From 6b6568d975620cf8d4dfdf90304ee84853a1af5e Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Fri, 8 Dec 2023 23:23:04 +0000
Subject: [PATCH] Move check for $working_safe_ssl_conf to invocation layer
 (Simplify)

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 8811705b7..5328bed30 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -5288,13 +5288,6 @@ verify_working_env - secure-session failed"
 		# Verify selected algorithm and parameters
 		verify_algo_params
 
-		# Check $working_safe_ssl_conf, to build
-		# a fully configured safe ssl conf, on the
-		# next invocation of easyrsa_openssl()
-		if [ "$working_safe_ssl_conf" ]; then
-			die "working_safe_ssl_conf must not be set!"
-		fi
-
 		# Verify CA is initialised
 		if [ "$require_ca" ]; then
 			verify_ca_init
@@ -6030,8 +6023,16 @@ locate_support_files
 # Verify SSL Lib - One time ONLY
 verify_ssl_lib
 
+# Check $working_safe_ssl_conf, to build
+# a fully configured safe ssl conf, on the
+# next invocation of easyrsa_openssl()
+if [ "$working_safe_ssl_conf" ]; then
+	die "working_safe_ssl_conf must not be set!"
+fi
+
 # Establish PKI and CA initialisation requirements
 # This avoids unnecessary warnings and notices
+# Used by verify_working_env()
 unset -v require_pki require_ca ignore_vars
 case "$cmd" in
 	''|help|-h|--help|--usage| \