From b17499d2efca29b1c17c6ef16091f081f3128c6e Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Fri, 29 Apr 2022 13:57:10 +0100 Subject: [PATCH] Option '--copy-ext' insert "copy_extensions = copy" into config For '--copy-ext' the "copy_extensions = copy" must be inserted into the SSL config file, section [defaul_ca]. As with all other insertions, use the same 'awk' script with a new label '%COPY_EXTS%'. Closes: #548 Signed-off-by: Richard T Bonhomme --- easyrsa3/easyrsa | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index e0f991f..cd24375 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -1246,14 +1246,31 @@ Request subject, to be signed as a $crt_type certificate for $EASYRSA_CERT_EXPIR $(display_dn req "$req_in") " # => confirm end + # When EASYRSA_CP_EXT is defined, adjust openssl's [default_ca] section: + if [ -n "$EASYRSA_CP_EXT" ]; then + # Setup & insert the copy_extensions data keyed by a magic line + copy_exts="copy_extensions = copy" + # shellcheck disable=SC2016 # vars don't expand in single quote + awkscript=' +{if ( match($0, "^#%COPY_EXTS%") ) + { while ( getline<"/dev/stdin" ) {print} next } + {print} +}' + conf_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file" + print "$copy_exts" | \ + awk "$awkscript" "$EASYRSA_SSL_CONF" \ + > "$conf_tmp" \ + || die "Copying SSL config to temp file failed" + # Use this new SSL config for the rest of this function + EASYRSA_SSL_CONF="$conf_tmp" + fi + # Generate the extensions file for this cert: ext_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file" { # Append first any COMMON file (if present) then the cert-type extensions cat "$EASYRSA_EXT_DIR/COMMON" cat "$EASYRSA_EXT_DIR/$crt_type" - # copy req extensions - [ "$EASYRSA_CP_EXT" ] && print "copy_extensions = copy" # Support a dynamic CA path length when present: [ "$crt_type" = "ca" ] && [ -n "$EASYRSA_SUBCA_LEN" ] && \