Merge branch 'TinCanTech-ca-x509-types-files'

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
2022-09-21 21:36:52 +01:00 · 2022-09-21 21:36:52 +01:00 · 0fed20bf9e
commit 0fed20bf9e
parent bceab3ee74 b6748d9fdc
2 changed files with 9 additions and 2 deletions
--- a/1
+++ b/1
@ -1,6 +1,7 @@
 Easy-RSA 3 ChangeLog

 3.1.1 (TBD)
+   * Always ensure X509-types files exist (#581 #696)
   * Remove renew-req (#684)
   * Re-enable use of '--vars=FILE init-pki' #640 (Revert #566)
   * Introduce --keep-tmp, keep temp files for debugging (#667)
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@ -1298,6 +1298,12 @@ $EASYRSA_PKI
 Refusing to create a new CA keypair as this operation would overwrite your
 current CA keypair. If you intended to start a new CA, run init-pki first."

+	# Cert type must exist under the EASYRSA_EXT_DIR
+	[ -e "$EASYRSA_EXT_DIR/ca" ] || die "\
+Missing X509-type 'ca'"
+	[ -e "$EASYRSA_EXT_DIR/COMMON" ] || die "\
+Missing X509-type 'COMMON'"
+
 	# Check for insert-marker in ssl config file
 	if ! grep -q '^#%CA_X509_TYPES_EXTRA_EXTS%' "$EASYRSA_SSL_CONF"; then
 		die "\
@ -1645,9 +1651,9 @@ expected 2, got $# (see command help for usage)"

 	# Cert type must exist under the EASYRSA_EXT_DIR
 	[ -e "$EASYRSA_EXT_DIR/$crt_type" ] || die "\
-Unknown cert type '$crt_type'"
+Missing X509-type '$crt_type'"
 	[ -e "$EASYRSA_EXT_DIR/COMMON" ] || die "\
-Missing cert type 'COMMON'"
+Missing X509-type 'COMMON'"

 	# Cert type must NOT be COMMON
 	[ "$crt_type" != COMMON ] || die "\