From fdcaf6cf79c23ed7a234f2a78ba5490c4e502edf Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Wed, 27 Apr 2022 02:40:11 +0100
Subject: [PATCH] revoke(): Purge unquoted $opts + General improvements

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 40 +++++++++++++++++++++++++++-------------
 1 file changed, 27 insertions(+), 13 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index b69aaad..f46ae20 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -1385,19 +1385,27 @@ revoke() {
 	verify_ca_init
 
 	# pull filename base:
-	[ -n "$1" ] || die "\
+	[ "$1" ] || die "\
 Error: didn't find a file base name as the first argument.
 Run easyrsa without commands for usage and command help."
-	crt_in="$EASYRSA_PKI/issued/$1.crt"
 
-	opts=""
-	if [ "$2" ]; then
-		opts="$opts -crl_reason $2"
+	# Assign file_name_base and dust off!
+	file_name_base="$1"
+	shift
+	crt_in="$EASYRSA_PKI/issued/$file_name_base.crt"
+
+	# Assign possible "crl_reason"
+	if [ "$1" ]; then
+		crl_reason="$1"
+		shift
+	else
+		unset -v crl_reason
 	fi
 
-	verify_file x509 "$crt_in" || die "\
-Unable to revoke as the input file is not a valid certificate. Unexpected
-input in file: $crt_in"
+	# Enforce syntax
+	if [ "$1" ]; then
+		die "Syntax error: $1"
+	fi
 
 	# confirm operation by displaying DN:
 	confirm "Continue with revocation: " "yes" "
@@ -1411,13 +1419,19 @@ $(display_dn x509 "$crt_in")
 Unable to revoke as no certificate was found. Certificate was expected
 at: $crt_in"
 
-	# shellcheck disable=SC2086 # Ignore unquoted variables
-	easyrsa_openssl ca -utf8 -revoke "$crt_in" $opts \
-		${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} || die "\
-Failed to revoke certificate: revocation command failed."
+	# Verify certificate
+	verify_file x509 "$crt_in" || die "\
+Unable to revoke as the input file is not a valid certificate. Unexpected
+input in file: $crt_in"
+
+	# Revoke it
+	easyrsa_openssl ca -utf8 -revoke "$crt_in" \
+		${crl_reason+ -crl_reason "$crl_reason"} \
+		${EASYRSA_PASSIN:+ -passin "$EASYRSA_PASSIN"} \
+			|| die "Failed to revoke certificate: revocation command failed."
 
 	# move revoked files so we can reissue certificates with the same name
-	move_revoked "$1"
+	move_revoked "$file_name_base"
 
 	[ "$EASYRSA_SILENT" ] || print # Separate Notice below
 	notice "\