The config file is unambiguously and previously created by
install_data_to_pki().
The config file location is exported in the previous command.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This code injection 'attempted' to insert a temp-file created with
EASYRSA_EXTRA_EXTS data. The insertion would take place at the awk
script marker "^#%EXTRA_EXTS%". However, this marker has already
been replaced by gen_req(), thus the condition to insert the code
was never met and the code injection has never taken place.
Testing this, I created a new marker for this injection to key from
and, due to the file-name variable not having been quoted, the test
fails when the file name has a space in it.
General tidy-up of easyrsa_openssl()
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Make detecting all vars files more simple and robust.
Improve warning and error messages.
Favour PKI/vars, wiith bias.
* Minor changes to output format for warn() and notice()
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Using single quotes in the vars file does not work:
* Either the vars file syntax is corrupted by an unescaped single quote.
* Or the SSL library will drop the single quote from the signed certificate.
Changes:
* Sanitize vars.example - Remove all single quotes.
* Search vars for single quote before sourcing it.
Closes: #34
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Easy-RSA uses unquoted expansion.
Each instance of SC2086 has been vetted, accepted and ignored.
shellcheck will still find new exceptions.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
1. Name All supported vars files
2. Search for each supported vars file
3. Only allow One (or None) supported vars file to exist.
4. Prefer PKI/vars file.
5. Warn for All other deprecated vars files, if they exist.
6. Warn for NO vars file found and prefer PKI/vars.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
New standards introduced:
* Use '-e' to test for existence not '-f' file.
* Only use '-z' not '-n', more visually distinct.
Minor code improvement: Use 'if command' to test for success.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Add:
* Prefer 'PKI/vars' over all other locations (#528)
* Introduce 'init-pki soft' option (#197)
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Tidy up comments.
Silence spurious warning about 'vars not found'.
Only show which vars are found if more than one exists.
Minor code improvements.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
If an inline file is found that matches the certificate being revoked
or renewed then it will be removed, pending standard confirmation.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Note:
Also added command line option 'text' to include the request text
in the request file.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
vars_setup() now ignores some setup when this is 'init-pki'.
* Do not set anything which requires a PKI.
Remove some undocumented commands, which are known to break Windows.
Find 'vars' in preferred locations and only allow ONE instance.
* Probably a breaking change but only where things are already broken.
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
