From 2eda52061bb82dba8f12a1356eb37768adab0002 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Sun, 19 Feb 2023 21:37:30 +0000
Subject: [PATCH 1/2] sign-req: Only create a random serial number file when
 expected

When EASYRSA_RAND_SN="no", the file pki/serial file is not meant to
be updated by easyrsa. OpenSSL manages the file itself.

Move the code to write the file pki/serial with a random number,
inside the if condition for EASYRSA_RAND_SN, so the file is only
written to by easyrsa, when a random serial number is expected.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 90f25f1..4a92415 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -1765,12 +1765,12 @@ sign_req() {
 sign_req - Randomize Serial number failed:
 
 $check_serial"
-	fi
 
-	# Print random $serial to pki/serial file
-	# for use by SSL config
-	print "$serial" > "$EASYRSA_PKI/serial" || \
-		die "sign_req - write serial to file"
+		# Print random $serial to pki/serial file
+		# for use by SSL config
+		print "$serial" > "$EASYRSA_PKI/serial" || \
+			die "sign_req - write serial to file"
+	fi
 
 	verify_ca_init
 

From 436f77e88836278e525ca698a6edf5521c83d984 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Tue, 21 Feb 2023 22:01:16 +0000
Subject: [PATCH 2/2] ChangeLog; Only create a random serial number file when
 expected (#896)

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 ChangeLog | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ChangeLog b/ChangeLog
index 324ca6a..d1d33b5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 Easy-RSA 3 ChangeLog
 
 3.1.3 (ETA: 2023-10-13)
+   * Only create a random serial number file when expected (#896)
    * Option --fix-offset: Adjust off-by-one day (#847)
 
 3.1.2 (2023-01-13)