@@ -4335,6 +4335,12 @@ read_db() {
43354335
43364336 while read -r db_status db_notAfter db_record; do
43374337
4338+ # Quiet schellcheck
4339+ # SC2034 (warning): db_notAfter appears unused
4340+ unused="$db_notAfter"
4341+ db_notAfter="$unused"
4342+ unset -v db_notAfter unused
4343+
43384344 verbose "***** Read next record *****"
43394345
43404346 # Recreate temp-session and
@@ -4480,6 +4486,7 @@ expire_status_v2() {
44804486 verbose "cert will still be valid by expiry window"
44814487 else
44824488 # cert expiry date
4489+ cert_not_after_date=
44834490 if iso_8601_cert_enddate "$1" cert_not_after_date; then
44844491 : # ok
44854492 else
@@ -4689,10 +4696,6 @@ Missing request file:
46894696 ssl_cert_serial "$crt_in" cert_serial || \
46904697 die "$cmd: Failed to get cert serial number!"
46914698
4692- # Duplicate cert by serial file
4693- dup_dir="$EASYRSA_PKI/certs_by_serial"
4694- dup_crt_by_serial="$dup_dir/${cert_serial}.pem"
4695-
46964699 # Set out_dir
46974700 out_dir="$EASYRSA_PKI/renewed"
46984701 crt_out="$out_dir/issued/${file_name_base}.crt"
@@ -4707,6 +4710,7 @@ Use command 'revoke-renewed' to revoke this certificate."
47074710 fi
47084711
47094712 # Extract certificate usage from old cert
4713+ cert_type=
47104714 ssl_cert_x509v3_eku "$crt_in" cert_type
47114715
47124716 # create temp-file for full cert text
@@ -4972,12 +4976,13 @@ renew_ca_cert() {
49724976$cmd does not support setting an external commonName."
49734977
49744978 # Copy Old CA commonName as default
4975- export EASYRSA_REQ_CN="$(
4979+ EASYRSA_REQ_CN="$(
49764980 "$EASYRSA_OPENSSL" x509 -in "$ca_cert_file" \
49774981 -noout -subject -nameopt utf8,multiline | \
49784982 grep 'commonName' | sed -e \
49794983 s\`^[[:blank:]]*commonName[[:blank:]]*=[[:blank:]]\`\`
4980- )"
4984+ )" || die "renew_ca_cert - Failed to get EASYRSA_REQ_CN"
4985+ export EASYRSA_REQ_CN
49814986
49824987 # Set ssl batch mode, as required
49834988 [ "$EASYRSA_BATCH" ] && ssl_batch=1
0 commit comments