in #463
- @noah-de made their first contribution in #426
- @markus-t314 made their first contribution in #427
- @mxc5178 made their first contribution in #67
- @pacija made their first contribution in #418
- @wiscii made their first contribution in #521
- @jdelker made their first contribution in #544
- @AndersBlomdell made their first contribution in #551
Full Changelog: v3.0.8...v3.0.9-rc1