Minor reformat: escape_hazard(), expand_ssl_config(), easyrsa_openssl()

Signed-off-by: Richard T Bonhomme <[email protected]>

easyrsa3/easyrsa

@@ -830,7 +830,7 @@ remove_secure_session: DELETED: $secured_session"
 			EASYRSA_SSL_CONF OPENSSL_CONF
 		return
 	fi
-	die "remove_secure_session: $secured_session"
+	die "remove_secure_session Failed: $secured_session"
 } # => remove_secure_session()
 
 # 'mkdir' wrapper, broken by win11, which fails without error
@@ -1025,21 +1025,16 @@ Temporary session not preserved."
 # This is required for all SSL libs, otherwise,
 # there are unacceptable differences in behavior
 escape_hazard() {
-	if [ "$EASYRSA_FORCE_SAFE_SSL" ]; then
-		# Always run
+	if [ "$EASYRSA_FORCE_SAFE_SSL" ]; then # Always run
 		verbose "escape_hazard: FORCED"
-	elif [ "$working_safe_org_conf" ]; then
-		# Has run once
+	elif [ "$working_safe_org_conf" ]; then # Has run once
 		verbose "escape_hazard: BYPASSED"
 		return
-	else
-		# Run once
+	else # Run once
 		verbose "escape_hazard: RUN-ONCE"
+		working_safe_org_conf=1 # Set run once
 	fi
 
-	# Set run once
-	working_safe_org_conf=1
-
 	# Assign temp-file
 	escape_hazard_tmp=""
 	easyrsa_mktemp escape_hazard_tmp || die \
@@ -1055,37 +1050,30 @@ export EASYRSA_REQ_OU=\"$EASYRSA_REQ_OU\"
 export EASYRSA_REQ_EMAIL=\"$EASYRSA_REQ_EMAIL\"
 export EASYRSA_REQ_SERIAL=\"$EASYRSA_REQ_SERIAL\"\
 " | sed -e s\`'\&'\`'\\\&'\`g \
-		-e s\`'\$'\`'\\\$'\`g \
-			> "$escape_hazard_tmp" || die "\
-escape_hazard - Failed to write temp-file"
+		-e s\`'\$'\`'\\\$'\`g \ > "$escape_hazard_tmp" || \
+			die "escape_hazard - Failed to write temp-file"
 
 	# Reload fields from fully escaped temp-file
 	# shellcheck disable=1090 # Non-constant source
 	. "$escape_hazard_tmp"
-
 	verbose "escape_hazard: COMPLETED"
 } # => escape_hazard()
 
 # Replace environment variable names with current value
 # and write to temp-file or return error from sed
 expand_ssl_config() {
-	if [ "$EASYRSA_FORCE_SAFE_SSL" ]; then
-		# Always run
+	if [ "$EASYRSA_FORCE_SAFE_SSL" ]; then # Always run
 		verbose "expand_ssl_config: FORCED"
-	elif [ "$working_safe_ssl_conf" ]; then
-		# Has run once
+	elif [ "$working_safe_ssl_conf" ]; then # Has run once
 		verbose "expand_ssl_config: BYPASSED"
 		return
-	elif [ "$ssl_lib" = libressl ]; then
-		# Always run
+	elif [ "$ssl_lib" = libressl ]; then # LibreSSL Always run
 		verbose "expand_ssl_config: REQUIRED"
-	elif [ "$ssl_lib" = openssl ]; then
-		# OpenSSl does not require a safe config
+	elif [ "$ssl_lib" = openssl ]; then # OpenSSL not required
 		verbose "expand_ssl_config: IGNORED"
 		return
 	else
-		# do NOT Run
-		die "expand_ssl_config: EXCEPTION"
+		die "expand_ssl_config: EXCEPTION" # do NOT Run
 	fi
 
 	# Set run once
@@ -1094,12 +1082,11 @@ expand_ssl_config() {
 
 	# Assign temp-file
 	safe_ssl_cnf_tmp=""
-	easyrsa_mktemp safe_ssl_cnf_tmp || die "\
-expand_ssl_config - \
-easyrsa_mktemp safe_ssl_cnf_tmp"
+	easyrsa_mktemp safe_ssl_cnf_tmp || die \
+		"expand_ssl_config - easyrsa_mktemp safe_ssl_cnf_tmp"
 
 	# Rewrite
-	# shellcheck disable=SC2016 # No expand '' - expand_ssl_config()
+	# shellcheck disable=SC2016 # No expand ''
 	if sed \
 \
 -e s\`'$dir'\`\
@@ -1155,18 +1142,13 @@ easyrsa_mktemp safe_ssl_cnf_tmp"
 		fi
 
 	export EASYRSA_SSL_CONF="$safe_ssl_cnf_tmp"
-	verbose "\
-expand_ssl_config: EASYRSA_SSL_CONF = $EASYRSA_SSL_CONF"
+	verbose \
+		"expand_ssl_config: EASYRSA_SSL_CONF = $EASYRSA_SSL_CONF"
 } # => expand_ssl_config()
 
 # Easy-RSA meta-wrapper for SSL
 # WARNING: Running easyrsa_openssl in a subshell
 # will hide error message and verbose messages
-#
-# The expansion here takes place on EASYRSA_SSL_CONF,
-# which may have already been replaced by a temp-file
-# with the extensions having been inserted by build-ca,
-# sign-req or gen-req.
 easyrsa_openssl() {
 	openssl_command="$1"; shift
 
@@ -1178,8 +1160,7 @@ easyrsa_openssl() {
 
 	# Do not allow 'rand' here, see easyrsa_random()
 	case "$openssl_command" in
-		rand)
-			die "easyrsa_openssl: Illegal SSL command: rand"
+		rand) die "easyrsa_openssl: Illegal SSL command: rand"
 	esac
 
 	# Use local SSL cnf