diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index f6ae5c898..cbf89515c 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -830,7 +830,7 @@ remove_secure_session: DELETED: $secured_session" EASYRSA_SSL_CONF OPENSSL_CONF return fi - die "remove_secure_session: $secured_session" + die "remove_secure_session Failed: $secured_session" } # => remove_secure_session() # 'mkdir' wrapper, broken by win11, which fails without error @@ -1025,21 +1025,16 @@ Temporary session not preserved." # This is required for all SSL libs, otherwise, # there are unacceptable differences in behavior escape_hazard() { - if [ "$EASYRSA_FORCE_SAFE_SSL" ]; then - # Always run + if [ "$EASYRSA_FORCE_SAFE_SSL" ]; then # Always run verbose "escape_hazard: FORCED" - elif [ "$working_safe_org_conf" ]; then - # Has run once + elif [ "$working_safe_org_conf" ]; then # Has run once verbose "escape_hazard: BYPASSED" return - else - # Run once + else # Run once verbose "escape_hazard: RUN-ONCE" + working_safe_org_conf=1 # Set run once fi - # Set run once - working_safe_org_conf=1 - # Assign temp-file escape_hazard_tmp="" easyrsa_mktemp escape_hazard_tmp || die \ @@ -1055,37 +1050,30 @@ export EASYRSA_REQ_OU=\"$EASYRSA_REQ_OU\" export EASYRSA_REQ_EMAIL=\"$EASYRSA_REQ_EMAIL\" export EASYRSA_REQ_SERIAL=\"$EASYRSA_REQ_SERIAL\"\ " | sed -e s\`'\&'\`'\\\&'\`g \ - -e s\`'\$'\`'\\\$'\`g \ - > "$escape_hazard_tmp" || die "\ -escape_hazard - Failed to write temp-file" + -e s\`'\$'\`'\\\$'\`g \ > "$escape_hazard_tmp" || \ + die "escape_hazard - Failed to write temp-file" # Reload fields from fully escaped temp-file # shellcheck disable=1090 # Non-constant source . "$escape_hazard_tmp" - verbose "escape_hazard: COMPLETED" } # => escape_hazard() # Replace environment variable names with current value # and write to temp-file or return error from sed expand_ssl_config() { - if [ "$EASYRSA_FORCE_SAFE_SSL" ]; then - # Always run + if [ "$EASYRSA_FORCE_SAFE_SSL" ]; then # Always run verbose "expand_ssl_config: FORCED" - elif [ "$working_safe_ssl_conf" ]; then - # Has run once + elif [ "$working_safe_ssl_conf" ]; then # Has run once verbose "expand_ssl_config: BYPASSED" return - elif [ "$ssl_lib" = libressl ]; then - # Always run + elif [ "$ssl_lib" = libressl ]; then # LibreSSL Always run verbose "expand_ssl_config: REQUIRED" - elif [ "$ssl_lib" = openssl ]; then - # OpenSSl does not require a safe config + elif [ "$ssl_lib" = openssl ]; then # OpenSSL not required verbose "expand_ssl_config: IGNORED" return else - # do NOT Run - die "expand_ssl_config: EXCEPTION" + die "expand_ssl_config: EXCEPTION" # do NOT Run fi # Set run once @@ -1094,12 +1082,11 @@ expand_ssl_config() { # Assign temp-file safe_ssl_cnf_tmp="" - easyrsa_mktemp safe_ssl_cnf_tmp || die "\ -expand_ssl_config - \ -easyrsa_mktemp safe_ssl_cnf_tmp" + easyrsa_mktemp safe_ssl_cnf_tmp || die \ + "expand_ssl_config - easyrsa_mktemp safe_ssl_cnf_tmp" # Rewrite - # shellcheck disable=SC2016 # No expand '' - expand_ssl_config() + # shellcheck disable=SC2016 # No expand '' if sed \ \ -e s\`'$dir'\`\ @@ -1155,18 +1142,13 @@ easyrsa_mktemp safe_ssl_cnf_tmp" fi export EASYRSA_SSL_CONF="$safe_ssl_cnf_tmp" - verbose "\ -expand_ssl_config: EASYRSA_SSL_CONF = $EASYRSA_SSL_CONF" + verbose \ + "expand_ssl_config: EASYRSA_SSL_CONF = $EASYRSA_SSL_CONF" } # => expand_ssl_config() # Easy-RSA meta-wrapper for SSL # WARNING: Running easyrsa_openssl in a subshell # will hide error message and verbose messages -# -# The expansion here takes place on EASYRSA_SSL_CONF, -# which may have already been replaced by a temp-file -# with the extensions having been inserted by build-ca, -# sign-req or gen-req. easyrsa_openssl() { openssl_command="$1"; shift @@ -1178,8 +1160,7 @@ easyrsa_openssl() { # Do not allow 'rand' here, see easyrsa_random() case "$openssl_command" in - rand) - die "easyrsa_openssl: Illegal SSL command: rand" + rand) die "easyrsa_openssl: Illegal SSL command: rand" esac # Use local SSL cnf