Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make gen_req() Always use EASYRSA_REQ_CN as intended #524

Merged
merged 3 commits into from
Apr 5, 2022
Merged

Make gen_req() Always use EASYRSA_REQ_CN as intended #524

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a52d6c5
Make gen_req() Always use EASYRSA_REQ_CN as intended
TinCanTech Apr 2, 2022
c345d0b
Minor formatting correction
TinCanTech Apr 5, 2022
a5669ed
Insert missing '$'
TinCanTech Apr 5, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 17 additions & 5 deletions easyrsa3/easyrsa
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ cmd_help() {

This request is suitable for sending to a remote CA for signing."
opts="
text - Include certificate text in request
nopass - do not encrypt the private key (default is encrypted)" ;;
sign|sign-req) text="
sign-req <type> <filename_base>
Expand Down Expand Up @@ -1009,7 +1010,9 @@ Error: gen-req must have a file base as the first argument.
Run easyrsa without commands for usage and commands."
key_out="$EASYRSA_PKI/private/$1.key"
req_out="$EASYRSA_PKI/reqs/$1.req"
[ ! "$EASYRSA_BATCH" ] && EASYRSA_REQ_CN="$1"

# Set the request commonName
EASYRSA_REQ_CN="$1"
shift

# Require SSL Lib version for 'nopass' -> $no_password
Expand All @@ -1019,14 +1022,16 @@ Run easyrsa without commands for usage and commands."
opts=
while [ -n "$1" ]; do
case "$1" in
text) opts="$opts -text" ;;
nopass) opts="$opts $no_password" ;;
# batch flag supports internal callers needing silent operation
batch) EASYRSA_BATCH=1 ;;
batch) openssl_batch=1 ;;
*) warn "Ignoring unknown command option: '$1'" ;;
esac
shift
done

# Verify required curves
[ "$EASYRSA_ALGO" = "ec" ] && verify_curve_ec
[ "$EASYRSA_ALGO" = "ed" ] && verify_curve_ed

Expand Down Expand Up @@ -1060,17 +1065,24 @@ $EASYRSA_EXTRA_EXTS"
EASYRSA_SSL_CONF="$conf_tmp"
fi

# Name temp files
key_out_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
req_out_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
# generate request
[ $EASYRSA_BATCH ] && opts="$opts -batch"
# shellcheck disable=2086,2148

# Set SSL non-interactive mode, otherwise allow full user interaction
if [ "$EASYRSA_BATCH" ] || [ "$openssl_batch" ]; then
opts="$opts -batch"
fi

# Set Edwards curve name or elliptic curve parameters file
algo_opts=""
if [ "ed" = "$EASYRSA_ALGO" ]; then
algo_opts="$EASYRSA_CURVE"
else
algo_opts="$EASYRSA_ALGO:$EASYRSA_ALGO_PARAMS"
fi

# Generate request
easyrsa_openssl req -utf8 -new -newkey "$algo_opts" \
-keyout "$key_out_tmp" -out "$req_out_tmp" $opts \
${EASYRSA_PASSOUT:+-passout "$EASYRSA_PASSOUT"} \
Expand Down