From 5b4fd2b484adc6e2f506b62eb54fc38adc802766 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Mon, 8 Aug 2022 14:13:32 +0100
Subject: [PATCH] sign-req: Check for an existing certificate

'sign-req' must not over-write an existing certificate.

Closes: #629

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index c625a0b..46de7dd 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -1546,6 +1546,11 @@ Unknown cert type '$crt_type'"
 No request found for the input: '$2'
 Expected to find the request at: $req_in"
 
+	# Existing certificate file must NOT exist
+	[ ! -e "$crt_out" ] || die "\
+Cannot sign this request for '$2' because a certificate for it already exists
+at: $crt_out"
+
 	# Confirm input is a cert req
 	verify_file req "$req_in" || die "\
 The certificate request file is not in a valid X509 request format.