From 8ae6bca3dc3f2ca6eead3fbae82cccf901ca0daf Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Sun, 11 Dec 2022 18:17:26 +0000 Subject: [PATCH] Windows, build-ca: Add input password to re-open private key Using OpenSSL 3.0.7, packaged by OpenVPN Windows installer, causes EasyRSA command 'build-ca' to fail, because it does not have an input password to re-open the private key, which is required to generate the CA certificate. Provide the user specified CA passphrase as input password for build-ca. Signed-off-by: Richard T Bonhomme --- easyrsa3/easyrsa | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index e0a584e..53e691c 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -1372,6 +1372,8 @@ Please update openssl-easyrsa.cnf to the latest official release." # Assign passphrase vars and temp file p="" q="" + in_key_pass_tmp="$(easyrsa_mktemp)" || \ + die "Failed to create temporary file" out_key_pass_tmp="$(easyrsa_mktemp)" || \ die "Failed to create temporary file" @@ -1385,6 +1387,7 @@ Please update openssl-easyrsa.cnf to the latest official release." # Validate passphrase if [ "$p" = "$q" ]; then + printf "%s" "$p" > "$in_key_pass_tmp" printf "%s" "$p" > "$out_key_pass_tmp" unset -v p q else @@ -1459,6 +1462,7 @@ Please update openssl-easyrsa.cnf to the latest official release." ${EASYRSA_NO_PASS+ "$no_password"} \ ${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} \ ${EASYRSA_PASSOUT:+ -passout "$EASYRSA_PASSOUT"} \ + ${in_key_pass_tmp:+ -passin file:"$in_key_pass_tmp"} \ ${out_key_pass_tmp:+ -passin file:"$out_key_pass_tmp"} \ || die "Failed to build the CA" ;;