Merge pull request #95 from amnezia-vpn/easyrsa_cleanup

Cleanup easyrsa

README.md

@@ -20,8 +20,6 @@ AmneziaVPN uses a number of open source projects to work:
 - [OpenVPN](https://openvpn.net/)
 - [ShadowSocks](https://shadowsocks.org/)
 - [Qt](https://www.qt.io/)
-- [EasyRSA](https://github.com/OpenVPN/easy-rsa) - part of OpenVPN
-- [CygWin](https://www.cygwin.com/) - only for Windiws, used for launching EasyRSA scripts
 - [QtSsh](https://github.com/jaredtao/QtSsh) - forked form Qt Creator
 - and more...
 

client/core/defs.h

@@ -46,7 +46,6 @@ enum ErrorCode
     FailedToSaveConfigData,
     OpenVpnConfigMissing,
     OpenVpnManagementServerError,
-    EasyRsaError,
     ConfigMissing,
 
     // Distro errors

client/core/errorstrings.cpp

@@ -35,7 +35,6 @@ QString errorString(ErrorCode code){
     case (FailedToSaveConfigData): return QObject::tr("Failed to save config to disk");
     case (OpenVpnConfigMissing): return QObject::tr("OpenVPN config missing");
     case (OpenVpnManagementServerError): return QObject::tr("OpenVPN management server error");
-    case (EasyRsaError): return QObject::tr("EasyRSA runtime error");
 
     // Distro errors
     case (OpenVpnExecutableMissing): return QObject::tr("OpenVPN executable missing");

deploy/data/linux/client/bin/openssl-easyrsa.cnf

@@ -1,138 +0,0 @@
-# For use with Easy-RSA 3.0+ and OpenSSL or LibreSSL
-
-####################################################################
-[ ca ]
-default_ca	= CA_default		# The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir		= $ENV::EASYRSA_PKI	# Where everything is kept
-certs		= $dir			# Where the issued certs are kept
-crl_dir		= $dir			# Where the issued crl are kept
-database	= $dir/index.txt	# database index file.
-new_certs_dir	= $dir/certs_by_serial	# default place for new certs.
-
-certificate	= $dir/ca.crt	 	# The CA certificate
-serial		= $dir/serial 		# The current serial number
-crl		= $dir/crl.pem 		# The current CRL
-private_key	= $dir/private/ca.key	# The private key
-RANDFILE	= $dir/.rand		# private random number file
-
-x509_extensions	= basic_exts		# The extensions to add to the cert
-
-# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
-# is designed for will. In return, we get the Issuer attached to CRLs.
-crl_extensions	= crl_ext
-
-default_days	= $ENV::EASYRSA_CERT_EXPIRE	# how long to certify for
-default_crl_days= $ENV::EASYRSA_CRL_DAYS	# how long before next CRL
-default_md	= $ENV::EASYRSA_DIGEST		# use public key default MD
-preserve	= no			# keep passed DN ordering
-
-# This allows to renew certificates which have not been revoked
-unique_subject	= no
-
-# A few different ways of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy		= policy_anything
-
-# For the 'anything' policy, which defines allowed DN fields
-[ policy_anything ]
-countryName		= optional
-stateOrProvinceName	= optional
-localityName		= optional
-organizationName	= optional
-organizationalUnitName	= optional
-commonName		= supplied
-name			= optional
-emailAddress		= optional
-
-####################################################################
-# Easy-RSA request handling
-# We key off $DN_MODE to determine how to format the DN
-[ req ]
-default_bits		= $ENV::EASYRSA_KEY_SIZE
-default_keyfile 	= privkey.pem
-default_md		= $ENV::EASYRSA_DIGEST
-distinguished_name	= $ENV::EASYRSA_DN
-x509_extensions		= easyrsa_ca	# The extensions to add to the self signed cert
-
-# A placeholder to handle the $EXTRA_EXTS feature:
-#%EXTRA_EXTS%	# Do NOT remove or change this line as $EXTRA_EXTS support requires it
-
-####################################################################
-# Easy-RSA DN (Subject) handling
-
-# Easy-RSA DN for cn_only support:
-[ cn_only ]
-commonName		= Common Name (eg: your user, host, or server name)
-commonName_max		= 64
-commonName_default	= $ENV::EASYRSA_REQ_CN
-
-# Easy-RSA DN for org support:
-[ org ]
-countryName			= Country Name (2 letter code)
-countryName_default		= $ENV::EASYRSA_REQ_COUNTRY
-countryName_min			= 2
-countryName_max			= 2
-
-stateOrProvinceName		= State or Province Name (full name)
-stateOrProvinceName_default	= $ENV::EASYRSA_REQ_PROVINCE
-
-localityName			= Locality Name (eg, city)
-localityName_default		= $ENV::EASYRSA_REQ_CITY
-
-0.organizationName		= Organization Name (eg, company)
-0.organizationName_default	= $ENV::EASYRSA_REQ_ORG
-
-organizationalUnitName		= Organizational Unit Name (eg, section)
-organizationalUnitName_default	= $ENV::EASYRSA_REQ_OU
-
-commonName			= Common Name (eg: your user, host, or server name)
-commonName_max			= 64
-commonName_default		= $ENV::EASYRSA_REQ_CN
-
-emailAddress			= Email Address
-emailAddress_default		= $ENV::EASYRSA_REQ_EMAIL
-emailAddress_max		= 64
-
-####################################################################
-# Easy-RSA cert extension handling
-
-# This section is effectively unused as the main script sets extensions
-# dynamically. This core section is left to support the odd usecase where
-# a user calls openssl directly.
-[ basic_exts ]
-basicConstraints	= CA:FALSE
-subjectKeyIdentifier	= hash
-authorityKeyIdentifier	= keyid,issuer:always
-
-# The Easy-RSA CA extensions
-[ easyrsa_ca ]
-
-# PKIX recommendations:
-
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This could be marked critical, but it's nice to support reading by any
-# broken clients who attempt to do so.
-basicConstraints = CA:true
-
-# Limit key usage to CA tasks. If you really want to use the generated pair as
-# a self-signed cert, comment this out.
-keyUsage = cRLSign, keyCertSign
-
-# nsCertType omitted by default. Let's try to let the deprecated stuff die.
-# nsCertType = sslCA
-
-# CRL extensions.
-[ crl_ext ]
-
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-