2019-02-12 20:55:41 +01:00
|
|
|
diff --git a/easyrsa b/easyrsa
|
|
|
|
|
index e019982..635a2b9 100755
|
|
|
|
|
--- easyrsa
|
|
|
|
|
+++ easyrsa
|
|
|
|
|
@@ -376,7 +376,7 @@ $out"
|
2018-12-03 23:44:23 +01:00
|
|
|
|
2019-02-12 20:55:41 +01:00
|
|
|
verify_ssl_lib () {
|
2018-12-03 23:44:23 +01:00
|
|
|
# make safessl-easyrsa.cnf
|
|
|
|
|
- make_ssl_config
|
|
|
|
|
+ [ "$1" == "no_safe_ssl_config" ] || make_ssl_config
|
|
|
|
|
|
|
|
|
|
# Verify EASYRSA_OPENSSL command gives expected output
|
|
|
|
|
if [ -z "$EASYRSA_SSL_OK" ]; then
|
2019-02-12 20:55:41 +01:00
|
|
|
@@ -403,7 +403,7 @@ verify_pki_init() {
|
|
|
|
|
help_note="Run easyrsa without commands for usage and command help."
|
2018-12-03 23:44:23 +01:00
|
|
|
|
2019-02-12 20:55:41 +01:00
|
|
|
# check that the pki dir exists
|
2018-12-03 23:44:23 +01:00
|
|
|
- vars_source_check
|
|
|
|
|
+ vars_source_check no_safe_ssl_config
|
2019-02-12 20:55:41 +01:00
|
|
|
[ -d "$EASYRSA_PKI" ] || die "\
|
|
|
|
|
EASYRSA_PKI does not exist (perhaps you need to run init-pki)?
|
|
|
|
|
Expected to find the EASYRSA_PKI at: $EASYRSA_PKI
|
|
|
|
|
@@ -1452,7 +1452,7 @@ vars_setup() {
|
2018-12-01 18:26:16 +01:00
|
|
|
vars=
|
|
|
|
|
|
|
|
|
|
# set up program path
|
|
|
|
|
- prog_vars="${0%/*}/vars"
|
|
|
|
|
+ prog_vars="/etc/easy-rsa/vars"
|
|
|
|
|
# set up PKI path
|
|
|
|
|
pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars"
|
|
|
|
|
|
2019-02-12 20:55:41 +01:00
|
|
|
@@ -1482,7 +1482,7 @@ Note: using Easy-RSA configuration from: $vars"
|
2018-12-01 18:26:16 +01:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Set defaults, preferring existing env-vars if present
|
|
|
|
|
- set_var EASYRSA "${0%/*}"
|
|
|
|
|
+ set_var EASYRSA "/etc/easy-rsa"
|
|
|
|
|
set_var EASYRSA_OPENSSL openssl
|
|
|
|
|
set_var EASYRSA_PKI "$PWD/pki"
|
|
|
|
|
set_var EASYRSA_DN cn_only
|
2019-02-12 20:55:41 +01:00
|
|
|
@@ -1510,7 +1510,11 @@ Note: using Easy-RSA configuration from: $vars"
|
|
|
|
|
set_var EASYRSA_DIGEST sha256
|
|
|
|
|
|
|
|
|
|
set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf"
|
|
|
|
|
- set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf"
|
|
|
|
|
+ if touch "$EASYRSA/safessl-easyrsa.cnf" &>/dev/null; then
|
|
|
|
|
+ set_var EASYRSA_SAFE_CONF "$EASYRSA/safessl-easyrsa.cnf"
|
|
|
|
|
+ else
|
|
|
|
|
+ set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf"
|
|
|
|
|
+ fi
|
2018-12-03 23:44:23 +01:00
|
|
|
|
|
|
|
|
# Same as above for the x509-types extensions dir
|
2019-02-12 20:55:41 +01:00
|
|
|
if [ -d "$EASYRSA_PKI/x509-types" ]; then
|
|
|
|
|
diff --git a/vars.example b/vars.example
|
|
|
|
|
index f03ea6e..2e1d781 100644
|
|
|
|
|
--- vars.example
|
|
|
|
|
+++ vars.example
|
|
|
|
|
@@ -47,7 +47,7 @@ fi
|
2018-12-01 18:26:16 +01:00
|
|
|
# itself, which is also where the configuration files are located in the
|
|
|
|
|
# easy-rsa tree.
|
|
|
|
|
|
|
|
|
|
-#set_var EASYRSA "${0%/*}"
|
|
|
|
|
+#set_var EASYRSA "/etc/easy-rsa"
|
|
|
|
|
|
|
|
|
|
# If your OpenSSL command is not in the system PATH, you will need to define the
|
|
|
|
|
# path to it here. Normally this means a full path to the executable, otherwise
|
