Skip to content

Remove: write_global_safe_ssl_cnf_tmp() #1393

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

Remove: write_global_safe_ssl_cnf_tmp() #1393

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a2eb705
Remove: write_global_safe_ssl_cnf_tmp()
TinCanTech Sep 21, 2025
110e31f
write_legacy_file_v2(): Enforce $EASYRSA_FORCE_SAFE_SSL
TinCanTech Sep 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 15 additions & 22 deletions easyrsa3/easyrsa
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2813,7 +2813,7 @@ Conflicting file found at:
remove_secure_session
secure_session
locate_support_files
write_global_safe_ssl_cnf_tmp
write_easyrsa_ssl_cnf_tmp

# Require --copy-ext
export EASYRSA_CP_EXT=1
Expand Down Expand Up @@ -4237,7 +4237,7 @@ read_db() {
remove_secure_session
secure_session
locate_support_files
write_global_safe_ssl_cnf_tmp
write_easyrsa_ssl_cnf_tmp

# Interpret the db/certificate record
unset -v db_serial db_cn db_revoke_date db_reason
Expand Down Expand Up @@ -5787,7 +5787,7 @@ Using Easy-RSA 'vars' configuration:
easyrsa_mktemp test_temp_file

# global safe ssl cnf temp
write_global_safe_ssl_cnf_tmp
write_easyrsa_ssl_cnf_tmp

# Verify selected algorithm and parameters
verify_algo_params
Expand All @@ -5807,7 +5807,7 @@ Using Easy-RSA 'vars' configuration:
easyrsa_mktemp test_temp_file

# global safe ssl cnf temp
write_global_safe_ssl_cnf_tmp
write_easyrsa_ssl_cnf_tmp
fi
fi

Expand Down Expand Up @@ -5855,19 +5855,6 @@ force_set_var() {
die "force_set_var - set_var '$*'"
} # => force_set_var()

# global Safe SSL conf file, for use by any SSL lib
write_global_safe_ssl_cnf_tmp() {
global_safe_ssl_cnf_tmp=
easyrsa_mktemp global_safe_ssl_cnf_tmp

write_legacy_file_v2 safe-cnf "$global_safe_ssl_cnf_tmp" \
overwrite || die "verify_working_env - write safe-cnf"

export OPENSSL_CONF="$global_safe_ssl_cnf_tmp"
verbose "\
write_global_safe_ssl_cnf_tmp; GLOBAL OPENSSL_CONF = $OPENSSL_CONF"
} # => write_global_safe_ssl_cnf_tmp()

# Create as needed: $EASYRSA_SSL_CONF pki/openssl-easyrsa.cnf
# If the existing file has a known hash then use temp-file.
# Otherwise, use the file in place.
Expand Down Expand Up @@ -6082,11 +6069,17 @@ write_legacy_file_v2() {

# Select by type
case "$write_type" in
ssl-cnf)
set_openssl_easyrsa_cnf_vars unexpanded
;;
safe-cnf)
set_openssl_easyrsa_cnf_vars expanded
ssl-cnf|safe-cnf)
# Select or enforce expansion
if [ "$write_type" = safe-cnf ] || [ "$EASYRSA_FORCE_SAFE_SSL" ]
then
expansion=expanded
else
expansion=unexpanded
fi

# Set SSL config vars as per required expansion
set_openssl_easyrsa_cnf_vars "$expansion"
;;
vars)
;;
Expand Down
Loading