New
3.2.3
What's Changed
- Update OpenSSL to v3.5.0
- renew: Print 'unique_subject = no' to index.txt.attr by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1293
- check_serial_unique(): Check for duplicate Subject error by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1294
- Correctly define options names - Remove wild-card pattern by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1297
- Remove all references to file:easyrsa-tools.lib by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1298
- Reinstate old function as 'db_date_to_iso_8601()' [Renamed] by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1303
- expire_status_v2(): Refactor 'if' statement to capture error correctly by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1304
source_vars()improvements by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1300- add_critical_attrib(): Do not add 'critical' if 'critical' exists by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1308
- inline_file(): Include DH file or placeholder, for RSA Servers by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1310
- Fix shellcheck warnings by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1311
- Introduce command line options --umask|--no-umask, to set 'umask' by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1312
- Introduce "robust" lock-file mechanism by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1313
- New function set_no_clobber() by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1314
- Easyrsa mktemp v2 by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1315
- add_critical_attrib_v2(): Move file access to function by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1316
- Command 'write': Remove options 'overwrite' and 'filename' by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1318
- Introduce option --text: Create CSR files with human readable text by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1319
- will_cert_be_valid(): Remove SSL option -noout by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1321
- easyrsa_mktemp(): Remove secondary atomic operation by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1322
- easyrsa_mkdir(): Separate Windows from *nix by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1324
- Update Copyright 2025 by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1327
- inine_file(): Correct logic and add 'dh none' for DH params file by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1330
- show-expire: Move setting $pre_expire_window_s to status() by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1332
- Always export EASYRSA_SSL_CONF, when assigned (code standard) by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1334
- Unit-test: Drop old *nix test by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1335
- add_critical_attrib(): export temp-file name as input file by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1333
- Inline improvements by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1337
- Unit-test: Minimize Windows test by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1339
- PKI lock-file: Move possible creation to sub-function request_lock_file() by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1340
- forbid_selfsign(): Compare cert serial to signing cert serial by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1342
- inline_file(): Use ssl_cert_serial() by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1343
- Inline self sign improvements by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1345
- peer-fingerprint mode: Make CA mode mutually exclusive to PFP mode by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1347
- Remove init pki soft by @TinCanTech in https://github.com/OpenVPN/easy-rsa/pull/1351
Full Changelog: https://github.com/OpenVPN/easy-rsa/compare/v3.2.2...v3.2.3