From 2f841e9fecc1e5b0601930918b0e5eb71aadd261 Mon Sep 17 00:00:00 2001
From: Xavier Bachelot <xavier@bachelot.org>
Date: Mon, 28 Jan 2019 16:19:55 +0100
Subject: [PATCH] Workaround older openssl which don't have -ext

Signed-off-by: Xavier Bachelot <xavier@bachelot.org>
---
 easyrsa3/easyrsa | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 00bdcf0..313fa73 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -1018,8 +1018,8 @@ Renewal not allowed."
 
 	# Extract certificate usage from old cert
 	cert_ext_key_usage=$(
-		"$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -ext extendedKeyUsage |
-		sed -n "2p;n;s/^ *//;p;"
+		"$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -text |
+		sed -n "/X509v3 Extended Key Usage:/{n;s/^ *//g;p;}"
 		)
 	case $cert_ext_key_usage in
 		"TLS Web Client Authentication")
@@ -1037,8 +1037,8 @@ Renewal not allowed."
 	echo "$EASYRSA_EXTRA_EXTS" | grep -q subjectAltName || \
 	{
 		san=$(
-			"$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -ext subjectAltName |
-			sed -n "2p;{n;s/ //g;p;}"
+			"$EASYRSA_OPENSSL" x509 -in "$crt_in" -noout -text |
+			sed -n "/X509v3 Subject Alternative Name:/{n;s/ //g;p;}"
 			)
 		export EASYRSA_EXTRA_EXTS="\
 $EASYRSA_EXTRA_EXTS