From f6d8a9903b7266cecea9904b51d1b24c9e10321d Mon Sep 17 00:00:00 2001
From: Eric F Crist <ecrist@secure-computing.net>
Date: Sat, 15 Sep 2018 10:43:49 -0500
Subject: [PATCH] Chicken/Egg config writing fixed

Only write out the default config to EASYRSA_PKI during init-pki
function call.  Assume it's there or error out when appropriate.

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
---
 easyrsa3/easyrsa | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index c68f7b3..3a6ba78 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -415,7 +415,6 @@ $help_note"
 
 # init-pki backend:
 init_pki() {
-	vars_source_check
 
 	# If EASYRSA_PKI exists, confirm before we rm -rf (skiped with EASYRSA_BATCH)
 	if [ -e "$EASYRSA_PKI" ]; then
@@ -432,6 +431,11 @@ and initialize a fresh PKI here."
 	for i in private reqs; do
 		mkdir -p "$EASYRSA_PKI/$i" || die "Failed to create PKI file structure (permissions?)"
 	done
+	
+	if [ ! -f "$EASYRSA_PKI/openssl-easyrsa.cnf" -a -f "$EASYRSA/openssl-easyrsa.cnf" ];
+	then
+		cp "$EASYRSA/openssl-easyrsa.cnf" "$EASYRSA_PKI/openssl-easyrsa.cnf"
+	fi
 
 	notice "\
 init-pki complete; you may now create a CA or requests.
@@ -1180,18 +1184,15 @@ Note: using Easy-RSA configuration from: $vars"
 	set_var EASYRSA_REQ_CN		ChangeMe
 	set_var EASYRSA_DIGEST		sha256
 
-	# Detect openssl config, preferring EASYRSA_PKI over EASYRSA
-	if [ -f "$EASYRSA_PKI/openssl-easyrsa.cnf" ]; then
-		set_var EASYRSA_SSL_CONF	"$EASYRSA_PKI/openssl-easyrsa.cnf"
-		set_var EASYRSA_SAFE_CONF	"$EASYRSA_PKI/safessl-easyrsa.cnf"
-	else	set_var EASYRSA_SSL_CONF	"$EASYRSA/openssl-easyrsa.cnf"
-		set_var EASYRSA_SAFE_CONF	"$EASYRSA/safessl-easyrsa.cnf"
-	fi
+	set_var EASYRSA_SSL_CONF	"$EASYRSA_PKI/openssl-easyrsa.cnf"
+	set_var EASYRSA_SAFE_CONF	"$EASYRSA_PKI/safessl-easyrsa.cnf"
 
 	# Same as above for the x509-types extensions dir
 	if [ -d "$EASYRSA_PKI/x509-types" ]; then
 		set_var EASYRSA_EXT_DIR		"$EASYRSA_PKI/x509-types"
-	else	set_var EASYRSA_EXT_DIR		"$EASYRSA/x509-types"
+	else	
+		#TODO: This should be removed.  Not really suitable for packaging.
+		set_var EASYRSA_EXT_DIR		"$EASYRSA/x509-types"
 	fi
 
 	# EASYRSA_ALGO_PARAMS must be set depending on selected algo