Merge branch 'TinCanTech-remove-escape-hazard'

Signed-off-by: Richard T Bonhomme <[email protected]>
OpenVPN · Apr 11, 2024 · 90e1a91 · 90e1a91
2 parents c0c9a3b + 9823f63
commit 90e1a91
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 61 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -2,6 +2,7 @@ Easy-RSA 3 ChangeLog
 
 3.2.0 (TBD)
 
+   * Remove escape_hazard(), obsolete (ca76697)
    * Remove command and function display_cn(), unused (be8f400) (#1114)
    * Introduce Options to edit Request Subject during command 'sign-req'
      Global Option: --new-subject -- Command 'sign-req' option: 'newsubj'

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
@@ -1014,63 +1014,6 @@ Temporary session not preserved."
 	exit 1
 } # => cleanup()
 
-# Escape hazardous characters
-# Auto-escape hazardous characters:
-# '&' - Workaround 'sed' behavior
-# '$' - Workaround 'easyrsa' based limitation
-# This is required for all SSL libs, otherwise,
-# there are unacceptable differences in behavior
-escape_hazard() {
-	if [ "$EASYRSA_FORCE_SAFE_SSL" ] || \
-		[ "$makesafeconf" ]
-	then
-		# Always run
-		verbose "escape_hazard: FORCED"
-	elif [ "$working_safe_org_conf" ]; then
-		# Has run once
-		verbose "escape_hazard: BYPASSED"
-		return
-	else
-		# Run once
-		verbose "escape_hazard: RUN-ONCE"
-	fi
-
-	# Only use if old 'sed' version is requested
-	if [ "$EASYRSA_LEGACY_SAFE_SSL" ]; then
-		: # ok
-	else
-		verbose "escape_hazard: REPLACED by heredoc expansion"
-		verbose "escape_hazard: ABANDONED"
-		return
-	fi
-
-	# Set run once
-	working_safe_org_conf=1
-
-	# Assign temp-file
-	escape_hazard_tmp=""
-	easyrsa_mktemp escape_hazard_tmp || die \
-		"escape_hazard - easyrsa_mktemp escape_hazard_tmp"
-
-	# write org fields to org temp-file and escape '&' and '$'
-	print "\
-export EASYRSA_REQ_COUNTRY=\"$EASYRSA_REQ_COUNTRY\"
-export EASYRSA_REQ_PROVINCE=\"$EASYRSA_REQ_PROVINCE\"
-export EASYRSA_REQ_CITY=\"$EASYRSA_REQ_CITY\"
-export EASYRSA_REQ_ORG=\"$EASYRSA_REQ_ORG\"
-export EASYRSA_REQ_OU=\"$EASYRSA_REQ_OU\"
-export EASYRSA_REQ_EMAIL=\"$EASYRSA_REQ_EMAIL\"
-export EASYRSA_REQ_SERIAL=\"$EASYRSA_REQ_SERIAL\"\
-" | sed -e s\`'\&'\`'\\\&'\`g \
-		-e s\`'\$'\`'\\\$'\`g \
-			> "$escape_hazard_tmp" || die "\
-escape_hazard - Failed to write temp-file"
-
-	# Reload fields from fully escaped temp-file
-	source_vars "$escape_hazard_tmp"
-	verbose "escape_hazard: COMPLETED"
-} # => escape_hazard()
-
 # Replace environment variable names with current value
 # and write to temp-file or return error from sed
 expand_ssl_config() {
@@ -1188,10 +1131,6 @@ easyrsa_openssl() {
 			die "easyrsa_openssl: Illegal SSL command: rand"
 	esac
 
-	# Auto-escape hazardous characters
-	escape_hazard || \
-		die "easyrsa_openssl - escape_hazard failed"
-
 	# Rewrite SSL config
 	expand_ssl_config || \
 		die "easyrsa_openssl - expand_ssl_config failed"