From df37955f4a11cba109750ef21e0561bd190105c9 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Sun, 28 Aug 2022 16:36:28 +0100
Subject: [PATCH] build-ca: Assign default sub-CA commonName and enable SSL
 interactive

Squashed commit of the following:

commit 5e9609873a01dd358e3a4c6928fc553e5257d8ea
Merge: ed54b1a 42bfae4
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date:   Sun Aug 28 14:44:13 2022 +0100

    Merge branch 'subca-default-cn' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-subca-default-cn

    Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

commit 42bfae4673996307107964be0fc8b15883072d31
Author: Richard T Bonhomme <tincantech@protonmail.com>
Date:   Sat Aug 27 13:20:41 2022 +0100

    build-ca: Assign default sub-CA commonName and enable SSL interactive

    When building a CA/SubCA, if a commonName has not been assigned by --req-cn
    then assign a default commonName, of either:
    * 'Easy-RSA CA' or 'Easy-RSA Sub-CA'.

    If a default commonName has been assigned then use SSL interactive mode
    to edit/confirm each of the subject fields individually. Otherwise, use
    EasyRSA to confirm all of the subject fields with a single prompt.

    Closes: #659

    Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index eee7bc6..ddeb956 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -472,7 +472,7 @@ Distinguished Name mode:
   --dn-mode=MODE    : Distinguished Name mode to use 'cn_only' or 'org'
                       (Default: 'cn_only')
 
-  --req-cn=NAME     : Set commonNama for CA/SubCA ONLY. Default 'Easy-RSA CA'
+  --req-cn=NAME     : Set commonName for CA/SubCA ONLY. Default 'Easy-RSA CA'
 
   Distinguished Name Organizational options: (only used with '--dn-mode=org')
   --req-c=CC           : country code (2-letters)
@@ -1249,13 +1249,20 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
 	printf '%s\n' "01" > "$EASYRSA_PKI/serial" || die "$err_file"
 
 	# Default CA commonName
-	[ "$EASYRSA_REQ_CN" = ChangeMe ] && export EASYRSA_REQ_CN="Easy-RSA CA"
-
-	# Do not use prompting from SSL config
-	ssl_batch=1
+	if [ "$EASYRSA_REQ_CN" = ChangeMe ]; then
+		if [ "$sub_ca" ]; then
+			export EASYRSA_REQ_CN="Easy-RSA Sub-CA"
+		else
+			export EASYRSA_REQ_CN="Easy-RSA CA"
+		fi
+		unsest -v ssl_batch
+	else
+		# Do not use prompting from SSL config
+		ssl_batch=1
+	fi
 
 	# Get user confirmation here, not while in SSL
-	if [ "$EASYRSA_BATCH" ]; then
+	if [ "$EASYRSA_BATCH" ] || [ -z "$ssl_batch" ]; then
 		: # ok
 	else
 		case "$EASYRSA_DN" in