status report: Only provide comparison date when certificate exists

If the certificate does not exist then the database date is used.
The database date is a shortened ISO-8601 date, the certifcate date
is presented in a completely different format.

Omit the calculated "seconds since epoch" double check via 'date',
when the certificate does not exist.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

easyrsa3/easyrsa

@@ -4372,9 +4372,12 @@ read_db() {
 # Expire status
 expire_status() {
 	# The certificate for CN ahould exist but may not
+	unset -v expire_status_cert_exists
 	if [ -e "$cert_issued" ]; then
 
 		verbose "expire_status: cert exists"
+		expire_status_cert_exists=1
+
 		# get the serial number of the certificate
 		ssl_cert_serial "$cert_issued" cert_serial
 
@@ -4418,57 +4421,61 @@ expire_status(): FALL-BACK completed"
 		cert_not_after_date=
 		db_date_to_iso_8601_date \
 			"$db_notAfter" cert_not_after_date
+		# Cert does not exist
 	fi
 
-	# Get timestamp seconds for certificate expiry date
+	# Only verify if there is a certificate
-	# Redirection for errout is not necessary here
+	if [ "$expire_status_cert_exists" ]; then
-	cert_expire_date_s=
-	if iso_8601_timestamp_to_seconds \
-			"$cert_not_after_date" cert_expire_date_s
-	then
-		: # ok
 
-		# Verify dates via 'date +%s' format
+		# Get timestamp seconds for certificate expiry date
-		verbose "\
+		# Redirection for errout is not necessary here
-expire_status: cert_date_to_timestamp_s: for comparison"
+		cert_expire_date_s=
-		old_cert_expire_date_s=
+		if iso_8601_timestamp_to_seconds \
-		cert_date_to_timestamp_s \
+				"$cert_not_after_date" cert_expire_date_s
-			"$cert_not_after_date" old_cert_expire_date_s
-
-		# Prove this works
-		if [ "$cert_expire_date_s" = "$old_cert_expire_date_s" ]
 		then
-			verbose "expire_status: ABSOLUTE seconds MATCH:"
+			: # ok
-			verbose "  cert_expire_date_s=     $cert_expire_date_s"
+
-			verbose "  old_cert_expire_date_s= $old_cert_expire_date_s"
+			# Verify dates via 'date +%s' format
-		else
+			verbose "\
-			verbose "expire_status: ABSOLUTE seconds do not MATCH:"
+expire_status: cert_date_to_timestamp_s: for comparison"
-			verbose "  cert_expire_date_s=     $cert_expire_date_s"
+			old_cert_expire_date_s=
-			verbose "  old_cert_expire_date_s= $old_cert_expire_date_s"
+			cert_date_to_timestamp_s \
-			verbose "  difference=             \
+				"$cert_not_after_date" old_cert_expire_date_s
+
+			# Prove this works
+			if [ "$cert_expire_date_s" = "$old_cert_expire_date_s" ]
+			then
+				verbose "expire_status: ABSOLUTE seconds MATCH:"
+				verbose "  cert_expire_date_s=     $cert_expire_date_s"
+				verbose "  old_cert_expire_date_s= $old_cert_expire_date_s"
+			else
+				verbose "expire_status: ABSOLUTE seconds do not MATCH:"
+				verbose "  cert_expire_date_s=     $cert_expire_date_s"
+				verbose "  old_cert_expire_date_s= $old_cert_expire_date_s"
+				verbose "  difference=             \
 $(( cert_expire_date_s - old_cert_expire_date_s ))"
 
-			# If there is an error then use --days-margin=10
+				# If there is an error then use --days-margin=10
-			[ "$EASYRSA_iso_8601_MARGIN" ] || \
+				[ "$EASYRSA_iso_8601_MARGIN" ] || \
-				die "\
+					die "\
 expire_status - ABSOLUTE seconds mismatch: Use --allow-margin=N"
 
-			# Allows days for margin of error in seconds
+				# Allows days for margin of error in seconds
-			margin_s="$((
+				margin_s="$((
-				EASYRSA_iso_8601_MARGIN * (60 * 60 * 24) + 1
+					EASYRSA_iso_8601_MARGIN * (60 * 60 * 24) + 1
-				))"
+					))"
-			margin_plus_s="$((
+				margin_plus_s="$((
-				old_cert_expire_date_s + margin_s
+					old_cert_expire_date_s + margin_s
-				))"
+					))"
-			margin_minus_s="$((
+				margin_minus_s="$((
-				old_cert_expire_date_s - margin_s
+					old_cert_expire_date_s - margin_s
-				))"
+					))"
 
-			if [ "$cert_expire_date_s" -lt "$margin_plus_s" ] && \
+				if [ "$cert_expire_date_s" -lt "$margin_plus_s" ] && \
-				[ "$cert_expire_date_s" -gt "$margin_minus_s" ]
+					[ "$cert_expire_date_s" -gt "$margin_minus_s" ]
-			then
+				then
-				: # ok
+					: # ok
-				verbose "\
+					verbose "\
 expire_status: MARGIN seconds ACCEPTED:
   cert_expire_date_s=     $cert_expire_date_s
   old_cert_expire_date_s= $old_cert_expire_date_s
@@ -4476,35 +4483,36 @@ expire_status: MARGIN seconds ACCEPTED:
   $(( cert_expire_date_s - old_cert_expire_date_s ))
   margin_plus_s=          $margin_plus_s
   margin_minus_s=         $margin_minus_s"
-			else
+				else
-				verbose "\
+					verbose "\
 expire_status: MARGIN seconds REJECTED:
   cert_expire_date_s=     $cert_expire_date_s
   old_cert_expire_date_s= $old_cert_expire_date_s
   margin_plus_s=          $margin_plus_s
   margin_minus_s=         $margin_minus_s"
 
-				die "\
+					die "\
 expire_status: Verify cert expire date EXCESS mismatch!"
+				fi
 			fi
-		fi
 
-		verbose "\
+			verbose "\
 expire_status: cert_date_to_timestamp_s: comparison complete"
 
-	else
+		else
-		verbose  "\
+			verbose  "\
 expire_status: ACCEPTED ERROR-2: \
 iso_8601_timestamp_to_seconds"
-		verbose "\
+			verbose "\
 expire_status: CONSUMED ERROR: \
 FALL-BACK to default SSL date format"
 
-		cert_date_to_timestamp_s \
+			cert_date_to_timestamp_s \
-			"$cert_not_after_date" cert_expire_date_s
+				"$cert_not_after_date" cert_expire_date_s
 
-		verbose "\
+			verbose "\
 expire_status: FALL-BACK completed"
+		fi
 	fi
 
 	# Convert number of days to a timestamp in seconds
@@ -5917,7 +5925,8 @@ while :; do
 	-S|--silent-ssl)
 		empty_ok=1
 		export EASYRSA_SILENT_SSL=1
-		save_EASYRSA_SILENT_SSL=1
+		# This will probably be need
+		#save_EASYRSA_SILENT_SSL=1
 		;;
 	--no-safe-ssl)
 		empty_ok=1