diff --git a/ChangeLog b/ChangeLog index feb13fce6..6e47f26ca 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ Easy-RSA 3 ChangeLog PENDING: Branch-merge: v3.2.0-beta2 (#1055) * Always use here-doc version of openssl-easyrsa.cnf (2a8c0de) Only use here-doc if the current version is recognised by sha256 hash. + This will DELETE any default version of openssl-easyrsa.cnf * export-p12: New command option 'legacy'. OpenSSL V3 Only (f8514de) Fallback to encryption algorithm RC2_CBC or 3DES_CBC * export-p12: Always set 'friendlyName' to file-name-base (da9e594) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 1f89d722b..c49373bff 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -5346,6 +5346,7 @@ ${unexpected_error}" # Verify working environment verify_working_env() { + verbose "verify_working_env: BEGIN" # For commands which 'require a PKI' and PKI exists if [ "$require_pki" ]; then # Verify PKI is initialised @@ -5354,6 +5355,7 @@ verify_working_env() { # Temp dir session and default SSL conf file if [ -z "$secured_session" ]; then secure_session + # Verify or create temp EASYRSA_SSL_CONF write_easyrsa_ssl_cnf_tmp fi @@ -5365,6 +5367,20 @@ verify_working_env() { if [ "$require_ca" ]; then verify_ca_init fi + else + # For commands that do not require a PKI + # but do require a temp-dir, eg. 'write' + # If there is a valid temp-dir: + # Create temp-session and openssl-easyrsa.cnf (Temp) now + if [ -d "$EASYRSA_TEMP_DIR" ]; then + # Temp dir session and default SSL conf file + if [ -z "$secured_session" ]; then + secure_session + + # Verify or create: EASYRSA_SSL_CONF + write_easyrsa_ssl_cnf_tmp + fi + fi fi verbose "verify_working_env: COMPLETED Handover-to: $cmd" } # => verify_working_env() @@ -6313,21 +6329,6 @@ locate_support_files # Verify SSL Lib - One time ONLY verify_ssl_lib -# If there is a valid temp-dir: -if [ "$require_pki" ]; then - # taken care of later by verify_working_env() - : -else - # Create temp-session and openssl-easyrsa.cnf (Temp) now - if [ -d "$EASYRSA_TEMP_DIR" ]; then - # Temp dir session and default SSL conf file - secure_session - - # Verify or create: EASYRSA_SSL_CONF - write_easyrsa_ssl_cnf_tmp - fi -fi - # Check $working_safe_ssl_conf, to build # a fully configured safe ssl conf, on the # next invocation of easyrsa_openssl() @@ -6476,7 +6477,7 @@ case "$cmd" in easyrsa_exit_with_error=1 ;; write) - # verify_working_env - Not required + verify_working_env # Write legacy files to write_dir # or EASYRSA_PKI or EASYRSA case "$1" in