-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
Bo,
first, please accept my apologies for putting you through this torture.
Somebody had to test it one day, that day has come.
Second, thank you for persevering with me.
Hopefully, I have found a reasonably simple solution.
Required changes:
Keep the "mismatched CA to vars file" as a warning ONLY, keep that current
change.
Now, locate this code in function up23_do_upgrade_23():
up23_verify_new_pki
up23_verify_current_pki
up23_verify_current_ca
up23_backup_current_pki
up23_create_new_pki
up23_upgrade_ca
up23_move_easyrsa2_programs
up23_build_v3_vars
up23_create_openssl_cnf
Change that to this (Copy/paste as is):
up23_verify_new_pki
up23_create_new_pki
up23_create_openssl_cnf
up23_verify_current_pki
up23_verify_current_ca
up23_backup_current_pki
up23_upgrade_ca
up23_move_easyrsa2_programs
up23_build_v3_vars
Then, locate this code (Almost at the very end of the entire file):
upgrade)
up23_manage_upgrade_23 "$@"
;;
Change to this:
upgrade)
secure_session
up23_manage_upgrade_23 "$@"
;;
The actual diff is:
@@ -5156,14 +5183,14 @@ up23_do_upgrade_23 ()
up23_verbose ""
up23_verify_new_pki
+ up23_create_new_pki
+ up23_create_openssl_cnf
up23_verify_current_pki
up23_verify_current_ca
up23_backup_current_pki
- up23_create_new_pki
up23_upgrade_ca
up23_move_easyrsa2_programs
up23_build_v3_vars
- up23_create_openssl_cnf
if [ "$NOSAVE" -eq 0 ]
then
@@ -5734,6 +5761,7 @@ case "$cmd" in
make_safe_ssl "$@"
;;
upgrade)
+ secure_session
up23_manage_upgrade_23 "$@"
;;
""|help|-h|--help|--usage)
This should ensure a temporary session and files can be created.
Finally, run the upgrade like so:
$ EASYRSA_TEMP_DIR="$PWD" VERBOSE=1 easyrsa upgrade pki
If it complains that your new pki already exists then please remove it and try
once more..
I am cutting the rest of this email for brevity.
Highest regards
Richard
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail
wsBzBAEBCAAnBQJkBNwMCRBPl5z2a5C4nRYhBAm8PURno41yecVVVU+XnPZr
kLidAAC6CAf+NnyNC1zDC59S6qGMY8t6t2bcH34+KT+HtoRhkh05aZRL34/4
oi6OfHyZ5HpEQf3Lx2Eb7vbIeIT4JMqr9MbVJlxgO9Fh7kqvrbBpUoUVKXzu
KH4RArdTU6dVjlfel05AoPLRykPZrPb1hSVhKniUDF2wnuscC0UDeLQkcM3k
ytTkNzG6CNTg/BBGS8ai2tQLrCJ63QZsTMO9qkEiBQJ7n4AbcmzXUeOJ3tep
ecGphC4eQkXgV12FVoEEFw6zkPeLSprQL5eghcLLkle4Mfj5KmPlJcGCjJz2
tP55kmDBMeCMrtYnWIqQvr96BzOeGWXrUNLNHZre81/38S/9HJOGcQ==
=ouEd
-----END PGP SIGNATURE-----
publickey - [email protected] - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - [email protected] - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
