Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

easyrsa_openssl: Replace variable 'has_config' with OPENSSL_CONF #987

Merged
merged 3 commits into from
Jul 19, 2023
Merged

easyrsa_openssl: Replace variable 'has_config' with OPENSSL_CONF #987

merged 3 commits into from
Jul 19, 2023

Commits on Jul 19, 2023

  1. easyrsa_openssl: Replace variable 'has_config' with OPENSSL_CONF 

    Variable 'has_config' was a way to minimize the need to fully expand the
SSL config file (ENV:OPENSSL_CONF) for use by LibreSSL. IE. Only expand
the SSL config file when the SSL command requires a config file.

LibreSSL Always requires the config file to be expanded, even when it
is Not used.

OpenSSL Never requires the config file to be expanded.

Changes follow.

The first part:
* Disable expanding the SSL config file for OpenSSL.
* Require expanding the SSL config file for LibreSSL.

LibreSSL will use the run-once mechanism to expand the SSL config file.

The second part:
Replace the use of SSL option '-config', by Always configuring the SSL
environment variable OPENSSL_CONF to point to the Easy-RSA generated
config file. This is supported by LibreSSL and OpenSSL.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
    @TinCanTech
    TinCanTech committed Jul 19, 2023
    Configuration menu
    Copy the full SHA
    d4fa9bd View commit details
    Browse the repository at this point in the history

  2. openeasy_easyrsa: Remove unused variable 'has_config' 

    Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
    @TinCanTech
    TinCanTech committed Jul 19, 2023
    Configuration menu
    Copy the full SHA
    e207f85 View commit details
    Browse the repository at this point in the history

  3. Always configure OPENSSL_CONF=/dev/null when there is no SSL config 

    This applies to all direct calls using EASYRSA_OPENSSL (Default: 'openssl'),
which bypass using easyrsa_openssl() wrapper function.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
    @TinCanTech
    TinCanTech committed Jul 19, 2023
    Configuration menu
    Copy the full SHA
    82a52d1 View commit details
    Browse the repository at this point in the history