nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'update-openssl-conf-warn' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-update-openssl-conf-warn

Browse Source 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2023-05-01 21:57:29 +01:00
commit cbe3f9b70b
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 35 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
easyrsa3/easyrsa
View File

@ -1481,18 +1481,6 @@ Missing X509-type 'ca'"
[ -e "$EASYRSA_EXT_DIR/COMMON" ] || die "\ [ -e "$EASYRSA_EXT_DIR/COMMON" ] || die "\
Missing X509-type 'COMMON'" Missing X509-type 'COMMON'"
# Check for insert-marker in ssl config file
if grep -q '^#%CA_X509_TYPES_EXTRA_EXTS%' \
"$EASYRSA_SSL_CONF"
then
: # [ "$EASYRSA_BATCH" ] || print
else
warn "\
This openssl config file does not support X509-type 'ca'.
* $EASYRSA_SSL_CONF
Please update openssl-easyrsa.cnf to the latest release."
fi
# create necessary dirs: # create necessary dirs:
err_msg="\ err_msg="\
Unable to create necessary PKI files (permissions?)" Unable to create necessary PKI files (permissions?)"
@ -1530,6 +1518,21 @@ Unable to create necessary PKI files (permissions?)"
fi fi
fi fi
# Check for insert-marker in ssl config file
if [ "$EASYRSA_EXTRA_EXTS" ]; then
if ! grep -q '^#%CA_X509_TYPES_EXTRA_EXTS%' \
"$EASYRSA_SSL_CONF"
then
die "\
This openssl config file does \
not support X509-type 'ca'.
* $EASYRSA_SSL_CONF
Please update 'openssl-easyrsa.cnf' \
to the latest Easy-RSA release."
fi
fi
# Assign cert and key temp files # Assign cert and key temp files
out_key_tmp="" out_key_tmp=""
easyrsa_mktemp out_key_tmp || \ easyrsa_mktemp out_key_tmp || \
@ -1538,7 +1541,6 @@ Unable to create necessary PKI files (permissions?)"
easyrsa_mktemp out_file_tmp || \ easyrsa_mktemp out_file_tmp || \
die "build_ca - easyrsa_mktemp out_file_tmp" die "build_ca - easyrsa_mktemp out_file_tmp"
# Get passphrase from user if necessary # Get passphrase from user if necessary
if [ "$EASYRSA_NO_PASS" ] if [ "$EASYRSA_NO_PASS" ]
then then
@ -1579,7 +1581,12 @@ Unable to create necessary PKI files (permissions?)"
fi fi
fi fi
# Insert x509-types COMMON and 'ca' and EASYRSA_EXTRA_EXTS # Assign tmp-file for config
conf_tmp=""
easyrsa_mktemp conf_tmp || \
die "build_ca - easyrsa_mktemp conf_tmp"
# Assign awkscript to insert EASYRSA_EXTRA_EXTS
# shellcheck disable=SC2016 # vars don't expand in '' # shellcheck disable=SC2016 # vars don't expand in ''
awkscript='\ awkscript='\
{if ( match($0, "^#%CA_X509_TYPES_EXTRA_EXTS%") ) {if ( match($0, "^#%CA_X509_TYPES_EXTRA_EXTS%") )
@ -1587,10 +1594,7 @@ Unable to create necessary PKI files (permissions?)"
{print} {print}
}' }'
# Assign tmp-file for config # Insert x509-types COMMON and 'ca' and EASYRSA_EXTRA_EXTS
conf_tmp=""
easyrsa_mktemp conf_tmp || \
die "build_ca - easyrsa_mktemp conf_tmp"
{ {
cat "$EASYRSA_EXT_DIR/ca" "$EASYRSA_EXT_DIR/COMMON" cat "$EASYRSA_EXT_DIR/ca" "$EASYRSA_EXT_DIR/COMMON"
[ "$EASYRSA_EXTRA_EXTS" ] && print "$EASYRSA_EXTRA_EXTS" [ "$EASYRSA_EXTRA_EXTS" ] && print "$EASYRSA_EXTRA_EXTS"
@ -1946,11 +1950,12 @@ $check_serial"
if ! grep -q '^#%COPY_EXTS%' "$EASYRSA_SSL_CONF" if ! grep -q '^#%COPY_EXTS%' "$EASYRSA_SSL_CONF"
then then
die "\ die "\
The copy of openssl-easyrsa.cnf in use \ This openssl config file does \
does not support --copy-ext. not support option '--copy-ext'.
* $EASYRSA_SSL_CONF * $EASYRSA_SSL_CONF
Please update openssl-easyrsa.cnf \
to the latest official release." Please update 'openssl-easyrsa.cnf' \
to the latest Easy-RSA release."
fi fi
# Setup & insert the copy_extensions data # Setup & insert the copy_extensions data