Use stty -echo instead of read -s

Some Linux distros and BSD sh don't support the -s option to the read builin. This is the POSIX way to handle secure input to a tty. Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
2018-01-21 23:41:07 -06:00 · 2018-01-21 23:41:07 -06:00 · a1ed80517b
commit a1ed80517b
parent fae653879e
1 changed files with 7 additions and 3 deletions
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@ -419,7 +419,7 @@ build_ca() {
 	crypto="-aes256"
 	while [ -n "$1" ]; do
 		case "$1" in
-			nopass) opts="$opts -nodes "; crypt=  ;;
+			nopass) opts="$opts -nodes " ;;
 			subca) sub_ca=1 ;;
 			*) warn "Ignoring unknown command option: '$1'" ;;
 		esac
@ -468,10 +468,14 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
 	out_key_pass_tmp="$(mktemp "$out_key_pass.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_3="$out_key_pass_tmp"
 	out_file_tmp="$(mktemp "$out_file.XXXXXXXXXX")"; EASYRSA_TEMP_FILE_3="$out_file_tmp"
 	printf "Enter New CA Key Passphrase: "
-	read -s kpass
+	stty -echo
+	read kpass
+	stty echo
 	echo
 	printf "Re-Enter New CA Key Passphrase: "
-	read -s kpass2
+	stty -echo
+	read kpass2
+	stty echo
 	echo
 	if [ "$kpass" = "$kpass2" ];
 	then