From c057be75f870809ab4863f0f402fe558aaf6be4b Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Sat, 20 Jan 2024 02:59:53 +0000 Subject: [PATCH] Introduce temporary golbal option: --old-safe-ssl This forces using the old 'sed' expansion of 'openssl-easyrsa.cnf' and forces expansion of the SSL config for LibreSSL. This is temporary because the intention is to remove the old 'sed' expansion method, in favor of heredoc expansion. Signed-off-by: Richard T Bonhomme --- easyrsa3/easyrsa | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index f622a8875..cf890e0b4 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -563,6 +563,8 @@ General options: (Default config file is in the EasyRSA PKI directory) --force-safe-ssl: Always generate a safe SSL config file (Default: Generate Safe SSL config once per instance) +--old-safe-ssl: Always generate a safe SSL config file + As --force-safe-ssl but use 'sed' expansion. --tmp-dir=DIR : Declare the temporary directory (Default temporary directory is the EasyRSA PKI directory) @@ -985,7 +987,7 @@ escape_hazard() { fi # Only use if old 'sed' version is requested - if [ "$EASYRSA_SAFE_CNF_SED" ]; then + if [ "$EASYRSA_LEGACY_SAFE_SSL" ]; then : # ok else verbose "escape_hazard: REPLACED by heredoc expansion" @@ -1057,7 +1059,7 @@ easyrsa_mktemp safe_ssl_cnf_tmp" # Rewrite # Only use if old 'sed' version is requested # shellcheck disable=SC2016 # No expand '' - expand_ssl_config() - if [ "$EASYRSA_SAFE_CNF_SED" ]; then + if [ "$EASYRSA_LEGACY_SAFE_SSL" ]; then if sed \ \ -e s\`'$dir'\`\ @@ -6316,6 +6318,11 @@ while :; do empty_ok=1 export EASYRSA_FORCE_SAFE_SSL=1 ;; + --old-safe-ssl) + empty_ok=1 + export EASYRSA_FORCE_SAFE_SSL=1 + export EASYRSA_LEGACY_SAFE_SSL=1 + ;; --nopass|--no-pass) empty_ok=1 export EASYRSA_NO_PASS=1