From 8ede536206edeeb14c1fc1f7babeafd7d267cac4 Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Thu, 8 Dec 2022 00:17:17 +0000 Subject: [PATCH] Re-order easyrsa_openssl() temp-file assignment Always assign the easyrsa_openssl() temp-file before escape_hazard(). In the event of failure, easyrsa_openssl() will try first. Signed-off-by: Richard T Bonhomme --- easyrsa3/easyrsa | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 3d23c4f..c0c67a6 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -797,20 +797,22 @@ easyrsa_openssl() { has_config=1 fi - # Make LibreSSL safe config file from OpenSSL config file + # Assign safe temp file to create, may not be used + easyrsa_safe_ssl_conf="$(easyrsa_mktemp)" || \ + die "easyrsa_openssl - easyrsa_mktemp failed" # Auto-escape hazardous characters: # '&' - Workaround 'sed' behavior # '$' - Workaround 'easyrsa' based limitation + # This is required for all SSL libs, otherwise, + # there are unacceptable differences in behavior escape_hazard - # Currently, $require_safe_ssl_conf is ALWAYS set by verify_ssl_lib() + # Make LibreSSL safe config file from OpenSSL config file + # $require_safe_ssl_conf is ALWAYS set by verify_ssl_lib() + # Can be over-ruled for OpenSSL by option --no-safe-ssl if [ "$require_safe_ssl_conf" ]; then - # Assign safe temp file - easyrsa_safe_ssl_conf="$(easyrsa_mktemp)" || \ - die "easyrsa_openssl - easyrsa_mktemp failed" - # Break indentation for long lines # Make a safe SSL config file # shellcheck disable=SC2016 # No expansion inside ' single quote @@ -835,11 +837,11 @@ easyrsa_openssl() { # Restore standard indentation else - # Assign safe temp file - Use original EasyRSA-OpenSSL conf + # Assign safe temp file as: Use original EasyRSA-OpenSSL conf easyrsa_safe_ssl_conf="$EASYRSA_SSL_CONF" fi - # set $OPENSSL_CONF - Use safe temp-file previously assigned + # set $OPENSSL_CONF - Use which-ever file is assigned above export OPENSSL_CONF="$easyrsa_safe_ssl_conf" # Execute command