From 5343fbba1e60814fa5cb08f981b90dc79855e6b5 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Fri, 7 Jun 2024 19:18:23 +0100
Subject: [PATCH] Do not set EASYRSA_SSL_CONF to the generated GLOBAL SSL
 config file

Keeping EASYRSA_SSL_CONF separate from OPENSSL_CONF, until OPENSSL_CONF
is required by easyrsa_openssl(), allows each file to be independently
created, so that their existence does not interfere with each other.

Correct the type of SSL config created for write_easyrsa_ssl_cnf_tmp()
(Simple and annoying over-sight).

Correct some verbose output.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 0171092ff..60cefbf2a 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -4434,10 +4434,6 @@ verify_working_env - easyrsa_mktemp global_safe_ssl_cnf_tmp"
 	write safe-cnf > "$global_safe_ssl_cnf_tmp" || die "\
 verify_working_env - write safe-cnf"
 
-	# If EASYRSA_SSL_CONF is not set then use global SSL conf
-	[ "$EASYRSA_SSL_CONF" ] || \
-		export EASYRSA_SSL_CONF="$global_safe_ssl_cnf_tmp"
-
 	export OPENSSL_CONF="$global_safe_ssl_cnf_tmp"
 	verbose "GLOBAL - OPENSSL_CONF = $OPENSSL_CONF"
 } # => write_global_safe_ssl_cnf_tmp()
@@ -4542,7 +4538,7 @@ f97425686fa1976d436fa31f550641aa"
 write_easyrsa_ssl_cnf_tmp - easyrsa_mktemp"
 
 	# Honor EASYRSA_FORCE_SAFE_SSL
-	[ -z "$EASYRSA_FORCE_SAFE_SSL" ] || ssl_cnf_type=safe-ssl
+	[ -z "$EASYRSA_FORCE_SAFE_SSL" ] || ssl_cnf_type=safe-cnf
 
 	# Write SSL cnf to temp-file
 	write "$ssl_cnf_type" > "$ssl_cnf_tmp" || die "\
@@ -4552,7 +4548,7 @@ write_easyrsa_ssl_cnf_tmp - write $ssl_cnf_type: $ssl_cnf_tmp"
 	export EASYRSA_SSL_CONF="$ssl_cnf_tmp"
 	verbose "\
 write_easyrsa_ssl_cnf_tmp: $ssl_cnf_type \
-- EASYRSA_SSL_CONF = $ssl_cnf_tmp"
+- EASYRSA_SSL_CONF = $EASYRSA_SSL_CONF"
 
 	export OPENSSL_CONF="$EASYRSA_SSL_CONF"
 	verbose "LOCAL - OPENSSL_CONF = $OPENSSL_CONF"
@@ -4570,7 +4566,7 @@ write_x509_type_tmp() {
 		write "$type" > "$write_x509_file_tmp" || \
 			die "write_x509_type_tmp - write $type"
 
-		verbose "write_x509_type_tmp: $type COMPLETE"
+		verbose ": write_x509_type_tmp: $type COMPLETE"
 } # => write_x509_type_tmp()
 
 ############################################################################