From 783a8e03d84426e46942c131741746a3a1904505 Mon Sep 17 00:00:00 2001
From: Nikolaos Kakouros <nkak@kth.se>
Date: Mon, 9 May 2022 23:51:42 +0000
Subject: [PATCH] Always respect --vars=file

---
 easyrsa3/easyrsa | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 9aeca3f..6abc280 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -2717,7 +2717,8 @@ Priority should be given to your PKI vars file:
 	fi
 
 	# If $EASYRSA_NO_VARS is defined (not blank) then do not use vars
-	# if $no_pki_required then no vars is required.
+	# if $no_pki_required then located vars files are not required (user
+	# defined '--vars=file' is still respected though).
 	if [ "$EASYRSA_NO_VARS" ] || [ "$no_pki_required" ]; then
 		: # ok
 	else
@@ -3604,13 +3605,21 @@ trap "exit 14" 15
 cmd="$1"
 [ -n "$1" ] && shift # scrape off command
 
-# This avoids unnecessary warnings and notices
-case "$cmd" in
-	init-pki|clean-all) no_pki_required=1 ;;
-	""|help|-h|--help|--usage) no_pki_required=1 ;;
-	version) no_pki_required=1 ;;
-	*) unset -v no_pki_required
-esac
+# User defined '--vars=file' or defaults
+if [ "$EASYRSA_VARS_FILE" ]; then
+       # User defined --vars=file MUST be sourced, we trust the user knows
+       # better.
+       : # ok
+else
+	# This avoids unnecessary warnings and notices by, among others,
+	# skipping locating and loading vars files.
+	case "$cmd" in
+		init-pki|clean-all) no_pki_required=1 ;;
+		""|help|-h|--help|--usage) no_pki_required=1 ;;
+		version) no_pki_required=1 ;;
+		*) unset -v no_pki_required
+	esac
+fi
 
 # Get host details
 detect_host