Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

verify_ssl_lib(): Minor style improvements #974

Merged
merged 1 commit into from
Jul 5, 2023
Merged

verify_ssl_lib(): Minor style improvements #974

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 33 additions & 34 deletions easyrsa3/easyrsa
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1120,32 +1120,33 @@ ${has_config:+-config $easyrsa_safe_ssl_conf }$*"
# and establish version dependencies
verify_ssl_lib() {
# Run once only
[ "$EASYRSA_SSL_OK" ] && die "verify_ssl_lib - Overloaded"
EASYRSA_SSL_OK=1
[ "$verify_ssl_lib_ok" ] && return
verify_ssl_lib_ok=1

# redirect std-err to ignore missing etc/ssl/openssl.cnf file
# redirect std-err, ignore missing ssl/openssl.cnf
val="$("$EASYRSA_OPENSSL" version 2>/dev/null)"
ssl_version="$val"

# SSL lib name
require_safe_ssl_conf=1
case "${val%% *}" in
# OpenSSL does require a safe config-file for ampersand
OpenSSL)
ssl_lib=openssl
if [ -z "$EASYRSA_NO_SAFE_SSL" ]; then
require_safe_ssl_conf=1
fi
;;
LibreSSL)
ssl_lib=libressl
require_safe_ssl_conf=1
if [ "$EASYRSA_NO_SAFE_SSL" ]; then
user_error \
"Cannot use '--no-safe-ssl' with LibreSSL"
fi
;;
*)
error_msg="$("$EASYRSA_OPENSSL" version 2>&1)"
# OpenSSL does require a safe config-file for ampersand
OpenSSL)
ssl_lib=openssl
if [ "$EASYRSA_NO_SAFE_SSL" ]; then
unset -v require_safe_ssl_conf
fi
;;
LibreSSL)
ssl_lib=libressl
if [ "$EASYRSA_NO_SAFE_SSL" ]; then
user_error "\
Cannot use '--no-safe-ssl' with LibreSSL"
fi
;;
*)
error_msg="$("$EASYRSA_OPENSSL" version 2>&1)"
user_error "\
* OpenSSL must either exist in your PATH
or be defined in your vars file.

Expand All @@ -1158,20 +1159,17 @@ $error_msg"
osslv_major="${val#* }"
osslv_major="${osslv_major%%.*}"
case "$osslv_major" in
1) no_password='-nodes' ;;
2) no_password='-nodes' ;;
3)
case "$ssl_lib" in
openssl) no_password='-noenc' ;;
libressl) no_password='-nodes' ;;
*) user_error \
"Unsupported SSL library: $ssl_lib"
esac
;;
*) user_error "Unsupported SSL library: $osslv_major"
1) no_password='-nodes' ;;
2) no_password='-nodes' ;;
3)
case "$ssl_lib" in
openssl) no_password='-noenc' ;;
libressl) no_password='-nodes' ;;
*) die "Unexpected SSL library: $ssl_lib"
esac
;;
*) die "Unexpected SSL version: $osslv_major"
esac
ssl_version="$val"

} # => verify_ssl_lib()

# Basic sanity-check of PKI init and complain if missing
Expand Down Expand Up @@ -1301,7 +1299,7 @@ and initialize a fresh PKI here."
do
# # # shellcheck disable=SC2115 # Use "${var:?}"
target="$EASYRSA_PKI/$i"
if [ "${#target}" -gt 1 ]; then
if [ "${target%/*}" ]; then
rm -rf "$target" || \
die "init-pki soft reset(1) failed!"
else
Expand Down Expand Up @@ -6476,6 +6474,7 @@ detect_host

# Initialisation requirements
unset -v \
verify_ssl_lib_ok \
easyrsa_error_exit \
prohibit_no_pass \
secured_session \
Expand Down