Hi all,
I ran into this problem and decided to do something about it. This
patch checks to ensure that $user.crt exists in the keys directory, and
if it does not, checks the *.pem files, asks the user if they want to
copy the pem file into the crt file before revoking the certificate.
The patch is against /openvpn/easy-rsa/revoke-full 1.1.2.1 out of cvs.
Please let me know if you think it needs any reworking.
Thanks,
~jwhitlark
--- ../revoke-full 2006-07-25 10:43:47.000000000 -0700
+++ my-revoke-full 2006-07-26 17:26:59.000000000 -0700
@@ -3,6 +3,7 @@
# revoke a certificate, regenerate CRL,
# and verify revocation
+
CRL=crl.pem
RT=revoke-test.pem
@@ -14,6 +15,39 @@
if test $KEY_DIR; then
cd $KEY_DIR
rm -f $RT
+
+ # if $.crt does not exist, see if a *.pem file seems to match
+ # if a match is found, ask the user if they want to use the match
+ # if they want to use the *.pem file, cp it to username.crt
+ # else exit with error
+
+ if ! [ -f $1.crt ]
+ then
+ if userpem=`grep -l $1 *.pem`
+ then
+ while : ; do
+ echo "$1.crt does not exist, but $userpem seems to be an
archive copy. Do you want to use $userpem (y or n)"
+ read ANSWER JUNK
+
+ case "$ANSWER" in
+ [yY]*)
+ cpPemToCrt=0
+ break
+ ;;
+ [nN]*)
+ cpPemToCrt=1
+ break
+ ;;
+ *)
+ esac
+ done
+
+ if [ $cpPemToCrt = 0 ];
+ then
+ cp $userpem $1.crt
+ fi
+ fi
+ fi
# revoke key and generate a new CRL
openssl ca -revoke $1.crt -config $KEY_CONFIG
