diff --git a/README.md b/README.md index dea7d5af..4d5cd364 100644 --- a/README.md +++ b/README.md @@ -20,8 +20,6 @@ AmneziaVPN uses a number of open source projects to work: - [OpenVPN](https://openvpn.net/) - [ShadowSocks](https://shadowsocks.org/) - [Qt](https://www.qt.io/) -- [EasyRSA](https://github.com/OpenVPN/easy-rsa) - part of OpenVPN -- [CygWin](https://www.cygwin.com/) - only for Windiws, used for launching EasyRSA scripts - [QtSsh](https://github.com/jaredtao/QtSsh) - forked form Qt Creator - and more... diff --git a/client/core/defs.h b/client/core/defs.h index bed6b1c3..5845fd3c 100644 --- a/client/core/defs.h +++ b/client/core/defs.h @@ -46,7 +46,6 @@ enum ErrorCode FailedToSaveConfigData, OpenVpnConfigMissing, OpenVpnManagementServerError, - EasyRsaError, ConfigMissing, // Distro errors diff --git a/client/core/errorstrings.cpp b/client/core/errorstrings.cpp index 23e4e36e..19839611 100644 --- a/client/core/errorstrings.cpp +++ b/client/core/errorstrings.cpp @@ -35,7 +35,6 @@ QString errorString(ErrorCode code){ case (FailedToSaveConfigData): return QObject::tr("Failed to save config to disk"); case (OpenVpnConfigMissing): return QObject::tr("OpenVPN config missing"); case (OpenVpnManagementServerError): return QObject::tr("OpenVPN management server error"); - case (EasyRsaError): return QObject::tr("EasyRSA runtime error"); // Distro errors case (OpenVpnExecutableMissing): return QObject::tr("OpenVPN executable missing"); diff --git a/deploy/data/linux/client/bin/openssl-easyrsa.cnf b/deploy/data/linux/client/bin/openssl-easyrsa.cnf deleted file mode 100755 index 5c4fc79e..00000000 --- a/deploy/data/linux/client/bin/openssl-easyrsa.cnf +++ /dev/null @@ -1,138 +0,0 @@ -# For use with Easy-RSA 3.0+ and OpenSSL or LibreSSL - -#################################################################### -[ ca ] -default_ca = CA_default # The default ca section - -#################################################################### -[ CA_default ] - -dir = $ENV::EASYRSA_PKI # Where everything is kept -certs = $dir # Where the issued certs are kept -crl_dir = $dir # Where the issued crl are kept -database = $dir/index.txt # database index file. -new_certs_dir = $dir/certs_by_serial # default place for new certs. - -certificate = $dir/ca.crt # The CA certificate -serial = $dir/serial # The current serial number -crl = $dir/crl.pem # The current CRL -private_key = $dir/private/ca.key # The private key -RANDFILE = $dir/.rand # private random number file - -x509_extensions = basic_exts # The extensions to add to the cert - -# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA -# is designed for will. In return, we get the Issuer attached to CRLs. -crl_extensions = crl_ext - -default_days = $ENV::EASYRSA_CERT_EXPIRE # how long to certify for -default_crl_days= $ENV::EASYRSA_CRL_DAYS # how long before next CRL -default_md = $ENV::EASYRSA_DIGEST # use public key default MD -preserve = no # keep passed DN ordering - -# This allows to renew certificates which have not been revoked -unique_subject = no - -# A few different ways of specifying how similar the request should look -# For type CA, the listed attributes must be the same, and the optional -# and supplied fields are just that :-) -policy = policy_anything - -# For the 'anything' policy, which defines allowed DN fields -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -name = optional -emailAddress = optional - -#################################################################### -# Easy-RSA request handling -# We key off $DN_MODE to determine how to format the DN -[ req ] -default_bits = $ENV::EASYRSA_KEY_SIZE -default_keyfile = privkey.pem -default_md = $ENV::EASYRSA_DIGEST -distinguished_name = $ENV::EASYRSA_DN -x509_extensions = easyrsa_ca # The extensions to add to the self signed cert - -# A placeholder to handle the $EXTRA_EXTS feature: -#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it - -#################################################################### -# Easy-RSA DN (Subject) handling - -# Easy-RSA DN for cn_only support: -[ cn_only ] -commonName = Common Name (eg: your user, host, or server name) -commonName_max = 64 -commonName_default = $ENV::EASYRSA_REQ_CN - -# Easy-RSA DN for org support: -[ org ] -countryName = Country Name (2 letter code) -countryName_default = $ENV::EASYRSA_REQ_COUNTRY -countryName_min = 2 -countryName_max = 2 - -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE - -localityName = Locality Name (eg, city) -localityName_default = $ENV::EASYRSA_REQ_CITY - -0.organizationName = Organization Name (eg, company) -0.organizationName_default = $ENV::EASYRSA_REQ_ORG - -organizationalUnitName = Organizational Unit Name (eg, section) -organizationalUnitName_default = $ENV::EASYRSA_REQ_OU - -commonName = Common Name (eg: your user, host, or server name) -commonName_max = 64 -commonName_default = $ENV::EASYRSA_REQ_CN - -emailAddress = Email Address -emailAddress_default = $ENV::EASYRSA_REQ_EMAIL -emailAddress_max = 64 - -#################################################################### -# Easy-RSA cert extension handling - -# This section is effectively unused as the main script sets extensions -# dynamically. This core section is left to support the odd usecase where -# a user calls openssl directly. -[ basic_exts ] -basicConstraints = CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always - -# The Easy-RSA CA extensions -[ easyrsa_ca ] - -# PKIX recommendations: - -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -# This could be marked critical, but it's nice to support reading by any -# broken clients who attempt to do so. -basicConstraints = CA:true - -# Limit key usage to CA tasks. If you really want to use the generated pair as -# a self-signed cert, comment this out. -keyUsage = cRLSign, keyCertSign - -# nsCertType omitted by default. Let's try to let the deprecated stuff die. -# nsCertType = sslCA - -# CRL extensions. -[ crl_ext ] - -# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. - -# issuerAltName=issuer:copy -authorityKeyIdentifier=keyid:always,issuer:always -