Replace use of $EASYRSA_OPENSSL with easyrsa_openssl()

Use replaced in display_san() and display_dn(). verify_file(): Return status of SSL command. Wrap long lines x4. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
2022-12-03 21:34:31 +00:00 · 2022-12-03 21:34:31 +00:00 · c3943edd28
commit c3943edd28
parent 3caf0ec905
1 changed files with 24 additions and 16 deletions
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@ -3182,15 +3182,21 @@ display_san() {
 	shift 2

 	if echo "$EASYRSA_EXTRA_EXTS" | grep -q subjectAltName; then
-		print "$(echo "$EASYRSA_EXTRA_EXTS" | grep subjectAltName |
-			sed 's/^[[:space:]]*subjectAltName[[:space:]]*=[[:space:]]*//')"
-	else
-		san="$(
-			x509v3san="X509v3 Subject Alternative Name:"
-			"$EASYRSA_OPENSSL" "$format" -in "$path" -noout -text |
-			sed -n "/${x509v3san}/{n;s/ //g;s/IPAddress:/IP:/g;s/RegisteredID/RID/;p;}"
-			)"
+		# Print user defined SAN
+			print "$(\
+		echo "$EASYRSA_EXTRA_EXTS" | grep subjectAltName | \
+		sed 's/^[[:space:]]*subjectAltName[[:space:]]*=[[:space:]]*//'
+		)"

+	else
+		# Generate a SAN
+			san="$(
+		x509v3san="X509v3 Subject Alternative Name:"
+		easyrsa_openssl "$format" -in "$path" -noout -text | sed -n \
+		"/${x509v3san}/{n;s/ //g;s/IPAddress:/IP:/g;s/RegisteredID/RID/;p;}"
+		)"
+
+		# Print auto SAN
 		[ "$san" ] && print "$san"
 	fi
 } # => display_san()
@ -3205,7 +3211,7 @@ display_dn() {
 	# Display DN
 	name_opts="utf8,sep_multiline,space_eq,lname,align"
 	print "$(
-		"$EASYRSA_OPENSSL" "$format" -in "$path" -noout -subject \
+		easyrsa_openssl "$format" -in "$path" -noout -subject \
 			-nameopt "$name_opts"
 		)"

@ -3226,13 +3232,15 @@ default_server_san() {

 	# Extract CN from DN
 	cn="$(
-		easyrsa_openssl req -in "$path" -noout -subject -nameopt sep_multiline |
-		awk -F'=' '/^  *CN=/{print $2}'
+		easyrsa_openssl req -in "$path" -noout -subject \
+			-nameopt sep_multiline |
+				awk -F'=' '/^  *CN=/{print $2}'
 		)"

 	# See: https://github.com/OpenVPN/easy-rsa/issues/576
 	# Select default SAN
-	if echo "$cn" | grep -E -q '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'
+	if echo "$cn" | grep -q \
+		-E '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'
 	then
 		print "subjectAltName = IP:$cn"
 	else
@ -3281,7 +3289,8 @@ No certificate found for the input: '$crt_in'"
 Input is not a valid certificate: $crt_in"

 	# Test SSL out
-	if easyrsa_openssl verify -CAfile "$ca_crt" "$crt_in" 1>/dev/null; then
+	if easyrsa_openssl verify -CAfile "$ca_crt" "$crt_in" 1>/dev/null
+	then
 		notice "\
  Certificate name:   $file_name_base
  Verfication status: GOOD"
@ -3290,7 +3299,7 @@ Input is not a valid certificate: $crt_in"
 		notice "\
  Certificate name:   $file_name_base
  Verfication status: FAILED"
-		# Exit with error (cmd-opt: batch), otherwise terminal msg only
+		# Exit with error (batch mode), otherwise term msg only
 		[ "$exit_with_error" ] && easyrsa_error_exit=1
 		# Return error for internal callers (status reports)
 		return 1
@ -3301,8 +3310,7 @@ Input is not a valid certificate: $crt_in"
 verify_file() {
 	format="$1"
 	path="$2"
-	easyrsa_openssl "$format" -in "$path" -noout 2>/dev/null || return 1
-	return 0
+	easyrsa_openssl "$format" -in "$path" -noout 2>/dev/null
 } # => verify_file()

 # show-* command backend