From 51cb520887ca3d48377e7117ba3b9b7fe3aaebf2 Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Mon, 22 May 2023 18:16:32 +0100 Subject: [PATCH] build-ca: Force the unit-test to build CA with pass via 'stdin' method ERSA_UTEST_VERSION and EASYRSA_USE_PASS are only defined when the unit-tests are run. When they are detected, force use of CA password via 'stdin'. Signed-off-by: Richard T Bonhomme --- easyrsa3/easyrsa | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 1f61e4b..37731cb 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -1575,6 +1575,15 @@ to the latest Easy-RSA release." then : # No passphrase required + # Strictly for use only by easyrsa-unit-tests.sh + elif [ "$ERSA_UTEST_VERSION" ] && [ "$EASYRSA_USE_PASS" ] + then + # Set a test password and use file-descriptor method + CA_key_pass='EasyRSA' + # To use stdin for -passin and -passout + # MUST use -batch + ssl_batch=1 + elif [ "$EASYRSA_PASSOUT" ] && [ "$EASYRSA_PASSIN" ] then : # passphrase defined @@ -1700,8 +1709,14 @@ to the latest Easy-RSA release." ;; *) die "Unknown algorithm: $EASYRSA_ALGO" esac + verbose "\ -build_ca: CA key password created via FD" +build_ca: CA key password created via stdin" + if [ "$ERSA_UTEST_VERSION" ] && \ + [ "$EASYRSA_USE_PASS" ] + then + print "CA key via stdin" + fi else case "$EASYRSA_ALGO" in @@ -1753,12 +1768,19 @@ build_ca: CA key password created via temp-files" ${CA_key_pass} EOF then - verbose "\ -build_ca: CA certificate password created via FD" + : # ok else die "Failed to build the CA keypair." fi + verbose "\ +build_ca: CA certificate password created via stdin" + if [ "$ERSA_UTEST_VERSION" ] && \ + [ "$EASYRSA_USE_PASS" ] + then + print "CA Cert via stdin" + fi + else easyrsa_openssl req -utf8 -new \ -key "$out_key_tmp" -keyout "$out_key_tmp" \