Re-instate OPENSSL_CONF and EASYRSA_SAFE_CONF

EASYRSA_SAFE_CONF is libressl compatible config file. Create EASYRSA_SAFE_CONF during init-pki, one time per PKI. Set OPENSSL_CONF to be EASYRSA_SAFE_CONF, to prevent bogus warnings. Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
2019-06-10 18:21:44 +01:00 · 2019-06-10 18:21:44 +01:00 · 2dc63cd6fc
commit 2dc63cd6fc
parent 38ad124088
1 changed files with 15 additions and 2 deletions
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@ -336,6 +336,7 @@ easyrsa_openssl() {
 	openssl_command=$1; shift

 	case $openssl_command in
+		makesafeconf) has_config=true;;
 		ca|req|srp|ts) has_config=true;;
 		*) has_config=false;;
 	esac
@ -378,8 +379,14 @@ easyrsa_openssl() {
 		"$EASYRSA_SSL_CONF" > "$easyrsa_openssl_conf" ||
 		die "Failed to update $easyrsa_openssl_conf"

-	"$EASYRSA_OPENSSL" "$openssl_command" -config "$easyrsa_openssl_conf" "$@"
-	err=$?
+	if [ "$openssl_command" = "makesafeconf" ]; then
+		cp "$easyrsa_openssl_conf" "$EASYRSA_SAFE_CONF"
+		err=$?
+	else
+		"$EASYRSA_OPENSSL" "$openssl_command" -config "$easyrsa_openssl_conf" "$@"
+		err=$?
+	fi
+
 	rm -f "$easyrsa_openssl_conf"
 	rm -f "$easyrsa_extra_exts"
 	return $err
@ -511,9 +518,11 @@ and initialize a fresh PKI here."
 		mkdir -p "$EASYRSA_PKI/$i" || die "Failed to create PKI file structure (permissions?)"
 	done
 	
+	# Create $EASYRSA_SAFE_CONF ($OPENSSL_CONF) prevents bogus warnings (especially useful on win32)
 	if [ ! -f "$EASYRSA_SSL_CONF" ] && [ -f "$EASYRSA/openssl-easyrsa.cnf" ];
 	then
 		cp "$EASYRSA/openssl-easyrsa.cnf" "$EASYRSA_SSL_CONF"
+		easyrsa_openssl makesafeconf
 	fi

 	notice "\
@ -1568,6 +1577,7 @@ Note: using Easy-RSA configuration from: $vars"
 	set_var EASYRSA_REQ_CN		ChangeMe
 	set_var EASYRSA_DIGEST		sha256
 	set_var EASYRSA_SSL_CONF	"$EASYRSA_PKI/openssl-easyrsa.cnf"
+	set_var EASYRSA_SAFE_CONF	"$EASYRSA_PKI/safessl-easyrsa.cnf"

 	# Same as above for the x509-types extensions dir
 	if [ -d "$EASYRSA_PKI/x509-types" ]; then
@ -1587,6 +1597,9 @@ Note: using Easy-RSA configuration from: $vars"
 	fi

 	[ -n "$EASYRSA_TEMP_DIR_session" ] || EASYRSA_TEMP_DIR_session="$(mktemp -ud "$EASYRSA_TEMP_DIR/easy-rsa-$$.XXXXXX")"
+
+	# Setting OPENSSL_CONF prevents bogus warnings (especially useful on win32)
+	export OPENSSL_CONF="$EASYRSA_SAFE_CONF"
 } # vars_setup()

 # variable assignment by indirection when undefined; merely exports