From e1a065540f3623b3b2e68b7c5b8e2762b954671b Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Fri, 8 Dec 2023 21:18:14 +0000 Subject: [PATCH] Introduce write_easyrsa_ssl_cnf_tmp(): Verify/create EASYRSA_SSL_CONF Replace use of copy_data_to_pki(), which copies an existing file to the PKI, by verifying that EASYRSA_SSL_CONF points to a file or create a temp-file to be used in place. This allows removing openssl-easyrsa.cnf file from the repository. Signed-off-by: Richard T Bonhomme --- easyrsa3/easyrsa | 35 ++++++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 71a6cab4f..6449225ab 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -1425,17 +1425,6 @@ install_data_to_pki: $context - COMPLETED" return fi - # Check PKI is updated - Omit unnecessary checks - if [ -e "${EASYRSA_PKI}/${ssl_cnf_file}" ]; then - : # ok - else - create_openssl_easyrsa_cnf > \ - "${EASYRSA_PKI}/${ssl_cnf_file}" || die "\ -install_data_to_pki - Missing: '$ssl_cnf_file'" - verbose "\ -install_data_to_pki: $context - create_openssl_easyrsa_cnf OK" - fi - [ -d "$EASYRSA_EXT_DIR" ] || verbose "\ install_data_to_pki: $context - Missing: '$x509_types_dir'" verbose "install_data_to_pki: $context - COMPLETED" @@ -5121,6 +5110,7 @@ select_vars() { [ "$require_pki" ] && information "\ No Easy-RSA 'vars' configuration file exists!" # select_vars failed to find a vars file + verbose "select_vars: No vars" return 1 fi } # => select_vars() @@ -5347,6 +5337,9 @@ verify_working_env() { secure_session || die "\ verify_working_env - secure-session failed" + # Verify or create: EASYRSA_SSL_CONF + write_easyrsa_ssl_cnf_tmp + # Install data-files into ALL PKIs # This will find x509-types # and export EASYRSA_EXT_DIR or die. @@ -5641,6 +5634,26 @@ fi VARS_EXAMPLE } # => create_vars_example() +# Verify: $EASYRSA_SSL_CONF pki/openssl-easyrsa.cnf +# or create temp-file +write_easyrsa_ssl_cnf_tmp() { + [ -f "$EASYRSA_SSL_CONF" ] && return + + # Create temp-file + ssl_cnf_tmp= + easyrsa_mktemp ssl_cnf_tmp || die "\ +write_easyrsa_ssl_cnf_tmp - easyrsa_mktemp" + + # Write SSL cnf to temp-file + create_openssl_easyrsa_cnf > "$ssl_cnf_tmp" || die "\ +write_easyrsa_ssl_cnf_tmp - create_openssl_easyrsa_cnf" + + # export SSL cnf tmp + export EASYRSA_SSL_CONF="$ssl_cnf_tmp" + verbose "\ +write_easyrsa_ssl_cnf_tmp: create_openssl_easyrsa_cnf OK" +} # => write_easyrsa_ssl_cnf_tmp() + # Create openssl-easyrsa.cnf create_openssl_easyrsa_cnf() { cat << "SSL_CONFIG"