@@ -625,7 +625,7 @@ General options:
625625 (Default PKI directory is sub-directory 'pki')
626626 See Advanced.md for in depth usage.
627627
628- --ssl-conf =FILE : Define a specific OpenSSL config file for Easy-RSA to use
628+ --ssl-cnf =FILE : Define a specific OpenSSL config file for Easy-RSA to use
629629 (Default config file is in the EasyRSA PKI directory)
630630--force-safe-ssl: Always generate a safe SSL config file
631631 (Default: Generate Safe SSL config once per instance)
@@ -840,8 +840,7 @@ secure_session - Missing temporary directory:
840840 die "secure_session - temp-file EXISTS"
841841
842842 # New session requires safe-ssl conf
843- unset -v session OPENSSL_CONF \
844- EASYRSA_SSL_CONF safe_ssl_cnf_tmp \
843+ unset -v session OPENSSL_CONF safe_ssl_cnf_tmp \
845844 working_safe_ssl_conf working_safe_org_conf
846845
847846 easyrsa_err_log="$secured_session/error.log"
@@ -859,8 +858,11 @@ remove_secure_session() {
859858 if rm -rf "$secured_session"; then
860859 verbose "\
861860remove_secure_session: DELETED: $secured_session"
862- unset -v secured_session OPENSSL_CONF \
863- EASYRSA_SSL_CONF safe_ssl_cnf_tmp \
861+
862+ # Restore original EASYRSA_SSL_CONF
863+ EASYRSA_SSL_CONF="$original_ssl_cnf"
864+
865+ unset -v secured_session OPENSSL_CONF safe_ssl_cnf_tmp \
864866 working_safe_ssl_conf working_safe_org_conf
865867 return
866868 fi
@@ -2678,6 +2680,7 @@ basicConstraints is not defined, cannot use 'pathlen'"
26782680
26792681 # Get request CN
26802682 # EASYRSA_REQ_CN MUST always be set to the CSR CN
2683+ # or use --new-subect
26812684 EASYRSA_REQ_CN="$(
26822685 "$EASYRSA_OPENSSL" req -utf8 -in "$req_in" -noout \
26832686 -subject -nameopt multiline | grep 'commonName'
@@ -2984,8 +2987,8 @@ Conflicting file found at:
29842987 # Recreate temp-session and
29852988 # drop edits to SSL Conf file
29862989 remove_secure_session
2987- locate_support_files
29882990 secure_session
2991+ locate_support_files
29892992 write_global_safe_ssl_cnf_tmp
29902993
29912994 # Require --copy-ext
@@ -4661,6 +4664,14 @@ verify_working_env() {
46614664 write_global_safe_ssl_cnf_tmp
46624665 fi
46634666 fi
4667+
4668+ # Find x509-types, openssl-easyrsa.cnf
4669+ # and easyrsa-tools.lib
4670+ locate_support_files
4671+
4672+ # Save original EASYRSA_SSL_CONF
4673+ original_ssl_cnf="$EASYRSA_SSL_CONF"
4674+
46644675 verbose "verify_working_env: COMPLETED Handover-to: $cmd"
46654676} # => verify_working_env()
46664677
@@ -4716,6 +4727,10 @@ verify_working_env - easyrsa_mktemp global_safe_ssl_cnf_tmp"
47164727# If the existing file has a known hash then use temp-file.
47174728# Otherwise, use the file in place.
47184729write_easyrsa_ssl_cnf_tmp() {
4730+ # If EASYRSA_SSL_CONF is undefined then use default
4731+ [ "$EASYRSA_SSL_CONF" ] || set_var \
4732+ EASYRSA_SSL_CONF "$EASYRSA_PKI"/openssl-easyrsa.cnf
4733+
47194734 if [ -f "$EASYRSA_SSL_CONF" ]; then
47204735 verbose "write_easyrsa_ssl_cnf_tmp: SSL config EXISTS"
47214736
@@ -5578,7 +5593,7 @@ while :; do
55785593 --tmp-dir)
55795594 export EASYRSA_TEMP_DIR="$val"
55805595 ;;
5581- --ssl-conf)
5596+ --ssl-cnf|--ssl- conf)
55825597 export EASYRSA_SSL_CONF="$val"
55835598 ;;
55845599 --keep-tmp)
@@ -5832,9 +5847,6 @@ validate_default_vars
58325847# Check for conflicting input options
58335848mutual_exclusions
58345849
5835- # Find x509-types, openssl-easyrsa.cnf and easyrsa-tools.lib
5836- locate_support_files
5837-
58385850# Verify SSL Lib - One time ONLY
58395851verify_ssl_lib
58405852
0 commit comments