Hi all, I ran into this problem and decided to do something about it. This patch checks to ensure that $user.crt exists in the keys directory, and if it does not, checks the *.pem files, asks the user if they want to copy the pem file into the crt file before revoking the certificate.
The patch is against /openvpn/easy-rsa/revoke-full 1.1.2.1 out of cvs. Please let me know if you think it needs any reworking. Thanks, ~jwhitlark
--- ../revoke-full 2006-07-25 10:43:47.000000000 -0700 +++ my-revoke-full 2006-07-26 17:26:59.000000000 -0700 @@ -3,6 +3,7 @@ # revoke a certificate, regenerate CRL, # and verify revocation + CRL=crl.pem RT=revoke-test.pem @@ -14,6 +15,39 @@ if test $KEY_DIR; then cd $KEY_DIR rm -f $RT + + # if $.crt does not exist, see if a *.pem file seems to match + # if a match is found, ask the user if they want to use the match + # if they want to use the *.pem file, cp it to username.crt + # else exit with error + + if ! [ -f $1.crt ] + then + if userpem=`grep -l $1 *.pem` + then + while : ; do + echo "$1.crt does not exist, but $userpem seems to be an archive copy. Do you want to use $userpem (y or n)" + read ANSWER JUNK + + case "$ANSWER" in + [yY]*) + cpPemToCrt=0 + break + ;; + [nN]*) + cpPemToCrt=1 + break + ;; + *) + esac + done + + if [ $cpPemToCrt = 0 ]; + then + cp $userpem $1.crt + fi + fi + fi # revoke key and generate a new CRL openssl ca -revoke $1.crt -config $KEY_CONFIG