Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simplify run-once control for exanding conf files #982

Merged
merged 9 commits into from Jul 17, 2023
Merged

Simplify run-once control for exanding conf files #982

merged 9 commits into from Jul 17, 2023

Conversation

TinCanTech
Copy link
Collaborator

Replace complex (ugly) code in easyrsa_opessl() with simple code in the functions easyrsa_rewrite_ssl_conf() and escape_hazard().

Subsequently, rename functions, variables and temp-file names, for simplicity and conformity.

@TinCanTech
easyrsa_openssl(): Refactor expand SSL conf and escaping hazard
6edd8ce 
easyrsa_openssl(): Move run-control to functions easyrsa_rewrite_ssl_config()
and escape_hazard().  Replaces complex control code in easyrsa_openssl().

Run-control supports:
* EASYRSA_FORCE_SAFE_SSL: --force-safe-ssl, ALWAYS run.
* EASYRSA_NO_SAFE_SSL: --no-safe-ssl, NEVER run.
* Run-once: Default, run-once only.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
@TinCanTech
escape_hazard(): Rename temp-file easyrsa_vars_org -> vars_org_tmp
352d0fa 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
@TinCanTech
Rename function easyrsa_rewrite_ssl_config() -> expand_ssl_config()
4bde482 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
@TinCanTech
Rename variable easyrsa_safe_ssl_conf -> safe_ssl_cnf_tmp
22ff0ea 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
@TinCanTech TinCanTech self-assigned this Jul 16, 2023
@TinCanTech TinCanTech added this to the v3.1.6 milestone Jul 16, 2023
@TinCanTech
Set run-once correctly, for expand_ssl_config() and escape_hazard()
f352b6f 
Set run-once after if condition, otherwise Forced execution does not
set run-once.

Use "local" variable 'makesafeconf' to force a new safe ssl config.

Remove variable require_safe_ssl_conf, partially replaced by makesafeconf.

Add 'make-safe-ssl' command to the list which does not require a CA.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
@TinCanTech TinCanTech force-pushed the rewrite-ssl-org-conf-files branch 2 times, most recently from 88b3bf9 to 416a8b1 Compare July 17, 2023 00:44
@TinCanTech
Copy link
Collaborator Author

416a8b1 appears to have shaved time off the unit tests.

easyrsa now only builds a config for commands that require it.

@TinCanTech
Integrate '$has_config' into expand_ssl_config() and escape_hazard()
d80040b 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
@TinCanTech
escape_hazard: Rename temp-file vars_org_tmp -> escape_hazard_tmp
f05fdcc 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
@TinCanTech
easyrsa_mktemp: Make verbose msg shorter, remove text 'temp-file'
1f65bb2 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
@TinCanTech
Rename 'conf_tmp' temp-file to 'raw_ssl_cnf_tmp'
2dd1077 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
@TinCanTech TinCanTech merged commit 6f7bd58 into OpenVPN:master Jul 17, 2023
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@TinCanTech TinCanTech

Labels
improvement Version 3.1.6
Projects
None yet
Milestone
v3.1.6
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@TinCanTech