Move verifying the SSL lib to verify_ssl_lib() and only call after verify_pki_init()

Signed-off-by: Richard Bonhomme <25598447+TinCanTech@users.noreply.github.com>
2019-01-04 00:43:08 +00:00 · 2019-01-04 00:43:08 +00:00 · 85318d19de
commit 85318d19de
parent 35b1f59e44
1 changed files with 27 additions and 22 deletions
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@ -330,28 +330,6 @@ vars_source_check() {
 	# Check for defined EASYRSA_PKI
 	[ -n "$EASYRSA_PKI" ] || die "\
 EASYRSA_PKI env-var undefined"
-
-	# make safessl-easyrsa.cnf
-	make_ssl_config
-
-	# Verify EASYRSA_OPENSSL command gives expected output
-	if [ -z "$EASYRSA_SSL_OK" ]; then
-		val="$("$EASYRSA_OPENSSL" version)"
-		case "${val%% *}" in
-			OpenSSL|LibreSSL)
-				notice "\
-Using SSL: $EASYRSA_OPENSSL $("$EASYRSA_OPENSSL" version)" ;;
-			*) die "\
-Missing or invalid OpenSSL
-Expected to find openssl command at: $EASYRSA_OPENSSL" ;;
-		esac
-	fi
-	EASYRSA_SSL_OK=1
-
-	# Verify EASYRSA_SSL_CONF file exists
-	[ -f "$EASYRSA_SSL_CONF" ] || die "\
-The OpenSSL config file cannot be found.
-Expected location: $EASYRSA_SSL_CONF"
 } # => vars_source_check()

 # Verify supplied curve exists and generate curve file if needed
@ -378,6 +356,30 @@ $out"
 	return 0
 }

+verify_ssl_lib () {
+	# make safessl-easyrsa.cnf
+	make_ssl_config
+
+	# Verify EASYRSA_OPENSSL command gives expected output
+	if [ -z "$EASYRSA_SSL_OK" ]; then
+		val="$("$EASYRSA_OPENSSL" version)"
+		case "${val%% *}" in
+			OpenSSL|LibreSSL)
+				notice "\
+Using SSL: $EASYRSA_OPENSSL $("$EASYRSA_OPENSSL" version)" ;;
+			*) die "\
+Missing or invalid OpenSSL
+Expected to find openssl command at: $EASYRSA_OPENSSL" ;;
+		esac
+	fi
+	EASYRSA_SSL_OK=1
+
+	# Verify EASYRSA_SSL_CONF file exists
+	[ -f "$EASYRSA_SSL_CONF" ] || die "\
+The OpenSSL config file cannot be found.
+Expected location: $EASYRSA_SSL_CONF"
+} # => verify_ssl_lib ()
+
 # Basic sanity-check of PKI init and complain if missing
 verify_pki_init() {
 	help_note="Run easyrsa without commands for usage and command help."
@ -395,6 +397,9 @@ $help_note"
 Missing expected directory: $i (perhaps you need to run init-pki?)
 $help_note"
 	done
+
+	# verify ssl lib
+	verify_ssl_lib
 } # => verify_pki_init()

 # Verify core CA files present