Integrate automatic TLS Key use into inline files

Signed-off-by: Richard T Bonhomme <[email protected]>
OpenVPN · Jul 7, 2024 · a3eb4b2 · a3eb4b2
1 parent 588042b
commit a3eb4b2
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 2 deletions.
diff --git a/dev/easyrsa-tools.lib b/dev/easyrsa-tools.lib
@@ -50,8 +50,8 @@ tls_key_gen() {
 Cannot overwrite existing $tls_key_type Key:
 * $tls_key_file
 
-If this file is changed then it MUST be distributed to ALL servers
-AND clients to be in effect. You should NOT change the existing file."
+If this file is changed then it MUST be redistributed to ALL servers
+AND clients, to be in effect. Do NOT change the existing file."
 	fi
 
 	# Generate TLS Key

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
@@ -2952,6 +2952,7 @@ inline_creds() {
 	crt_source="${EASYRSA_PKI}/issued/${1}.crt"
 	key_source="${EASYRSA_PKI}/private/${1}.key"
 	ca_source="$EASYRSA_PKI/ca.crt"
+	tls_source="${EASYRSA_PKI}"/inline/easyrsa-tls.inline
 	incomplete=0
 
 	# Generate data
@@ -3036,6 +3037,20 @@ $(cat "$ca_source")
 		fi
 	fi
 
+	# TLS auth|crypt key
+	if [ "$EASYRSA_AUTO_TLS_AUTH" ] || \
+		[ "$EASYRSA_AUTO_TLS_CRYPT" ]
+	then
+		if [ -f "$tls_source" ]; then
+			tls_data="$(cat "$tls_source")"
+		else
+			incomplete=1
+			tls_data="# Easy-RSA TLS Key not found!"
+		fi
+	else
+		tls_data="# Easy-RSA TLS Key not enabled!"
+	fi
+
 	# Print data
 	print "\
 # Easy-RSA Type: $type_data
@@ -3047,6 +3062,8 @@ $crt_data
 $key_data
 
 $ca_data
+
+$tls_data
 "
 	# If inline file is incomplete then return error
 	return "$incomplete"