From a7e0b3fe69e5cdc7a500dae4c7ad96cdeb8ae47b Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Sun, 20 Mar 2022 21:20:20 +0000
Subject: [PATCH] Make easyrsa_openssl() aware of the SSL Library version

Commit a0dbc346bd92088ee481f5488ac53a7537b32073 leads to bug caused
by OpenSSL 'genpkey' inconsistency. OpenSSL version 1 'genpkey' does
not support option '-config' but OpenSSL version 3 does.
(Details can be found at: https://www.openssl.org/docs/manpages.html)

To use 'genpkey' option '-config', easyrsa_openssl() needs to be aware
of the SSL Library version and only set '-config' for version 3.

This patch sets OpenSSL version 3 ONLY option '-config' for 'genpkey'.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index ad0a158..093e7b1 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -351,10 +351,22 @@ easyrsa_openssl() {
 
 	case $openssl_command in
 		makesafeconf) has_config=true;;
-		ca|req|srp|ts|genpkey) has_config=true;;
+		ca|req|srp|ts) has_config=true;;
 		*) has_config=false;;
 	esac
 
+	case "$osslv_major" in
+	3)
+		case $openssl_command in
+		genpkey) has_config=true;;
+		*) : ;; # ok
+		esac
+	;;
+	1)	: ;; # ok
+	'')	: ;; # Unset then this is init-pki
+	*)	die "Unsupported openssl version: $osslv_major"
+	esac
+
 	if ! $has_config; then
 		"$EASYRSA_OPENSSL" "$openssl_command" "$@"
 		return