| Port details on branch 2025Q1 |
- easy-rsa Small RSA key management package based on openssl
- 3.2.1_3,1 security
 =0      3.2.1_3,1Version of this port present on the latest quarterly branch. - Maintainer: mandree@FreeBSD.org
- Port Added: 2025-01-31 21:15:05
- Last Update: 2025-01-31 22:36:45
- Commit Hash: 59cea7d
- Also Listed In: net-mgmt
- License: GPLv2
- WWW:
- https://github.com/OpenVPN/easy-rsa
- Description:
- Easy-RSA is a small RSA key management package, based on the openssl
command line tool, that can be found in the easy-rsa subdirectory of the
OpenVPN distribution. While this tool is primary concerned with key
management for the SSL VPN application space, it can also be used for
building web certificates.
  ¦  ¦  ¦  ¦ 
- Manual pages:
- FreshPorts has no man page information for this port.
- pkg-plist: as obtained via:
make generate-plist - Dependency lines:
-
- easy-rsa>0:security/easy-rsa
- To install the port:
- cd /usr/ports/security/easy-rsa/ && make install clean
- To add the package, run one of these commands:
- pkg install security/easy-rsa
- pkg install easy-rsa
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.- PKGNAME: easy-rsa
- Flavors: there is no flavor information for this port.
- distinfo:
- TIMESTAMP = 1727863160
SHA256 (EasyRSA-3.2.1.tgz) = ec0fdca46c07afef341e0e0eeb2bf0cfe74a11322b77163e5d764d28cb4eec89
SIZE (EasyRSA-3.2.1.tgz) = 79917
Packages (timestamps in pop-ups are UTC):
- This port has no dependencies.
- There are no ports dependent upon this port
Configuration Options:- ===> The following configuration options are available for easy-rsa-3.2.1_3,1:
DOCS=on: Build and/or install documentation
EXAMPLES=on: Build and/or install examples
===> Use 'make config' to modify these settings
- Options name:
- security_easy-rsa
- USES:
- tar:tgz
- pkg-message:
-
NOTE: easyrsa will require you to initialize a PKI upon first use.
ONLY for the very first run for a new PKI, do something such as this,
assuming you will have its data in $HOME/my_new_pki:
easyrsa --pki-dir=$HOME/my_new_pki init-pki # DANGEROUS - DESTROYS ~/my_new_pki
See /usr/local/share/doc/easy-rsa/README.quickstart.md for further information.
An on-line help is available, you can run:
easyrsa help # for help on commands
easyrsa help options # for help on options
**** SECURITY WARNING FOR PAST security/easy-rsa versions ****
**** easyrsa may have encrypted your CA private key with a weak cipher
Per CVE-2024-13454, Easy-RSA 3.0.5 inclusively up to and including 3.1.7,
when used with OpenSSL 3, may have accidentally encrypted the CA private
key with a weak cipher, des-ede3-cbc, instead of the intended aes-256-cbc,
when a CA was created with the easyrsa build-ca command.
Such mistakes cannot be corrected by upgrading Easy-RSA alone.
The standing recommendation for CA private keys is to
re-encrypt the CA private keys with the aes-256-cbc cipher,
by using the easyrsa set-pass ca command.
For details, see https://community.openvpn.net/openvpn/wiki/CVE-2024-13454.
**** END SECURITY WARNING FOR PAST security/easy-rsa versions ****
- Master Sites:
|
| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
3.2.1_3,1
31 Jan 2025 22:36:45
 |
Matthias Andree (mandree) |
security/easy-rsa: fix typo in pkg-message.in
Reported by: pkelsey@
MFH: 2025Q1
(cherry picked from commit 562276ce0ef42af5563a6996288accecf9bb55c5) |
3.2.1_3,1
31 Jan 2025 21:11:43
|
Matthias Andree (mandree) |
security/easy-rsa: report weak build-ca crypto on CA private keys
By adding to UPDATING and pkg-message, and bumping PORTREVISION so
as to trigger updates that show these messages so that
easyrsa users can re-encrypt their CA private keys with AES instead of
Triple-DES.
It is pointless to add vuln.xml, supported port branch versions,
main and 2025Q1, already carry a bugfixed Easy-RSA version.
Reported by: pkelsey@
Security: CVE-2024-13454
MFH: 2025Q1
(cherry picked from commit d8c76b98576f28d468d2aa9ecd6b7d8cad93046f)
(cherry picked from commit cccf1379f3cfc4148193c63927393bcf9eda1264) |
As an Amazon Associate I earn from qualifying purchases.