nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'TinCanTech-status-x509-types'

Browse Source 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2022-08-28 16:57:21 +01:00
commit 7bf1a262be
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 37 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
easyrsa3/easyrsa
View File

@ -67,9 +67,9 @@ Here is the list of commands available with a short syntax reminder. Use the
pki_dir="${EASYRSA_PKI:-$err_source}" pki_dir="${EASYRSA_PKI:-$err_source}"
print "\ print "\
DIRECTORY STATUS (commands would take effect on these locations) DIRECTORY STATUS (commands would take effect on these locations)
EASYRSA: $work_dir EASYRSA: $work_dir
PKI: $pki_dir PKI: $pki_dir
" x509-types: ${EASYRSA_EXT_DIR:-Missing or undefined}"
} # => usage() } # => usage()
# Detailed command help # Detailed command help
@ -1019,6 +1019,36 @@ The preferred location for 'vars' is within the PKI folder.
or declare your 'vars' file with option: --vars=<FILE>" or declare your 'vars' file with option: --vars=<FILE>"
} # => prefer_vars_in_pki_msg() } # => prefer_vars_in_pki_msg()
# Find x509-types dir, always prefer PKI location
find_x509_types_dir() {
x509_types_dir='x509-types'
# if PKI/x509-types exists then it wins, except for command line
if [ -d "$EASYRSA_PKI/$x509_types_dir" ]; then
# use set_var to preserve command line
set_var EASYRSA_EXT_DIR "$EASYRSA_PKI/$x509_types_dir"
return
fi
# Find x509-types dir, in specific order
for area in \
'/usr/local/share/easy-rsa' \
'/usr/share/easy-rsa' \
"$PWD" \
"${0%/*}" \
'/etc/easy-rsa' \
# EOL - # Add more distros here
do
# Find x509-types
[ -e "${area}/$x509_types_dir" ] || continue
# Declare in preferred order, first wins, beaten by command line.
set_var EASYRSA_EXT_DIR "${area}/$x509_types_dir"
done
# EASYRSA_EXT_DIR must be defined
[ "${EASYRSA_EXT_DIR}" ] || return
} # => find_x509_types_dir()
# Copy data-files from various sources # Copy data-files from various sources
install_data_to_pki () { install_data_to_pki () {
# #
@ -1061,7 +1091,6 @@ install_data_to_pki () {
vars_file='vars' vars_file='vars'
vars_file_example='vars.example' vars_file_example='vars.example'
ssl_cnf_file='openssl-easyrsa.cnf' ssl_cnf_file='openssl-easyrsa.cnf'
x509_types_dir='x509-types'
# PWD - Covers EasyRSA-Windows installed by OpenVPN, and git forks # PWD - Covers EasyRSA-Windows installed by OpenVPN, and git forks
# "prog_dir" - Old way (Who installs data files in /usr/bin ?) # "prog_dir" - Old way (Who installs data files in /usr/bin ?)
@ -1094,24 +1123,10 @@ install_data_to_pki () {
cp "${area}/${source}" "$EASYRSA_PKI" || return cp "${area}/${source}" "$EASYRSA_PKI" || return
fi fi
done done
# Find x509-types
[ -e "${area}/${x509_types_dir}" ] || continue
# Declare in preferred order, first wins, beaten by command line.
# Only set if not in PKI; Same condition made in vars_setup()
if [ -d "$EASYRSA_PKI/x509-types" ]; then
continue
else
set_var EASYRSA_EXT_DIR "${area}/${x509_types_dir}"
fi
done done
# if PKI/x509-types exists then it wins, except command line # Find x509-types or fail
# Same condition made in vars_setup() find_x509_types_dir || die "Failed to find x509-types"
if [ -d "$EASYRSA_PKI/x509-types" ]; then
set_var EASYRSA_EXT_DIR "$EASYRSA_PKI/x509-types"
fi
# Create PKI/vars from PKI/example # Create PKI/vars from PKI/example
unset -v new_vars_true unset -v new_vars_true
@ -1146,13 +1161,6 @@ install_data_to_pki () {
#[ -e "${EASYRSA_PKI}/${vars_file_example}" ] || return #[ -e "${EASYRSA_PKI}/${vars_file_example}" ] || return
[ -e "${EASYRSA_PKI}/${ssl_cnf_file}" ] || return [ -e "${EASYRSA_PKI}/${ssl_cnf_file}" ] || return
# EASYRSA_EXT_DIR must be found! No exceptions!
# The shellcheck warning 2015 is valid, however, this code works correctly.
# Note that A && B || C is not if-then-else. C may run when A is true
# shellcheck disable=SC2015
[ "$EASYRSA_EXT_DIR" ] && [ -e "$EASYRSA_EXT_DIR" ] || \
die "x509-types folder cannot be found: $EASYRSA_EXT_DIR"
# Create a safe ssl file, Complete or error # Create a safe ssl file, Complete or error
require_safe_ssl_conf=1 # Always required require_safe_ssl_conf=1 # Always required
[ -e "$EASYRSA_SAFE_CONF" ] || easyrsa_openssl makesafeconf || return [ -e "$EASYRSA_SAFE_CONF" ] || easyrsa_openssl makesafeconf || return
@ -3875,7 +3883,8 @@ Priority should be given to your PKI vars file:
# If $EASYRSA_NO_VARS is defined (not blank) then do not use vars. # If $EASYRSA_NO_VARS is defined (not blank) then do not use vars.
# If $no_pki_required then located vars files are not required. # If $no_pki_required then located vars files are not required.
if [ "$EASYRSA_NO_VARS" ] || [ "$no_pki_required" ]; then if [ "$EASYRSA_NO_VARS" ] || [ "$no_pki_required" ]; then
: # ok # Find x509-types but do not fail - Not fatal here
find_x509_types_dir || :
# If a vars file was located then source it # If a vars file was located then source it
else else
@ -3918,7 +3927,6 @@ Sourcing the vars file and building certificates will probably fail ..'
# shellcheck disable=1090 # can't follow non-constant source. vars # shellcheck disable=1090 # can't follow non-constant source. vars
. "$vars" 2>/dev/null . "$vars" 2>/dev/null
unset -v EASYRSA_CALLER unset -v EASYRSA_CALLER
fi fi
fi fi
@ -3996,7 +4004,6 @@ Sourcing the vars file and building certificates will probably fail ..'
else else
prefer_vars_in_pki_msg prefer_vars_in_pki_msg
fi fi
information "Using x509-types directory: $EASYRSA_EXT_DIR"
# export OPENSSL_CONF for OpenSSL, OpenSSL config file MUST exist # export OPENSSL_CONF for OpenSSL, OpenSSL config file MUST exist
# EASYRSA_SAFE_CONF is output by 'install_data_to_pki()' # EASYRSA_SAFE_CONF is output by 'install_data_to_pki()'