Command gen-req: Re-enable global option --req-cn - Includes build_fu…

…ll() This allows disconnecting 'commonName' from "$file_name_base". Tested. Signed-off-by: Richard T Bonhomme <[email protected]>
OpenVPN · Jun 16, 2024 · 5cf8c46 · 5cf8c46
1 parent 5e9cdb3
commit 5cf8c46
Showing 1 changed file with 11 additions and 23 deletions.
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
@@ -2159,13 +2159,10 @@ Run easyrsa without commands for usage and commands."
 		ssl_batch=1
 	fi
 
-	# Prohibit --req-cn
-	[ "$EASYRSA_REQ_CN" = ChangeMe ] || user_error "\
-Option conflict --req-cn:
-* '$cmd' does not support setting an external commonName"
-
-	# Enforce commonName
-	export EASYRSA_REQ_CN="$file_name_base"
+	# Set commonName
+	if [ "$EASYRSA_REQ_CN" = ChangeMe ]; then
+		export EASYRSA_REQ_CN="$file_name_base"
+	fi
 
 	# create local SSL cnf
 	write_easyrsa_ssl_cnf_tmp
@@ -2316,14 +2313,6 @@ expected 2, got $# (see command help for usage)"
 	crt_out="$EASYRSA_PKI/issued/$file_name_base.crt"
 	shift 2
 
-	# Prohibit --req-cn
-	[ "$EASYRSA_REQ_CN" = ChangeMe ] || user_error "\
-Option conflict --req-cn:
-* '$cmd' does not support setting an external commonName"
-
-	# Enforce commonName
-	export EASYRSA_REQ_CN="$file_name_base"
-
 	# create local SSL cnf
 	write_easyrsa_ssl_cnf_tmp
 
@@ -2547,6 +2536,13 @@ Failed to create temp extension file (bad permissions?) at:
 * $ext_tmp"
 	verbose "sign_req: Generated extensions file OK"
 
+	# Get request CN
+	EASYRSA_REQ_CN="$(
+		"$EASYRSA_OPENSSL" req -utf8 -in "$req_in" -noout \
+			-subject -nameopt multiline | grep 'commonName'
+	)" || warn "sign-req - EASYRSA_REQ_CN FAILED"
+	EASYRSA_REQ_CN="${EASYRSA_REQ_CN##*= }"
+
 	# Set confirm CN
 	confirm_CN="  Requested CN:   '$EASYRSA_REQ_CN'"
 
@@ -2781,11 +2777,6 @@ Warning!
 An inline file for name '$name' already exists:
 * $inline_out"
 
-	# Set commonName
-	[ "$EASYRSA_REQ_CN" = ChangeMe ] || user_error "\
-Option conflict --req-cn:
-* '$cmd' does not support setting an external commonName"
-
 	# Set to modify sign-req confirmation message
 	do_build_full=1
 
@@ -2804,9 +2795,6 @@ Option conflict --req-cn:
 	# Require --copy-ext
 	export EASYRSA_CP_EXT=1
 
-	# Must be reset for nested commmands
-	export EASYRSA_REQ_CN=ChangeMe
-
 	# Sign it
 	verbose "build_full: BEGIN sign_req"
 	error_build_full_cleanup=1