Merge branch 'status-x509-types' of ssh://github.com/TinCanTech/easy-…

…rsa into TinCanTech-status-x509-types Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
OpenVPN · Aug 28, 2022 · 1254ca5 · 1254ca5
2 parents df37955 + 1c9ff96
commit 1254ca5
Showing 1 changed file with 37 additions and 30 deletions.
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
@@ -67,9 +67,9 @@ Here is the list of commands available with a short syntax reminder. Use the
 	pki_dir="${EASYRSA_PKI:-$err_source}"
 	print "\
 DIRECTORY STATUS (commands would take effect on these locations)
-  EASYRSA: $work_dir
-      PKI: $pki_dir
-"
+     EASYRSA: $work_dir
+         PKI: $pki_dir
+  x509-types: ${EASYRSA_EXT_DIR:-Missing or undefined}"
 } # => usage()
 
 # Detailed command help
@@ -1019,6 +1019,36 @@ The preferred location for 'vars' is within the PKI folder.
   or declare your 'vars' file with option: --vars=<FILE>"
 } # => prefer_vars_in_pki_msg()
 
+# Find x509-types dir, always prefer PKI location
+find_x509_types_dir() {
+	x509_types_dir='x509-types'
+	# if PKI/x509-types exists then it wins, except for command line
+	if [ -d "$EASYRSA_PKI/$x509_types_dir" ]; then
+		# use set_var to preserve command line
+		set_var EASYRSA_EXT_DIR "$EASYRSA_PKI/$x509_types_dir"
+		return
+	fi
+
+	# Find x509-types dir, in specific order
+	for area in \
+		'/usr/local/share/easy-rsa' \
+		'/usr/share/easy-rsa' \
+		"$PWD" \
+		"${0%/*}" \
+		'/etc/easy-rsa' \
+		# EOL - # Add more distros here
+	do
+		# Find x509-types
+		[ -e "${area}/$x509_types_dir" ] || continue
+
+		# Declare in preferred order, first wins, beaten by command line.
+		set_var EASYRSA_EXT_DIR "${area}/$x509_types_dir"
+	done
+
+	# EASYRSA_EXT_DIR must be defined
+	[ "${EASYRSA_EXT_DIR}" ] || return
+} # => find_x509_types_dir()
+
 # Copy data-files from various sources
 install_data_to_pki () {
 #
@@ -1061,7 +1091,6 @@ install_data_to_pki () {
 	vars_file='vars'
 	vars_file_example='vars.example'
 	ssl_cnf_file='openssl-easyrsa.cnf'
-	x509_types_dir='x509-types'
 
 	# PWD - Covers EasyRSA-Windows installed by OpenVPN, and git forks
 	# "prog_dir" - Old way (Who installs data files in /usr/bin ?)
@@ -1094,24 +1123,10 @@ install_data_to_pki () {
 				cp "${area}/${source}" "$EASYRSA_PKI" || return
 			fi
 		done
-
-		# Find x509-types
-		[ -e "${area}/${x509_types_dir}" ] || continue
-
-		# Declare in preferred order, first wins, beaten by command line.
-		# Only set if not in PKI; Same condition made in vars_setup()
-		if [ -d "$EASYRSA_PKI/x509-types" ]; then
-			continue
-		else
-			set_var EASYRSA_EXT_DIR "${area}/${x509_types_dir}"
-		fi
 	done
 
-	# if PKI/x509-types exists then it wins, except command line
-	# Same condition made in vars_setup()
-	if [ -d "$EASYRSA_PKI/x509-types" ]; then
-		set_var EASYRSA_EXT_DIR "$EASYRSA_PKI/x509-types"
-	fi
+	# Find x509-types or fail
+	find_x509_types_dir || die "Failed to find x509-types"
 
 	# Create PKI/vars from PKI/example
 	unset -v new_vars_true
@@ -1146,13 +1161,6 @@ install_data_to_pki () {
 	#[ -e "${EASYRSA_PKI}/${vars_file_example}" ] || return
 	[ -e "${EASYRSA_PKI}/${ssl_cnf_file}" ] || return
 
-	# EASYRSA_EXT_DIR must be found! No exceptions!
-	# The shellcheck warning 2015 is valid, however, this code works correctly.
-	# Note that A && B || C is not if-then-else. C may run when A is true
-	# shellcheck disable=SC2015
-	[ "$EASYRSA_EXT_DIR" ] && [ -e "$EASYRSA_EXT_DIR" ] || \
-		die "x509-types folder cannot be found: $EASYRSA_EXT_DIR"
-
 	# Create a safe ssl file, Complete or error
 	require_safe_ssl_conf=1 # Always required
 	[ -e "$EASYRSA_SAFE_CONF" ] || easyrsa_openssl makesafeconf || return
@@ -3875,7 +3883,8 @@ Priority should be given to your PKI vars file:
 	# If $EASYRSA_NO_VARS is defined (not blank) then do not use vars.
 	# If $no_pki_required then located vars files are not required.
 	if [ "$EASYRSA_NO_VARS" ] || [ "$no_pki_required" ]; then
-		: # ok
+		# Find x509-types but do not fail - Not fatal here
+		find_x509_types_dir || :
 
 	# If a vars file was located then source it
 	else
@@ -3918,7 +3927,6 @@ Sourcing the vars file and building certificates will probably fail ..'
 			# shellcheck disable=1090 # can't follow non-constant source. vars
 			. "$vars" 2>/dev/null
 			unset -v EASYRSA_CALLER
-
 		fi
 	fi
 
@@ -3996,7 +4004,6 @@ Sourcing the vars file and building certificates will probably fail ..'
 			else
 				prefer_vars_in_pki_msg
 			fi
-			information "Using x509-types directory: $EASYRSA_EXT_DIR"
 
 			# export OPENSSL_CONF for OpenSSL, OpenSSL config file MUST exist
 			# EASYRSA_SAFE_CONF is output by 'install_data_to_pki()'