From 289444ca7d0c0d4c1c657132df9a39fc17721036 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Thu, 13 Apr 2023 14:40:40 +0100
Subject: [PATCH] Windows: Warn when using Windows default location in 'Program
 Files'

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index d1b0368..37eb3bd 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -4865,6 +4865,20 @@ EasyRSA '$cmd' does not support --startdate or --enddate"
 				unset -v EASYRSA_START_DATE EASYRSA_END_DATE
 		esac
 	fi
+
+	if [ "$easyrsa_host_os" = win ]; then
+		if echo "$PWD" | grep -q '/P.*/OpenVPN/easy-rsa'; then
+			warn "\
+Using Windows-System-Folders for your PKI is NOT SECURE!
+Your Easy-RSA PKI CA Private Key is WORLD readable.
+
+To correct this problem, it is recommended that you either:
+* Copy Easy-RSA to your User folders and run it from there, OR
+* Define your PKI to be in your User folders. EG:
+  'easyrsa --pki-dir=C:/Users/<your-user-name>/easy-rsa/pki\"'\
+ <command>"
+		fi
+	fi
 } # => mutual_exclusions()
 
 # vars setup