nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Set 'build_ca()' specific $crypto_opts '-pass' for OpenSSL version 3

Browse Source 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2022-03-18 20:39:40 +00:00
parent 16f2d11f37
commit 73cc4a62cc
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
easyrsa3/easyrsa
View File

@ -680,6 +680,16 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
# BEGIN SSL V3
3)
# If encrypted then create the CA key using AES256 cipher ($crypto)
# 'genpkey' requires '-pass'
crypto_opts=""
if [ ! $nopass ]; then
crypto_opts="$crypto"
if [ -z "$EASYRSA_PASSOUT" ]; then
crypto_opts="$crypto_opts -pass file:$out_key_pass_tmp"
fi
fi
# Generate CA Key - OpenSSL v3 'genpkey' is not compatible
# with easyrsa $opts and $no_password, do NOT use them here
# shellcheck disable=SC2086 # Ignore unquoted variables
@ -717,6 +727,7 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
esac
# Private key encryption password or use no_password
# 'req' requires '-passin'
crypto_opts=""
if [ ! $nopass ] && [ -z "$EASYRSA_PASSIN" ]; then
crypto_opts="-passin file:$out_key_pass_tmp"