Skip to content

Commit 3e6478a

Browse files
TinCanTechTinCanTech
committed
Add cmd-opt 'batch' to verify_cert() - Allows returning deliberate error
This allows verify_cert() to show the status and, optionally, return an error (1) on "failure to verify" to a calling program. Signed-off-by: Richard T Bonhomme <[email protected]>
1 parent 8c05298 commit 3e6478a

File tree

1 file changed

+42
-15
lines changed

1 file changed

+42
-15
lines changed

easyrsa3/easyrsa

Lines changed: 42 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -34,11 +34,11 @@ Here is the list of commands available with a short syntax reminder. Use the
3434
sign-req <type> <filename_base>
3535
build-client-full <filename_base> [ cmd-opts ]
3636
build-server-full <filename_base> [ cmd-opts ]
37+
build-serverClient-full <filename_base> [ cmd-opts ]
3738
revoke <filename_base> [cmd-opts]
3839
revoke-renewed <filename_base> [cmd-opts]
3940
renew <filename_base> [cmd-opts]
4041
renewable [ <filename_base> ]
41-
build-serverClient-full <filename_base> [ cmd-opts ]
4242
gen-crl
4343
update-db
4444
show-req <filename_base> [ cmd-opts ]
@@ -193,8 +193,10 @@ cmd_help() {
193193
194194
Human-readable output is shown." ;;
195195
verify) text="
196-
verify <filename_base>
197-
Verify certificate against CA" ;;
196+
verify <filename_base> [ cmd-opts ]
197+
Verify certificate against CA"
198+
opts="
199+
batch - On failure to verify, return error (1) to calling program" ;;
198200
import-req) text="
199201
import-req <request_file_path> <short_basename>
200202
Import a certificate request from a file
@@ -265,7 +267,8 @@ cmd_help() {
265267
[ "$text" ] && print "$text"
266268
[ -n "$opts" ] && print "
267269
cmd-opts is an optional set of command options from this list:
268-
$opts"
270+
$opts
271+
"
269272
} # => cmd_help()
270273

271274
# Options usage
@@ -343,7 +346,8 @@ Easy-RSA error:
343346
344347
$1" 1>&2
345348

346-
print "Host: $host_out${EASYRSA_DEBUG+
349+
print "
350+
Host: $host_out${EASYRSA_DEBUG+
347351
*** Disable EASYRSA_DEBUG mode ***}"
348352

349353
exit "${2:-1}"
@@ -451,9 +455,15 @@ easyrsa_mktemp() {
451455

452456
# remove temp files and do terminal cleanups
453457
cleanup() {
454-
[ -z "$EASYRSA_TEMP_DIR_session" ] || rm -rf "$EASYRSA_TEMP_DIR_session"
455-
[ -n "${EASYRSA_EC_DIR%/*}" ] && [ -d "$EASYRSA_EC_DIR" ] && \
458+
if [ "${EASYRSA_TEMP_DIR_session%/*}" ] && [ -d "$EASYRSA_TEMP_DIR_session" ]
459+
then
460+
rm -rf "$EASYRSA_TEMP_DIR_session"
461+
fi
462+
463+
if [ "${EASYRSA_EC_DIR%/*}" ] && [ -d "$EASYRSA_EC_DIR" ]
464+
then
456465
rm -rf "$EASYRSA_EC_DIR"
466+
fi
457467

458468
# shellcheck disable=SC3040 # In POSIX sh, set option [name] is undefined
459469
case "$easyrsa_host_os" in
@@ -469,7 +479,10 @@ cleanup() {
469479
esac
470480

471481
# Exit with error 1, if an error ocured...
472-
if [ "$1" ]; then
482+
if [ "$easyrsa_error_exit" ]; then
483+
# Set by verify_cert() for full error-out
484+
exit 1
485+
elif [ "$1" = ok ]; then
473486
# if there is no error then 'cleanup ok' is called
474487
exit 0
475488
else
@@ -1071,6 +1084,7 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
10711084
${EASYRSA_DIGEST+ -"$EASYRSA_DIGEST"} \
10721085
${no_password+ "$no_password"} \
10731086
${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} \
1087+
${EASYRSA_PASSOUT:+ -passout "$EASYRSA_PASSOUT"} \
10741088
${out_key_pass_tmp:+ -passin file:"$out_key_pass_tmp"} \
10751089
|| die "Failed to build the CA"
10761090
;;
@@ -2458,6 +2472,18 @@ Run easyrsa without commands for usage and command help."
24582472
file_name_base="$1"
24592473
shift
24602474

2475+
# function opts support
2476+
unset -v exit_with_error
2477+
while [ "$1" ]; do
2478+
case "$1" in
2479+
# batch flag, return status [0/1] to calling program
2480+
# Otherwise, exit 0 on successful completion
2481+
batch) exit_with_error=1 ;;
2482+
*) warn "Ignoring unknown command option: '$1'"
2483+
esac
2484+
shift
2485+
done
2486+
24612487
in_dir="$EASYRSA_PKI"
24622488
ca_crt="$in_dir/ca.crt"
24632489
crt_in="$in_dir/issued/$file_name_base.crt"
@@ -2476,14 +2502,15 @@ Input is not a valid certificate: $crt_in"
24762502
notice "\
24772503
Certificate name: $file_name_base
24782504
Verfication status: GOOD"
2479-
exit 0
2480-
fi
2481-
2482-
[ "$EASYRSA_SILENT" ] || print # Separate Notice below
2483-
warn "\
2505+
# easyrsa_error_exit=1 # Simple 'proof of concept' test
2506+
else
2507+
[ "$EASYRSA_SILENT" ] || print # Separate Notice below
2508+
notice "\
24842509
Certificate name: $file_name_base
24852510
Verfication status: FAILED"
2486-
exit 1
2511+
# Exit with error (cmd-opt: batch), otherwise terminal msg only
2512+
[ "$exit_with_error" ] && easyrsa_error_exit=1
2513+
fi
24872514
} # => verify_cert()
24882515

24892516
# verify a file seems to be a valid req/X509
@@ -3731,7 +3758,7 @@ NL='
37313758
[ -z "$EASYRSA_NO_UMASK" ] && umask "${EASYRSA_UMASK:-077}"
37323759

37333760
# Initialisation requirements
3734-
unset -v user_san_true
3761+
unset -v easyrsa_error_exit user_san_true
37353762

37363763
# Parse options
37373764
while :; do

0 commit comments

Comments
 (0)