easyrsa_openssl(): makesafecnf - Copy temp-file do NOT move #948
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This change is a direct consequence of trying to resolve OpenVPN/easyrsa-unit-tests#61 |
TinCanTech
changed the title
Command 'easyrsa_openssl makesafecnf' is used internally to create a safe SSL config file. (By status reports, read_db()) Once the safe SSL config file has been named as a temp-file and created, the script continues to use that temp-file as the master copy, it does not recreate a safe SSL config file for subsequent calls to easyrsa_openssl(). Therefore, the temp-file MUST be copied to the standard safe SSL file not moved. Otherwise, the named temp-file is removed. Also, move the assignment of the safe SSL temp-file to the correct place. This means that a new temp-file wiill only be assigned once. Also, verify that the safe SSL temp-file exists when it is expected to. Also, change use of '--no--safe-ssl' with LibreSSL to a FATAL error. Other changes are for error and verbose messages. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
TinCanTech
force-pushed
the
make-safe-ssl-copy-temp-file
branch
from
9f0886d
to
906df2d
Compare
|
Force push, correct typos and squash. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Command 'easyrsa_openssl makesafecnf' is used internally to create a safe SSL config file. (By status reports, read_db())
Once the safe SSL config file has been named as a temp-file and created, the script continues to use that temp-file as the master copy, it does not recreate a safe SSL config file for subsequent calls to easyrsa_openssl().
Therefore, the temp-file MUST be copied to the standard safe SSL file not moved. Otherwise, the named temp-file is removed.
Also, move the assignment of the safe SSL temp-file to the correct place. This means that a new temp-file wiill only be assigned once.
Also, verify that the safe SSL temp-file exists when it is expected to.
Other changes are for error and verbose messages.