nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

verify_ssl_lib(): short-circuit overload check; un-indent by one tab

Browse Source 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2022-12-07 02:15:01 +00:00
parent aa85739b2e
commit 9266caaf33
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 39 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
easyrsa3/easyrsa
View File

@ -873,54 +873,53 @@ easyrsa_openssl() {
# Verify the SSL library is functional and establish version dependencies # Verify the SSL library is functional and establish version dependencies
verify_ssl_lib() { verify_ssl_lib() {
if [ -z "$EASYRSA_SSL_OK" ]; then # Run once only
# redirect std-err to ignore missing etc/ssl/openssl.cnf file [ "$EASYRSA_SSL_OK" ] && die "verify_ssl_lib - Overloaded"
val="$("$EASYRSA_OPENSSL" version 2>/dev/null)"
# SSL lib name # redirect std-err to ignore missing etc/ssl/openssl.cnf file
case "${val%% *}" in val="$("$EASYRSA_OPENSSL" version 2>/dev/null)"
# OpenSSL does require a safe config-file for ampersand
OpenSSL) # SSL lib name
ssl_lib=openssl case "${val%% *}" in
[ "$EASYRSA_NO_SAFE_SSL" ] || require_safe_ssl_conf=1 # OpenSSL does require a safe config-file for ampersand
;; OpenSSL)
LibreSSL) ssl_lib=openssl
ssl_lib=libressl [ "$EASYRSA_NO_SAFE_SSL" ] || require_safe_ssl_conf=1
require_safe_ssl_conf=1 ;;
;; LibreSSL)
*) ssl_lib=libressl
error_msg="$("$EASYRSA_OPENSSL" version 2>&1)" require_safe_ssl_conf=1
die "\ ;;
*)
error_msg="$("$EASYRSA_OPENSSL" version 2>&1)"
die "\
Invalid SSL output for 'version': Invalid SSL output for 'version':
$error_msg" $error_msg"
esac esac
# Set SSL version dependent $no_password option # Set SSL version dependent $no_password option
osslv_major="${val#* }" osslv_major="${val#* }"
osslv_major="${osslv_major%%.*}" osslv_major="${osslv_major%%.*}"
case "$osslv_major" in case "$osslv_major" in
1) no_password='-nodes' ;; 1) no_password='-nodes' ;;
2) no_password='-nodes' ;; 2) no_password='-nodes' ;;
3) 3)
case "$ssl_lib" in case "$ssl_lib" in
openssl) no_password='-noenc' ;; openssl) no_password='-noenc' ;;
libressl) no_password='-nodes' ;; libressl) no_password='-nodes' ;;
*) die "Unsupported SSL library: $ssl_lib" *) die "Unsupported SSL library: $ssl_lib"
esac esac
;; ;;
*) die "Unsupported SSL library: $osslv_major" *) die "Unsupported SSL library: $osslv_major"
esac esac
information "Using SSL: $EASYRSA_OPENSSL ${val}" information "Using SSL: $EASYRSA_OPENSSL ${val}"
EASYRSA_SSL_OK=1 EASYRSA_SSL_OK=1
# Verify EASYRSA_SSL_CONF file exists # Verify EASYRSA_SSL_CONF file exists
[ -f "$EASYRSA_SSL_CONF" ] || die "\ [ -f "$EASYRSA_SSL_CONF" ] || die "\
The OpenSSL config file cannot be found. The OpenSSL config file cannot be found.
Expected location: $EASYRSA_SSL_CONF" Expected location: $EASYRSA_SSL_CONF"
else
die "verify_ssl_lib - Overloaded"
fi
} # => verify_ssl_lib() } # => verify_ssl_lib()
# Basic sanity-check of PKI init and complain if missing # Basic sanity-check of PKI init and complain if missing