From 58b095454caa25607595c3e8d96e8d57816893b5 Mon Sep 17 00:00:00 2001
From: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Date: Wed, 26 Sep 2018 17:51:52 -0300
Subject: [PATCH] Remove req/privkey in build_full when sign_req fails

build_full leave req/privkey ig sign fails (i.e. when CA pass was
incorrect). If build_full fails, it should remove everything it created.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
---
 easyrsa3/easyrsa | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index de4fe43..8f354cf 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -846,7 +846,10 @@ Matching file found at: "
 	gen_req "$name" batch $req_opts
 
 	# Sign it
-	sign_req "$crt_type" "$name" batch
+	( sign_req "$crt_type" "$name" batch ) || {
+		rm -f "$req_out" "$key_out"
+		die "Failed to sign '$name'"
+	}
 
 } # => build_full()