Skip to content

Always generate an openssl-easyrsa.cnf or x509-types tmp-file#1401

Merged
TinCanTech merged 10 commits intoOpenVPN:masterfrom
TinCanTech:always-gen-tmp-openssl-easyrsa-cnf
Oct 24, 2025
Merged

Always generate an openssl-easyrsa.cnf or x509-types tmp-file#1401
TinCanTech merged 10 commits intoOpenVPN:masterfrom
TinCanTech:always-gen-tmp-openssl-easyrsa-cnf

Conversation

@TinCanTech
Copy link
Collaborator

@TinCanTech TinCanTech commented Oct 16, 2025
edited
Loading

Details:

  • select_ssl_cnf_tmp() will either use an existing openssl-easyrsa.cnf file or
    create an unexpanded default file. Either file is then stored as a tmp-file
    and exported for use via $EASYRSA_SSL_CONF.

  • select_x509_type_tmp() will either use an existing X509-type file or
    create a tmp-file for supported types. For unsupported types, the user
    must supply an X509-type file.
    Returns a tmp-file as $new_x509_type_file_tmp, for use as per the the X509-type requested.

@TinCanTech
Remove provide_EASYRSA_SSL_CONF_tmp()
0a6494d 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech TinCanTech self-assigned this Oct 16, 2025
@TinCanTech
Introduce select_ssl_cnf_tmp(), replace provide_EASYRSA_SSL_CONF_tmp()
538ad3d 
select_ssl_cnf_tmp() will either use an existing openssl-easyrsa.cnf file or
create an unexpanded default file. Either file is then stored as a tmp-file
and exported for use via $EASYRSA_SSL_CONF.

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech TinCanTech force-pushed the always-gen-tmp-openssl-easyrsa-cnf branch from 34537ad to 538ad3d Compare October 16, 2025 23:23
@TinCanTech TinCanTech changed the title Always generate an openssl easyrsa cnf tmp-file Always generate an openssl-easyrsa.cnf tmp-file Oct 16, 2025
@TinCanTech
Introduce select_x509_type_tmp()
dc754e4 
select_x509_type_tmp() will either use an existing X509-type file or
create a tmp-file for supported types. For unsupported types, the user
must supply an X509-type file.

This compliments select_ssl_cnf_tmp() (538ad3d) behavior, now ALL support
files are copied to a tmp-file prior to use and possible changes.

For simplicity, this patch ONLY implements select_x509_type_tmp() for
command build-ca.

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
add_critical_attrib(): Correct error messages
4943e2c 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
build-ca: Use new $x509_type_tmp_file_ca file for add_critical_attrib()
9636985 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
build-ca: Use new select_x509_type_tmp() for X509 type COMMON file
58b0a22 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
sign-req: Use select_x509_type_tmp() for X509 type files "USER" and C…
9d8cbbf 
…OMMON

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
renew-ca: Use select_x509_type_tmp() for X509 type files ca and COMMON
55dd4bb 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech TinCanTech changed the title Always generate an openssl-easyrsa.cnf tmp-file Always generate an openssl-easyrsa.cnf or x509-types tmp-file Oct 23, 2025
@TinCanTech TinCanTech added this to the v3.2.5 milestone Oct 23, 2025
@TinCanTech TinCanTech mentioned this pull request Oct 23, 2025
Closed
@TinCanTech TinCanTech merged commit b007a50 into OpenVPN:master Oct 24, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@TinCanTech TinCanTech

Labels

EasyRSA-OpenSSL-Config improvement X509-types x509-types and related

Projects

None yet

Milestone

v3.2.5

Development

Successfully merging this pull request may close these issues.

1 participant

@TinCanTech