@@ -3017,13 +3017,21 @@ inline_file() {
30173017 ca_source="$EASYRSA_PKI"/ca.crt
30183018 tls_source="$EASYRSA_PKI"/private/easyrsa-tls.key
30193019 old_tls_key_file="$EASYRSA_PKI"/easyrsa-keepsafe-tls.key
3020+ dh_params_source="$EASYRSA_PKI"/dh.pem
30203021
30213022 # output
30223023 inline_out="${EASYRSA_PKI}/inline/${1}.inline"
3023- print "\
3024- # Inline files in the 'private' directory contain security keys which
3025- # MUST only be transmitted over a secure connection, such as 'scp'." \
3026- > "$EASYRSA_PKI"/inline/private/README.inline.private
3024+ readme="$EASYRSA_PKI"/inline/private/README.inline.private
3025+ if [ ! -f "$readme" ]; then
3026+ print "\
3027+ # Inline files in the 'private' directory contain security keys
3028+ # which MUST ONLY be transmitted over a SECURE connection.
3029+ # eg. 'https' or 'scp'." > "$readme" || \
3030+ warn "inline_file - Failed to create README"
3031+ fi
3032+ unset -v readme
3033+
3034+ # flags
30273035 inline_incomplete=
30283036 inline_private=
30293037
@@ -3122,6 +3130,33 @@ $(cat "$ca_source")
31223130# </ca>"
31233131 fi
31243132
3133+ # dh params file, for RSA servers only
3134+ if [ "$EASYRSA_ALGO" = rsa ]; then
3135+ case "$crt_type" in
3136+ server|serverClient)
3137+ # Collect DH data
3138+ if [ -f "$dh_params_source" ]; then
3139+ dh_params_data="${NL}
3140+ <dh>
3141+ $(cat "$dh_params_source")
3142+ </dh>"
3143+ else
3144+ inline_incomplete=1
3145+ dh_params_data="${NL}
3146+ # <dh>
3147+ # * Paste your Diffie-Hellman parameters file here *
3148+ # </dh>"
3149+ fi
3150+
3151+ # Append DH data to CA data
3152+ ca_data="${ca_data}${dh_params_data}"
3153+ ;;
3154+ *) : # ok, not server
3155+ esac
3156+ else
3157+ : # ok, not RSA
3158+ fi
3159+
31253160 # TLS KEY - Set TLS auth|crypt key inline label
31263161 if [ -f "$tls_source" ]; then
31273162 tls_key_data="$(cat "$tls_source")"
0 commit comments