From e9e8e272e0eb5225ecfb0d8a0953a5b480c5e85d Mon Sep 17 00:00:00 2001
From: Martin Schmitt <mas@scsy.de>
Date: Fri, 30 Jun 2017 17:04:31 +0200
Subject: [PATCH] Moved @ValdikSS's serial randomization to sign_req

---
 easyrsa3/easyrsa | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index f5ec797..cff63f2 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -569,6 +569,18 @@ sign_req() {
 	local req_in="$EASYRSA_PKI/reqs/$2.req"
 	local crt_out="$EASYRSA_PKI/issued/$2.crt"
 
+	# Randomize Serial number
+	local i= serial= check_serial=
+	for i in 1 2 3 4 5; do
+		"$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial"
+		serial="$(cat "$EASYRSA_PKI/serial")"
+		check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)"
+		case "$check_serial" in
+			*"not present in db"*) break ;;
+			*) continue ;;
+		esac
+	done
+
 	# Support batch by internal caller:
 	[ "$3" = "batch" ] && local EASYRSA_BATCH=1
 
@@ -661,17 +673,6 @@ Certificate created at: $crt_out
 build_full() {
 	verify_ca_init
 
-	local i= serial= check_serial=
-	for i in 1 2 3 4 5; do
-		"$EASYRSA_OPENSSL" rand -hex 16 -out "$EASYRSA_PKI/serial"
-		serial="$(cat "$EASYRSA_PKI/serial")"
-		check_serial="$("$EASYRSA_OPENSSL" ca -config "$EASYRSA_SSL_CONF" -status "$serial" 2>&1)"
-		case "$check_serial" in
-			*"not present in db"*) break ;;
-			*) continue ;;
-		esac
-	done
-
 	# pull filename base:
 	[ -n "$2" ] || die "\
 Error: didn't find a file base name as the first argument.