Skip to content

Always generate an openssl-easyrsa.cnf or x509-types tmp-file #1401

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Oct 24, 2025
Merged

Always generate an openssl-easyrsa.cnf or x509-types tmp-file #1401

merged 10 commits into from
Oct 24, 2025

Conversation

@TinCanTech
Copy link
Collaborator

@TinCanTech TinCanTech commented Oct 16, 2025
edited
Loading

Details:

  • select_ssl_cnf_tmp() will either use an existing openssl-easyrsa.cnf file or
    create an unexpanded default file. Either file is then stored as a tmp-file
    and exported for use via $EASYRSA_SSL_CONF.

  • select_x509_type_tmp() will either use an existing X509-type file or
    create a tmp-file for supported types. For unsupported types, the user
    must supply an X509-type file.
    Returns a tmp-file as $new_x509_type_file_tmp, for use as per the the X509-type requested.

@TinCanTech
Remove provide_EASYRSA_SSL_CONF_tmp()
0a6494d 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech TinCanTech self-assigned this Oct 16, 2025
@TinCanTech
Introduce select_ssl_cnf_tmp(), replace provide_EASYRSA_SSL_CONF_tmp()
538ad3d 
select_ssl_cnf_tmp() will either use an existing openssl-easyrsa.cnf file or
create an unexpanded default file. Either file is then stored as a tmp-file
and exported for use via $EASYRSA_SSL_CONF.

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech TinCanTech force-pushed the always-gen-tmp-openssl-easyrsa-cnf branch from 34537ad to 538ad3d Compare October 16, 2025 23:23
@TinCanTech TinCanTech changed the title Always generate an openssl easyrsa cnf tmp-file Always generate an openssl-easyrsa.cnf tmp-file Oct 16, 2025
@TinCanTech
Introduce select_x509_type_tmp()
dc754e4 
select_x509_type_tmp() will either use an existing X509-type file or
create a tmp-file for supported types. For unsupported types, the user
must supply an X509-type file.

This compliments select_ssl_cnf_tmp() (538ad3d) behavior, now ALL support
files are copied to a tmp-file prior to use and possible changes.

For simplicity, this patch ONLY implements select_x509_type_tmp() for
command build-ca.

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
add_critical_attrib(): Correct error messages
4943e2c 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
build-ca: Use new $x509_type_tmp_file_ca file for add_critical_attrib()
9636985 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
build-ca: Use new select_x509_type_tmp() for X509 type COMMON file
58b0a22 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
sign-req: Use select_x509_type_tmp() for X509 type files "USER" and C…
9d8cbbf 
…OMMON

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
renew-ca: Use select_x509_type_tmp() for X509 type files ca and COMMON
55dd4bb 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech TinCanTech changed the title Always generate an openssl-easyrsa.cnf tmp-file Always generate an openssl-easyrsa.cnf or x509-types tmp-file Oct 23, 2025
@TinCanTech TinCanTech added this to the v3.2.5 milestone Oct 23, 2025
@TinCanTech TinCanTech mentioned this pull request Oct 23, 2025
Closed
@TinCanTech TinCanTech merged commit b007a50 into OpenVPN:master Oct 24, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@TinCanTech TinCanTech

Labels

EasyRSA-OpenSSL-Config improvement X509-types x509-types and related

Projects

None yet

Milestone

v3.2.5

Development

Successfully merging this pull request may close these issues.

1 participant

@TinCanTech