If this utility gets acceptance and use then somebody is bound to fiddle with it and break something. easytls-index.txt is probably the most fragile element, so allow it to be rebuilt on-demand (Maybe with some warnings etc).
Also, openssl can output random serial numbers that do not have 32 hex characters. easytls does not work correctly for any serial number which is not 32 hex chars. Something needs to be fixed ..
In much the same way that OpenVPN allows a server to disable clients by using --disable in a --client-config-dir file or dynamically generated by a script; In tls-crypt-v2-verify.sh allow for a pre-check of known bad certificate serial numbers to be processed prior to any further checks by checking a simple text list of bad serial numbers.
bde44e0 requires that crt_file is always set. This causes an issue when distinguishing between server cert and client cert is required. eg: build-tls-crypt-v2-client, which requires both server and client cert.
TLS-crypt-v2 client key, currently, cert serial number is stored as: serial=B6718E34F5E5443DBF3BE9FABC59B042
Change this to drop the serial= when the key is created.