Merge branch 'oreinert-contrib'

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>

doc/EasyRSA-Advanced.md

@@ -31,12 +31,12 @@ Configuration Reference
   The following locations are checked, in this order, for a vars file. Only the
   first one found is used:
 
-  1. File referenced by the --vars CLI option
+  1. The file referenced by the --vars CLI option
   2. The file referenced by the env-var named `EASYRSA_VARS_FILE`
-  3. The `EASYRSA_PKI` directory
-  4. The default PKI directory at $PWD/pki (usually will be the same as above)
-  4. The `EASYRSA` directory
-  5. The location of the easyrsa program (usually will be the same as above)
+  3. The directory referenced by the `EASYRSA_PKI` env-var
+  4. The default PKI directory at $PWD/pki
+  4. The directory referenced by the `EASYRSA` env-var
+  5. The directory containing the easyrsa program
 
   Defining the env-var `EASYRSA_NO_VARS` will override the sourcing of the vars
   file in all cases, including defining it subsequently as a global option.
@@ -78,10 +78,10 @@ Environmental Variables Reference
 A list of env-vars, any matching global option (CLI) to set/override it, and a
 possible terse description is shown below:
 
- *  `EASYRSA` - should point to the Easy-RSA top-level dir, normally $PWD
+ *  `EASYRSA` - should point to the Easy-RSA top-level dir, where the easyrsa script is located.
  *  `EASYRSA_OPENSSL` - command to invoke openssl
  *  `EASYRSA_SSL_CONF` - the openssl config file to use
- *  `EASYRSA_PKI` (CLI: `--pki-dir`) - dir to use to hold all PKI-specific files, normally $PWD/pki.
+ *  `EASYRSA_PKI` (CLI: `--pki-dir`) - dir to use to hold all PKI-specific files, defaults to $PWD/pki.
  *  `EASYRSA_DN` (CLI: `--dn-mode`) - set to the string `cn_only` or `org` to
     alter the fields to include in the req DN
  *  `EASYRSA_REQ_COUNTRY` (CLI: `--req-c`) - set the DN country with org mode

easyrsa3/vars.example

@@ -39,10 +39,15 @@ fi
 
 # DO YOUR EDITS BELOW THIS POINT
 
-# This variable should point to the top level of the easy-rsa tree. By default,
-# this is taken to be the directory you are currently in.
+# This variable is used as the base location of configuration files needed by
+# easyrsa.  More specific variables for specific files (e.g., EASYRSA_SSL_CONF)
+# may override this default.
+#
+# The default value of this variable is the location of the easyrsa script
+# itself, which is also where the configuration files are located in the
+# easy-rsa tree.
 
-#set_var EASYRSA	"$PWD"
+#set_var EASYRSA	"${0%/*}"
 
 # If your OpenSSL command is not in the system PATH, you will need to define the
 # path to it here. Normally this means a full path to the executable, otherwise
@@ -57,12 +62,14 @@ fi
 # This sample is in Windows syntax -- edit it for your path if not using PATH:
 #set_var EASYRSA_OPENSSL	"C:/Program Files/OpenSSL-Win32/bin/openssl.exe"
 
-# Edit this variable to point to your soon-to-be-created key directory.
+# Edit this variable to point to your soon-to-be-created key directory.  By
+# default, this will be "$PWD/pki" (i.e. the "pki" subdirectory of the
+# directory you are currently in).
 #
 # WARNING: init-pki will do a rm -rf on this directory so make sure you define
 # it correctly! (Interactive mode will prompt before acting.)
 
-#set_var EASYRSA_PKI		"$EASYRSA/pki"
+#set_var EASYRSA_PKI		"$PWD/pki"
 
 # Define X509 DN mode.
 # This is used to adjust what elements are included in the Subject field as the DN