Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

easyrsa_openssl(): makesafecnf - Copy temp-file do NOT move #948

Merged
merged 1 commit into from May 2, 2023
Merged

easyrsa_openssl(): makesafecnf - Copy temp-file do NOT move #948

merged 1 commit into from May 2, 2023

Conversation

TinCanTech
Copy link
Collaborator

Command 'easyrsa_openssl makesafecnf' is used internally to create a safe SSL config file. (By status reports, read_db())

Once the safe SSL config file has been named as a temp-file and created, the script continues to use that temp-file as the master copy, it does not recreate a safe SSL config file for subsequent calls to easyrsa_openssl().

Therefore, the temp-file MUST be copied to the standard safe SSL file not moved. Otherwise, the named temp-file is removed.

Also, move the assignment of the safe SSL temp-file to the correct place. This means that a new temp-file wiill only be assigned once.

Also, verify that the safe SSL temp-file exists when it is expected to.

Other changes are for error and verbose messages.

@TinCanTech TinCanTech self-assigned this May 2, 2023
@TinCanTech
Copy link
Collaborator Author

This change is a direct consequence of trying to resolve OpenVPN/easyrsa-unit-tests#61

@TinCanTech TinCanTech changed the title openssl_easyrsa(): makesafecnf - Copy temp-file do NOT move easyrsa_openssl(): makesafecnf - Copy temp-file do NOT move May 2, 2023
@TinCanTech
easyrsa_openssl(): makesafecnf - Copy temp-file do NOT move it
906df2d 
Command 'easyrsa_openssl makesafecnf' is used internally to create a safe
SSL config file. (By status reports, read_db())

Once the safe SSL config file has been named as a temp-file and created,
the script continues to use that temp-file as the master copy, it does not
recreate a safe SSL config file for subsequent calls to easyrsa_openssl().

Therefore, the temp-file MUST be copied to the standard safe SSL file not
moved. Otherwise, the named temp-file is removed.

Also, move the assignment of the safe SSL temp-file to the correct place.
This means that a new temp-file wiill only be assigned once.

Also, verify that the safe SSL temp-file exists when it is expected to.

Also, change use of '--no--safe-ssl' with LibreSSL to a FATAL error.

Other changes are for error and verbose messages.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
@TinCanTech TinCanTech force-pushed the make-safe-ssl-copy-temp-file branch from 9f0886d to 906df2d Compare May 2, 2023 19:53
@TinCanTech
Copy link
Collaborator Author

Force push, correct typos and squash.

@TinCanTech TinCanTech merged commit 097d47d into OpenVPN:master May 2, 2023
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@TinCanTech TinCanTech

Labels
BUG-FIX version 3.1.3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@TinCanTech