From 2eda52061bb82dba8f12a1356eb37768adab0002 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Sun, 19 Feb 2023 21:37:30 +0000
Subject: [PATCH] sign-req: Only create a random serial number file when
 expected

When EASYRSA_RAND_SN="no", the file pki/serial file is not meant to
be updated by easyrsa. OpenSSL manages the file itself.

Move the code to write the file pki/serial with a random number,
inside the if condition for EASYRSA_RAND_SN, so the file is only
written to by easyrsa, when a random serial number is expected.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 90f25f1..4a92415 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -1765,12 +1765,12 @@ sign_req() {
 sign_req - Randomize Serial number failed:
 
 $check_serial"
-	fi
 
-	# Print random $serial to pki/serial file
-	# for use by SSL config
-	print "$serial" > "$EASYRSA_PKI/serial" || \
-		die "sign_req - write serial to file"
+		# Print random $serial to pki/serial file
+		# for use by SSL config
+		print "$serial" > "$EASYRSA_PKI/serial" || \
+			die "sign_req - write serial to file"
+	fi
 
 	verify_ca_init