Windows, build-ca: Add input password to re-open private key

Using OpenSSL 3.0.7, packaged by OpenVPN Windows installer, causes EasyRSA command 'build-ca' to fail, because it does not have an input password to re-open the private key, which is required to generate the CA certificate. Provide the user specified CA passphrase as input password for build-ca. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
2022-12-11 18:17:26 +00:00 · 2022-12-11 18:17:26 +00:00 · 8ae6bca3dc
commit 8ae6bca3dc
parent bec781d3fe
1 changed files with 4 additions and 0 deletions
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@ -1372,6 +1372,8 @@ Please update openssl-easyrsa.cnf to the latest official release."
 		# Assign passphrase vars and temp file
 		p=""
 		q=""
+		in_key_pass_tmp="$(easyrsa_mktemp)" || \
+			die "Failed to create temporary file"
 		out_key_pass_tmp="$(easyrsa_mktemp)" || \
 			die "Failed to create temporary file"

@ -1385,6 +1387,7 @@ Please update openssl-easyrsa.cnf to the latest official release."

 		# Validate passphrase
 		if [ "$p" = "$q" ]; then
+			printf "%s" "$p" > "$in_key_pass_tmp"
 			printf "%s" "$p" > "$out_key_pass_tmp"
 			unset -v p q
 		else
@ -1459,6 +1462,7 @@ Please update openssl-easyrsa.cnf to the latest official release."
 			${EASYRSA_NO_PASS+ "$no_password"} \
 			${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} \
 			${EASYRSA_PASSOUT:+ -passout "$EASYRSA_PASSOUT"} \
+			${in_key_pass_tmp:+ -passin file:"$in_key_pass_tmp"} \
 			${out_key_pass_tmp:+ -passin file:"$out_key_pass_tmp"} \
 				|| die "Failed to build the CA"
 	;;