From 85318d19dea181620fbbbd8a213a70584336f93b Mon Sep 17 00:00:00 2001
From: Richard Bonhomme <25598447+TinCanTech@users.noreply.github.com>
Date: Fri, 4 Jan 2019 00:43:08 +0000
Subject: [PATCH] Move verifying the SSL lib to verify_ssl_lib() and only call
 after verify_pki_init()

Signed-off-by: Richard Bonhomme <25598447+TinCanTech@users.noreply.github.com>
---
 easyrsa3/easyrsa | 49 ++++++++++++++++++++++++++----------------------
 1 file changed, 27 insertions(+), 22 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 2783cc2..ef601a1 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -330,28 +330,6 @@ vars_source_check() {
 	# Check for defined EASYRSA_PKI
 	[ -n "$EASYRSA_PKI" ] || die "\
 EASYRSA_PKI env-var undefined"
-
-	# make safessl-easyrsa.cnf
-	make_ssl_config
-
-	# Verify EASYRSA_OPENSSL command gives expected output
-	if [ -z "$EASYRSA_SSL_OK" ]; then
-		val="$("$EASYRSA_OPENSSL" version)"
-		case "${val%% *}" in
-			OpenSSL|LibreSSL)
-				notice "\
-Using SSL: $EASYRSA_OPENSSL $("$EASYRSA_OPENSSL" version)" ;;
-			*) die "\
-Missing or invalid OpenSSL
-Expected to find openssl command at: $EASYRSA_OPENSSL" ;;
-		esac
-	fi
-	EASYRSA_SSL_OK=1
-
-	# Verify EASYRSA_SSL_CONF file exists
-	[ -f "$EASYRSA_SSL_CONF" ] || die "\
-The OpenSSL config file cannot be found.
-Expected location: $EASYRSA_SSL_CONF"
 } # => vars_source_check()
 
 # Verify supplied curve exists and generate curve file if needed
@@ -378,6 +356,30 @@ $out"
 	return 0
 }
 
+verify_ssl_lib () {
+	# make safessl-easyrsa.cnf
+	make_ssl_config
+
+	# Verify EASYRSA_OPENSSL command gives expected output
+	if [ -z "$EASYRSA_SSL_OK" ]; then
+		val="$("$EASYRSA_OPENSSL" version)"
+		case "${val%% *}" in
+			OpenSSL|LibreSSL)
+				notice "\
+Using SSL: $EASYRSA_OPENSSL $("$EASYRSA_OPENSSL" version)" ;;
+			*) die "\
+Missing or invalid OpenSSL
+Expected to find openssl command at: $EASYRSA_OPENSSL" ;;
+		esac
+	fi
+	EASYRSA_SSL_OK=1
+
+	# Verify EASYRSA_SSL_CONF file exists
+	[ -f "$EASYRSA_SSL_CONF" ] || die "\
+The OpenSSL config file cannot be found.
+Expected location: $EASYRSA_SSL_CONF"
+} # => verify_ssl_lib ()
+
 # Basic sanity-check of PKI init and complain if missing
 verify_pki_init() {
 	help_note="Run easyrsa without commands for usage and command help."
@@ -395,6 +397,9 @@ $help_note"
 Missing expected directory: $i (perhaps you need to run init-pki?)
 $help_note"
 	done
+
+	# verify ssl lib
+	verify_ssl_lib
 } # => verify_pki_init()
 
 # Verify core CA files present