nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor export_pkcs() - Quote all expansions (#494)

Browse Source 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2022-04-22 21:00:28 +01:00
parent 4b9b3ed657
commit 2396b2f41a
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
easyrsa3/easyrsa
View File

@ -1742,7 +1742,6 @@ Run easyrsa without commands for usage and command help."
shift
done
pkcs_opts=
pkcs_certfile_path=
if [ "$want_ca" ]; then
verify_file x509 "$crt_ca" || die "\
@ -1766,16 +1765,17 @@ Unable to export p12 for short name '$short_name' without the key
(if you want a p12 without the private key, use nokey option.)
Missing key expected at: $key_in"
else
pkcs_opts="-nokeys"
nokeys=1
fi
# export the p12:
# shellcheck disable=SC2086 # Ignore unquoted variables
easyrsa_openssl pkcs12 -in "$crt_in" -inkey "$key_in" -export \
-out "$pkcs_out" $pkcs_opts \
${pkcs_certfile_path:+-certfile "$pkcs_certfile_path"} \
${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} \
${EASYRSA_PASSOUT:+-passout "$EASYRSA_PASSOUT"} || die "\
-out "$pkcs_out" \
${nokeys:+ -nokeys} \
${pkcs_certfile_path:+ -certfile "$pkcs_certfile_path"} \
${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} \
${EASYRSA_PASSOUT:+ -passout "$EASYRSA_PASSOUT"} || die "\
Export of p12 failed: see above for related openssl errors."
;;
p7)
@ -1784,22 +1784,24 @@ Export of p12 failed: see above for related openssl errors."
# export the p7:
easyrsa_openssl crl2pkcs7 -nocrl -certfile "$crt_in" \
-out "$pkcs_out" \
${pkcs_certfile_path:+-certfile "$pkcs_certfile_path"} \
${pkcs_certfile_path:+ -certfile "$pkcs_certfile_path"} \
|| die "\
Export of p7 failed: see above for related openssl errors."
;;
p8)
if [ -z "$want_pass" ]; then
pkcs_opts="-nocrypt"
fi
pkcs_out="$EASYRSA_PKI/private/$short_name.p8"
if [ -z "$want_pass" ]; then
EASYRSA_PASSIN=pass:
EASYRSA_PASSOUT=pass:
fi
# export the p8:
# shellcheck disable=SC2086 # Ignore unquoted variables
easyrsa_openssl pkcs8 -in "$key_in" -topk8 \
-out "$pkcs_out" $pkcs_opts \
${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} \
${EASYRSA_PASSOUT:+-passout "$EASYRSA_PASSOUT"} || die "\
${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} \
${EASYRSA_PASSOUT:+ -passout "$EASYRSA_PASSOUT"} || die "\
Export of p8 failed: see above for related openssl errors."
;;
esac