nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Only log SSL Library version once

Browse Source 
Move the 'fi' below the output, restore old behaviour.

Minor improvments to readability:
* Make "No Safe SSL config-file" the default.
  OpenSSL does not require a "Safe" config-file, only LibreSSL does.
  Change from $no_safe_ssl_conf to $require_safe_ssl_conf.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2022-04-25 22:56:28 +01:00
parent d199389217
commit a703f30e37
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 21 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
easyrsa3/easyrsa
View File

@ -448,12 +448,9 @@ easyrsa_openssl() {
die "easyrsa_openssl - Failed to create temporary file" die "easyrsa_openssl - Failed to create temporary file"
fi fi
# OpenSSL does not need a safe config, skip this stage # OpenSSL does not require a safe config, so skip to the copy
if [ "$no_safe_ssl_conf" ]; then if [ "$require_safe_ssl_conf" ]; then
cp -f "$EASYRSA_SSL_CONF" "$easyrsa_openssl_conf" || \ # Make a safe SSL config file
die "easyrsa_openssl - Failed to make temporary config"
else
sed \ sed \
-e "s\`ENV::EASYRSA\`EASYRSA\`g" \ -e "s\`ENV::EASYRSA\`EASYRSA\`g" \
-e "s\`\$dir\`$EASYRSA_PKI\`g" \ -e "s\`\$dir\`$EASYRSA_PKI\`g" \
@ -473,6 +470,10 @@ easyrsa_openssl() {
-e "s\`\$EASYRSA_REQ_EMAIL\`$EASYRSA_REQ_EMAIL\`g" \ -e "s\`\$EASYRSA_REQ_EMAIL\`$EASYRSA_REQ_EMAIL\`g" \
"$EASYRSA_SSL_CONF" > "$easyrsa_openssl_conf" || \ "$EASYRSA_SSL_CONF" > "$easyrsa_openssl_conf" || \
die "easyrsa_openssl - Failed to make temporary config" die "easyrsa_openssl - Failed to make temporary config"
else
# Do NOT Make a safe SSL config file
cp -f "$EASYRSA_SSL_CONF" "$easyrsa_openssl_conf" || \
die "easyrsa_openssl - Failed to copy temporary config"
fi fi
if [ "$openssl_command" = "makesafeconf" ]; then if [ "$openssl_command" = "makesafeconf" ]; then
@ -543,13 +544,12 @@ verify_ssl_lib() {
val="$("$EASYRSA_OPENSSL" version)" val="$("$EASYRSA_OPENSSL" version)"
case "${val%% *}" in case "${val%% *}" in
# OpenSSL does not require a safe config-file # OpenSSL does not require a safe config-file
OpenSSL) no_safe_ssl_conf=1 ;; OpenSSL) unset -v require_safe_ssl_conf ;;
LibreSSL) : ;; # ok LibreSSL) require_safe_ssl_conf=1 ;;
*) die "\ *) die "\
Missing or invalid OpenSSL Missing or invalid OpenSSL
Expected to find openssl command at: $EASYRSA_OPENSSL" Expected to find openssl command at: $EASYRSA_OPENSSL"
esac esac
fi
# Set SSL version dependent $no_password option # Set SSL version dependent $no_password option
osslv_major="${val#* }" osslv_major="${val#* }"
@ -562,6 +562,7 @@ Expected to find openssl command at: $EASYRSA_OPENSSL"
esac esac
notice "Using SSL: $EASYRSA_OPENSSL $val" notice "Using SSL: $EASYRSA_OPENSSL $val"
EASYRSA_SSL_OK=1 EASYRSA_SSL_OK=1
fi
# Verify EASYRSA_SSL_CONF file exists # Verify EASYRSA_SSL_CONF file exists
[ -f "$EASYRSA_SSL_CONF" ] || die "\ [ -f "$EASYRSA_SSL_CONF" ] || die "\