nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

select_vars: Set "expected" values ONLY when "$PWD/pki/vars" is used

Browse Source 
Vars 'expected_EASYRSA' and 'expected_EASYRSA_PKI' must only be set
when "$PWD/pki/vars" is used. This is the only file which can set the
PKI to an "unexpected" location.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2023-09-29 03:02:34 +01:00
parent 302fa37a79
commit 29bd64ceb0
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 46 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
easyrsa3/easyrsa
View File

@ -5616,55 +5616,60 @@ select_vars() {
unset -v EASYRSA_VARS_FILE unset -v EASYRSA_VARS_FILE
# skip the rest of this function # skip the rest of this function
return return
fi
# User specified vars file will be used ONLY # User specified vars file will be used ONLY
if [ "$EASYRSA_VARS_FILE" ]; then elif [ "$EASYRSA_VARS_FILE" ]; then
# Takes priority, nothing to do # Takes priority, nothing to do
verbose "select_vars: EASYRSA_VARS_FILE" verbose "select_vars: EASYRSA_VARS_FILE"
fi
# User specified PKI; if vars exists, use it ONLY # This is where auto-load goes bananas
if [ "$EASYRSA_PKI" ]; then else
if [ -e "$EASYRSA_PKI/vars" ]; then
verbose "select_vars: source EASYRSA_PKI/vars" # User specified PKI; if vars exists, use it ONLY
set_var EASYRSA_VARS_FILE "$EASYRSA_PKI/vars" if [ "$EASYRSA_PKI" ]; then
if [ -e "$EASYRSA_PKI/vars" ]; then
verbose "select_vars: source EASYRSA_PKI/vars"
set_var EASYRSA_VARS_FILE "$EASYRSA_PKI/vars"
fi
fi
# User specified EASYRSA; if vars exists, use it ONLY
if [ "$EASYRSA" ]; then
if [ -e "$EASYRSA/vars" ]; then
verbose "select_vars: EASYRSA/vars"
set_var EASYRSA_VARS_FILE "$EASYRSA/vars"
fi
fi
# Default PKI; if vars exists, use it ONLY
if [ -e "$PWD/pki/vars" ]; then
# Prevent vars from changing expected PKI.
# A vars in the PKI MUST always imply EASYRSA_PKI
# This is NOT backward compatible
# Use expected value comparison for v3.1.7
if [ -z "$EASYRSA_VARS_FILE" ]; then
expected_EASYRSA="$PWD"
expected_EASYRSA_PKI="$PWD/pki"
fi
# Use this for v3.2.0
# If the pki/vars sets a different PKI then
# there will be no PKI in the default /pki
#set_var EASYRSA "$PWD"
#set_var EASYRSA_PKI "$EASYRSA/pki"
verbose "select_vars: PWD/pki/vars"
set_var EASYRSA_VARS_FILE "$PWD/pki/vars"
fi
# Default working dir; if vars exists, use it ONLY
if [ -e "$PWD/vars" ]; then
verbose "select_vars: PWD/vars"
set_var EASYRSA_VARS_FILE="$PWD/vars"
fi fi
fi fi
# User specified EASYRSA; if vars exists, use it ONLY # User info
if [ "$EASYRSA" ]; then
if [ -e "$EASYRSA/vars" ]; then
verbose "select_vars: EASYRSA/vars"
set_var EASYRSA_VARS_FILE "$EASYRSA/vars"
fi
fi
# Default PKI; if vars exists, use it ONLY
if [ -e "$PWD/pki/vars" ]; then
# Prevent vars from changing expected PKI.
# A vars in the PKI MUST always imply EASYRSA_PKI
# This is NOT backward compatible
# Use expected value comparison for v3.1.7
expected_EASYRSA="$PWD"
expected_EASYRSA_PKI="$PWD/pki"
#
# Use this for v3.2.0
# If the pki/vars sets a different PKI then
# there will be no PKI in the default /pki
#set_var EASYRSA "$PWD"
#set_var EASYRSA_PKI "$EASYRSA/pki"
verbose "select_vars: PWD/pki/vars"
set_var EASYRSA_VARS_FILE "$PWD/pki/vars"
fi
# Default working dir; if vars exists, use it ONLY
if [ -e "$PWD/vars" ]; then
verbose "select_vars: PWD/vars"
set_var EASYRSA_VARS_FILE="$PWD/vars"
fi
if [ -z "$EASYRSA_VARS_FILE" ]; then if [ -z "$EASYRSA_VARS_FILE" ]; then
[ "$require_pki" ] && information "\ [ "$require_pki" ] && information "\
No Easy-RSA 'vars' configuration file exists!" No Easy-RSA 'vars' configuration file exists!"