Comments (9)
PWnet
commented on July 18, 2024
1
Hi,
I created my ca and certificates succesfully following your tips (raw-ca and escaping $ char).
Thank you very much for your support
Roberto
from easy-rsa.
TinCanTech
commented on July 18, 2024
@PWnet Thank you for this issue - I confirm this is a bug.
Investigating ..
For testing purposes, can you try the command:
easyrsa --raw-ca build-ca
with your long password, which appears to work for me.
Also, which version of openssl are you using ?
from easy-rsa.
TinCanTech
commented on July 18, 2024
@PWnet You must escape the $ character when inputting the password, to use the standard easyrsa method to build-ca.
from easy-rsa.
TinCanTech
commented on July 18, 2024
This could probably be done without the need to escape a $ sign.
from easy-rsa.
TinCanTech
commented on July 18, 2024
Easy-RSA v3.2.0 is not effected by this issue.
from easy-rsa.
PWnet
commented on July 18, 2024
@PWnet Thank you for this issue -
I confirm this is a bug.Investigating ..
For testing purposes, can you try the command:
easyrsa --raw-ca build-cawith your long password, which appears to work for me.
Also, which version of
opensslare you using ?
I'm using openssl 3.0.2 on ubuntu 22.04, but I have the same issue with easy-rsa 3.1.7 for windows that uses the recommended version.
IMHO a password input field should accept special characters without escaping (like openssl or easy-rsa 2.x I used to create my old certificates).
Anyway I tried with escaped character and It works (at least with the ca).
I give a try with version 3.2.0.
Regards
from easy-rsa.
TinCanTech
commented on July 18, 2024
You can also try the --raw-ca option with v3.1.7, as above, which does not require $ sign to be escaped.
from easy-rsa.
TinCanTech
commented on July 18, 2024
FTR:
Easy-RSA v3 has never supported $ sign in the CA password. build-ca
This is due to shell expansion.
Since v3.1.7, that is resolved, only for build-ca
Using raw exposure to the SSL executable. Easy-RSA option --raw-ca mode for command build-ca only.
Otherwise, passing options to easyrsa is still subject to shell expansion, which still requires some escaping and some more escaping (due to easyrsa extra expansion via set_var()) for org-field options, such as --req-ou which want to use $.
And on top of that, there is the shell expansion for use of $ in the vars file ... and backward compatibility ... and sufficient testing.
Thanks for helping by testing.
from easy-rsa.
TinCanTech
commented on July 18, 2024
Thank you for testing and feeding back your results.
Closing this now because, even though this could be called a bug, it has always been that way and there is a work around for v3.1.7, --raw-ca option.
from easy-rsa.
Related Issues (20)
- `sign-req`: Cert. `$serial` number is only 32bit
- Abandon `escape_hazard()` - Replace with heredoc expansion HOT 1
- LibreSSL: Command `x509`, does not support option `-ext`
- Input/output error: Cannot create openssl-easyrsa.cnf HOT 11
- Windows 10 plus no longer correctly supports `mkdir -p` HOT 7
- set_var EASYRSA_SSL_CONF - add wrong / HOT 5
- EasyRSA on Windows 11 with `mksh` hangs HOT 3
- Easy-RSA hangs on Windows 11
- vars file not found HOT 3
- Windows Users of Easy-RSA
- Make `vars` stackable
- Incorrect SAN entries presented on signing confirmation HOT 2
- sign-req not honoring --req-c, --req-st, --req-city, ... and falling back to CSR values HOT 5
- Ending support for certificate `file_name_base` disconnect from `commonName`
- section [ easyrsa_ca ] in openssl-easyrsa.cnf is ignored HOT 6
- easyrsa for strongswan HOT 1
- Global option `--copy-ext` is not included in UT HOT 1
- Any magic about the 64 bytes common-name length limit HOT 9
- Command `renew`: Move current `req/crt/key` files after `renew` has succeeded
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from easy-rsa.