From f92fa738a916c8b9c179029d467d3296d84cc129 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Mon, 1 May 2023 20:32:49 +0100
Subject: [PATCH] gen-req, sign-req, build-full: Verify requirements correctly

* gen-req: Use verify_pki_init().
* sign-req: Use verify_ca_init().
* build-full: Defer requirements to functions above.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 81a9441..9fbff3a 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -1729,6 +1729,9 @@ DH parameters of size $EASYRSA_KEY_SIZE created at:
 
 # gen-req and key backend:
 gen_req() {
+	# Verify PKI has been initialised
+	verify_pki_init
+
 	# pull filename, use as default interactive CommonName
 	[ "$1" ] || die "\
 Error: gen-req must have a file base as the first argument.
@@ -1756,9 +1759,6 @@ Run easyrsa without commands for usage and commands."
 
 	shift # scrape off file-name
 
-	# Verify PKI has been initialised
-	verify_pki_init
-
 	# function opts support
 	while [ "$1" ]; do
 		case "$1" in
@@ -1860,6 +1860,9 @@ Keypair and certificate request completed. Your files are:
 
 # common signing backend
 sign_req() {
+	# CA is required to sign
+	verify_ca_init
+
 	crt_type="$1"
 	req_in="$EASYRSA_PKI/reqs/$2.req"
 	crt_out="$EASYRSA_PKI/issued/$2.crt"
@@ -2114,8 +2117,6 @@ Certificate created at:
 # common build backend
 # used to generate+sign in 1 step
 build_full() {
-	verify_ca_init
-
 	# pull filename base:
 	[ "$2" ] || die "\
 Error: didn't find a file base name as the first argument.