nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

easyrsa_openssl(): Rename temp-file to reflect the purpose

Browse Source 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2022-12-02 13:29:21 +00:00
parent def581ec59
commit 3d90bd6c61
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 29 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
easyrsa3/easyrsa
View File

@ -799,48 +799,49 @@ easyrsa_openssl() {
if [ "$has_config" ]; then
# Make LibreSSL safe config file from OpenSSL config file
# Assign temp file
easyrsa_openssl_conf="$(easyrsa_mktemp)" || \
die "easyrsa_openssl - Failed to create temporary file (1)"
# Auto-escape hazardous characters:
# '&' - Workaround 'sed' behavior
# '$' - Workaround 'easyrsa' based limitation
escape_hazard
# Assign temp file
easyrsa_safe_ssl_conf="$(easyrsa_mktemp)" || \
die "easyrsa_openssl - easyrsa_mktemp failed"
# require_safe_ssl_conf is ALWAYS set by verify_ssl_lib()
if [ "$require_safe_ssl_conf" ]; then
# Make a safe SSL config file
# shellcheck disable=SC2016 # No expansion inside ' single quote
sed \
-e s\`'$dir'\`\""$EASYRSA_PKI"\"\`g \
-e s\`'$ENV::EASYRSA_PKI'\`\""$EASYRSA_PKI"\"\`g \
-e s\`'$ENV::EASYRSA_CERT_EXPIRE'\`\""$EASYRSA_CERT_EXPIRE"\"\`g \
-e s\`'$ENV::EASYRSA_CRL_DAYS'\`\""$EASYRSA_CRL_DAYS"\"\`g \
-e s\`'$ENV::EASYRSA_DIGEST'\`\""$EASYRSA_DIGEST"\"\`g \
-e s\`'$ENV::EASYRSA_KEY_SIZE'\`\""$EASYRSA_KEY_SIZE"\"\`g \
-e s\`'$ENV::EASYRSA_DN'\`\""$EASYRSA_DN"\"\`g \
-e s\`'$ENV::EASYRSA_REQ_CN'\`\""$EASYRSA_REQ_CN"\"\`g \
-e s\`'$ENV::EASYRSA_REQ_COUNTRY'\`\""$EASYRSA_REQ_COUNTRY"\"\`g \
-e s\`'$ENV::EASYRSA_REQ_PROVINCE'\`\""$EASYRSA_REQ_PROVINCE"\"\`g \
-e s\`'$ENV::EASYRSA_REQ_CITY'\`\""$EASYRSA_REQ_CITY"\"\`g \
-e s\`'$ENV::EASYRSA_REQ_ORG'\`\""$EASYRSA_REQ_ORG"\"\`g \
-e s\`'$ENV::EASYRSA_REQ_OU'\`\""$EASYRSA_REQ_OU"\"\`g \
-e s\`'$ENV::EASYRSA_REQ_EMAIL'\`\""$EASYRSA_REQ_EMAIL"\"\`g \
-e s\`'$ENV::EASYRSA_REQ_SERIAL'\`\""$EASYRSA_REQ_SERIAL"\"\`g \
"$EASYRSA_SSL_CONF" > "$easyrsa_openssl_conf" || \
die "easyrsa_openssl - Failed to make temporary config (1)"
# Make a safe SSL config file
# Break indentation for long lines
# shellcheck disable=SC2016 # No expansion inside ' single quote
sed \
-e s\`'$dir'\`\""$EASYRSA_PKI"\"\`g \
-e s\`'$ENV::EASYRSA_PKI'\`\""$EASYRSA_PKI"\"\`g \
-e s\`'$ENV::EASYRSA_CERT_EXPIRE'\`\""$EASYRSA_CERT_EXPIRE"\"\`g \
-e s\`'$ENV::EASYRSA_CRL_DAYS'\`\""$EASYRSA_CRL_DAYS"\"\`g \
-e s\`'$ENV::EASYRSA_DIGEST'\`\""$EASYRSA_DIGEST"\"\`g \
-e s\`'$ENV::EASYRSA_KEY_SIZE'\`\""$EASYRSA_KEY_SIZE"\"\`g \
-e s\`'$ENV::EASYRSA_DN'\`\""$EASYRSA_DN"\"\`g \
-e s\`'$ENV::EASYRSA_REQ_CN'\`\""$EASYRSA_REQ_CN"\"\`g \
-e s\`'$ENV::EASYRSA_REQ_COUNTRY'\`\""$EASYRSA_REQ_COUNTRY"\"\`g \
-e s\`'$ENV::EASYRSA_REQ_PROVINCE'\`\""$EASYRSA_REQ_PROVINCE"\"\`g \
-e s\`'$ENV::EASYRSA_REQ_CITY'\`\""$EASYRSA_REQ_CITY"\"\`g \
-e s\`'$ENV::EASYRSA_REQ_ORG'\`\""$EASYRSA_REQ_ORG"\"\`g \
-e s\`'$ENV::EASYRSA_REQ_OU'\`\""$EASYRSA_REQ_OU"\"\`g \
-e s\`'$ENV::EASYRSA_REQ_EMAIL'\`\""$EASYRSA_REQ_EMAIL"\"\`g \
-e s\`'$ENV::EASYRSA_REQ_SERIAL'\`\""$EASYRSA_REQ_SERIAL"\"\`g \
"$EASYRSA_SSL_CONF" > "$easyrsa_safe_ssl_conf" || \
die "easyrsa_openssl - sed failed"
else
# Do NOT Make a safe SSL config file
cp -f "$EASYRSA_SSL_CONF" "$easyrsa_openssl_conf" || \
die "easyrsa_openssl - Failed to copy temporary config"
cp -f "$EASYRSA_SSL_CONF" "$easyrsa_safe_ssl_conf" || \
die "easyrsa_openssl - copy failed"
fi
if [ "$openssl_command" = "makesafeconf" ]; then
# move temp file to safessl-easyrsa.cnf
mv -f "$easyrsa_openssl_conf" "$EASYRSA_SAFE_CONF" || \
mv -f "$easyrsa_safe_ssl_conf" "$EASYRSA_SAFE_CONF" || \
die "easyrsa_openssl - makesafeconf failed"
else
# debug log on
@ -848,7 +849,7 @@ easyrsa_openssl() {
# Exec SSL with -config temp-file
"$EASYRSA_OPENSSL" "$openssl_command" \
-config "$easyrsa_openssl_conf" "$@" || return
-config "$easyrsa_safe_ssl_conf" "$@" || return
# debug log off
if [ "$EASYRSA_DEBUG" ]; then set +x; print ">> DEBUG-OFF <<"; fi