Make easyrsa_openssl() aware of the SSL Library version

Commit a0dbc346bd92088ee481f5488ac53a7537b32073 leads to bug caused by OpenSSL 'genpkey' inconsistency. OpenSSL version 1 'genpkey' does not support option '-config' but OpenSSL version 3 does. (Details can be found at: https://www.openssl.org/docs/manpages.html) To use 'genpkey' option '-config', easyrsa_openssl() needs to be aware of the SSL Library version and only set '-config' for version 3. This patch sets OpenSSL version 3 ONLY option '-config' for 'genpkey'. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
2022-03-20 21:20:20 +00:00 · 2022-03-20 21:20:20 +00:00 · a7e0b3fe69
commit a7e0b3fe69
parent 7b3fdee224
1 changed files with 13 additions and 1 deletions
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@ -351,10 +351,22 @@ easyrsa_openssl() {

 	case $openssl_command in
 		makesafeconf) has_config=true;;
-		ca|req|srp|ts|genpkey) has_config=true;;
+		ca|req|srp|ts) has_config=true;;
 		*) has_config=false;;
 	esac

+	case "$osslv_major" in
+	3)
+		case $openssl_command in
+		genpkey) has_config=true;;
+		*) : ;; # ok
+		esac
+	;;
+	1)	: ;; # ok
+	'')	: ;; # Unset then this is init-pki
+	*)	die "Unsupported openssl version: $osslv_major"
+	esac
+
 	if ! $has_config; then
 		"$EASYRSA_OPENSSL" "$openssl_command" "$@"
 		return