commit d20d2b3c06baed2fc4e098b12331fd203e723f91 Author: Olav Reinert Date: Thu Jul 27 08:27:27 2017 +0200 Update docs and examples to fit changes in 534f673 diff --git a/doc/EasyRSA-Advanced.md b/doc/EasyRSA-Advanced.md index 1bd8c29..5bcd526 100644 --- a/doc/EasyRSA-Advanced.md +++ b/doc/EasyRSA-Advanced.md @@ -31,12 +31,12 @@ Configuration Reference The following locations are checked, in this order, for a vars file. Only the first one found is used: - 1. File referenced by the --vars CLI option + 1. The file referenced by the --vars CLI option 2. The file referenced by the env-var named `EASYRSA_VARS_FILE` - 3. The `EASYRSA_PKI` directory - 4. The default PKI directory at $PWD/pki (usually will be the same as above) - 4. The `EASYRSA` directory - 5. The location of the easyrsa program (usually will be the same as above) + 3. The directory referenced by the `EASYRSA_PKI` env-var + 4. The default PKI directory at $PWD/pki + 4. The directory referenced by the `EASYRSA` env-var + 5. The directory containing the easyrsa program Defining the env-var `EASYRSA_NO_VARS` will override the sourcing of the vars file in all cases, including defining it subsequently as a global option. @@ -78,10 +78,10 @@ Environmental Variables Reference A list of env-vars, any matching global option (CLI) to set/override it, and a possible terse description is shown below: - * `EASYRSA` - should point to the Easy-RSA top-level dir, normally $PWD + * `EASYRSA` - should point to the Easy-RSA top-level dir, where the easyrsa script is located. * `EASYRSA_OPENSSL` - command to invoke openssl * `EASYRSA_SSL_CONF` - the openssl config file to use - * `EASYRSA_PKI` (CLI: `--pki-dir`) - dir to use to hold all PKI-specific files, normally $PWD/pki. + * `EASYRSA_PKI` (CLI: `--pki-dir`) - dir to use to hold all PKI-specific files, defaults to $PWD/pki. * `EASYRSA_DN` (CLI: `--dn-mode`) - set to the string `cn_only` or `org` to alter the fields to include in the req DN * `EASYRSA_REQ_COUNTRY` (CLI: `--req-c`) - set the DN country with org mode diff --git a/easyrsa3/vars.example b/easyrsa3/vars.example index 2c444d8..c439cba 100644 --- a/easyrsa3/vars.example +++ b/easyrsa3/vars.example @@ -39,10 +39,15 @@ fi # DO YOUR EDITS BELOW THIS POINT -# This variable should point to the top level of the easy-rsa tree. By default, -# this is taken to be the directory you are currently in. +# This variable is used as the base location of configuration files needed by +# easyrsa. More specific variables for specific files (e.g., EASYRSA_SSL_CONF) +# may override this default. +# +# The default value of this variable is the location of the easyrsa script +# itself, which is also where the configuration files are located in the +# easy-rsa tree. -#set_var EASYRSA "$PWD" +#set_var EASYRSA "${0%/*}" # If your OpenSSL command is not in the system PATH, you will need to define the # path to it here. Normally this means a full path to the executable, otherwise @@ -57,12 +62,14 @@ fi # This sample is in Windows syntax -- edit it for your path if not using PATH: #set_var EASYRSA_OPENSSL "C:/Program Files/OpenSSL-Win32/bin/openssl.exe" -# Edit this variable to point to your soon-to-be-created key directory. +# Edit this variable to point to your soon-to-be-created key directory. By +# default, this will be "$PWD/pki" (i.e. the "pki" subdirectory of the +# directory you are currently in). # # WARNING: init-pki will do a rm -rf on this directory so make sure you define # it correctly! (Interactive mode will prompt before acting.) -#set_var EASYRSA_PKI "$EASYRSA/pki" +#set_var EASYRSA_PKI "$PWD/pki" # Define X509 DN mode. # This is used to adjust what elements are included in the Subject field as the DN