Merge branch 'TinCanTech-EASYRSA_DISABLE_INLINE'

Signed-off-by: Richard T Bonhomme <[email protected]>
OpenVPN · Oct 23, 2024 · 0115928 · 0115928
2 parents 7f07228 + 75b9313
commit 0115928
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 3 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -2,6 +2,7 @@ Easy-RSA 3 ChangeLog
 
 3.2.2 (TBD)
 
+   * New global variable 'EASYRSA_DISABLE_INLINE' (ad257ab) (#1245)
    * bugfix: revoke, renew: Remove pki/inline/private/$file.inline (febef85) (#1244)
      Initial bug report #1242 (Minor)
      Stop removing old credentials file pki/$file.creds (a871e9c)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
@@ -1461,7 +1461,7 @@ Please delete the key above that is no longer in use."
 
 	# new dirs:
 	easyrsa_mkdir "$EASYRSA_PKI"
-	for i in issued private reqs inline; do
+	for i in issued private reqs; do
 		easyrsa_mkdir "${EASYRSA_PKI}/$i"
 	done
 
@@ -2976,8 +2976,16 @@ See error messages above for details."
 
 # Generate inline file V2
 inline_file() {
+	# Allow complete disable
+	[ "$EASYRSA_DISABLE_INLINE" ] && return
+
+	# definitive source
 	[ "$1" ] || die "inline_file - Missing file_name_base"
 
+	# make inline dirs
+	easyrsa_mkdir "$EASYRSA_PKI"/inline
+	easyrsa_mkdir "$EASYRSA_PKI"/inline/private
+
 	# Source files
 	crt_source="${EASYRSA_PKI}/issued/${1}.crt"
 	key_source="${EASYRSA_PKI}/private/${1}.key"
@@ -2987,8 +2995,6 @@ inline_file() {
 
 	# output
 	inline_out="${EASYRSA_PKI}/inline/${1}.inline"
-	easyrsa_mkdir "$EASYRSA_PKI"/inline
-	easyrsa_mkdir "$EASYRSA_PKI"/inline/private
 	print "\
 # Inline files in the 'private' directory contain security keys which
 # MUST only be transmitted over a secure connection, such as 'scp'." \
@@ -5297,6 +5303,10 @@ fi
 #set_var	EASYRSA_KU_CRIT		1
 #set_var	EASYRSA_EKU_CRIT	1
 #set_var	EASYRSA_SAN_CRIT	1
+
+# Disable automatic inline files
+#
+#set_var	EASYRSA_DISABLE_INLINE	1
 CREATE_VARS_EXAMPLE
 		;;
 	ssl-cnf|safe-cnf)

diff --git a/easyrsa3/vars.example b/easyrsa3/vars.example
@@ -174,6 +174,10 @@ fi
 #set_var	EASYRSA_EKU_CRIT	1
 #set_var	EASYRSA_SAN_CRIT	1
 
+# Disable automatic inline files
+#
+#set_var	EASYRSA_DISABLE_INLINE	1
+
 # Support deprecated "Netscape" extensions? (choices "yes" or "no").
 # The default is "no", to discourage use of deprecated extensions.
 # If you require this feature to use with --ns-cert-type, set this to "yes".