select_vars: Set "expected" values ONLY when "$PWD/pki/vars" is used

Vars 'expected_EASYRSA' and 'expected_EASYRSA_PKI' must only be set when "$PWD/pki/vars" is used. This is the only file which can set the PKI to an "unexpected" location. Signed-off-by: Richard T Bonhomme <[email protected]>
OpenVPN · Sep 29, 2023 · 29bd64c · 29bd64c
1 parent 302fa37
commit 29bd64c
Showing 1 changed file with 41 additions and 36 deletions.
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
@@ -5616,55 +5616,60 @@ select_vars() {
 		unset -v EASYRSA_VARS_FILE
 		# skip the rest of this function
 		return
-	fi
 
 	# User specified vars file will be used ONLY
-	if [ "$EASYRSA_VARS_FILE" ]; then
+	elif [ "$EASYRSA_VARS_FILE" ]; then
 		# Takes priority, nothing to do
 		verbose "select_vars: EASYRSA_VARS_FILE"
-	fi
 
-	# User specified PKI; if vars exists, use it ONLY
-	if [ "$EASYRSA_PKI" ]; then
-		if [ -e "$EASYRSA_PKI/vars" ]; then
-			verbose "select_vars: source EASYRSA_PKI/vars"
-			set_var EASYRSA_VARS_FILE "$EASYRSA_PKI/vars"
+	# This is where auto-load goes bananas
+	else
+
+		# User specified PKI; if vars exists, use it ONLY
+		if [ "$EASYRSA_PKI" ]; then
+			if [ -e "$EASYRSA_PKI/vars" ]; then
+				verbose "select_vars: source EASYRSA_PKI/vars"
+				set_var EASYRSA_VARS_FILE "$EASYRSA_PKI/vars"
+			fi
 		fi
-	fi
 
-	# User specified EASYRSA; if vars exists, use it ONLY
-	if [ "$EASYRSA" ]; then
-		if [ -e "$EASYRSA/vars" ]; then
-			verbose "select_vars: EASYRSA/vars"
-			set_var EASYRSA_VARS_FILE "$EASYRSA/vars"
+		# User specified EASYRSA; if vars exists, use it ONLY
+		if [ "$EASYRSA" ]; then
+			if [ -e "$EASYRSA/vars" ]; then
+				verbose "select_vars: EASYRSA/vars"
+				set_var EASYRSA_VARS_FILE "$EASYRSA/vars"
+			fi
 		fi
-	fi
 
-	# Default PKI; if vars exists, use it ONLY
-	if [ -e "$PWD/pki/vars" ]; then
-		# Prevent vars from changing expected PKI.
-		# A vars in the PKI MUST always imply EASYRSA_PKI
-		# This is NOT backward compatible
-		# Use expected value comparison for v3.1.7
-		expected_EASYRSA="$PWD"
-		expected_EASYRSA_PKI="$PWD/pki"
-		#
-		# Use this for v3.2.0
-		# If the pki/vars sets a different PKI then
-		# there will be no PKI in the default /pki
-		#set_var EASYRSA "$PWD"
-		#set_var EASYRSA_PKI "$EASYRSA/pki"
+		# Default PKI; if vars exists, use it ONLY
+		if [ -e "$PWD/pki/vars" ]; then
+			# Prevent vars from changing expected PKI.
+			# A vars in the PKI MUST always imply EASYRSA_PKI
+			# This is NOT backward compatible
+			# Use expected value comparison for v3.1.7
+			if [ -z "$EASYRSA_VARS_FILE" ]; then
+				expected_EASYRSA="$PWD"
+				expected_EASYRSA_PKI="$PWD/pki"
+			fi
 
-		verbose "select_vars: PWD/pki/vars"
-		set_var EASYRSA_VARS_FILE "$PWD/pki/vars"
-	fi
+			# Use this for v3.2.0
+			# If the pki/vars sets a different PKI then
+			# there will be no PKI in the default /pki
+			#set_var EASYRSA "$PWD"
+			#set_var EASYRSA_PKI "$EASYRSA/pki"
 
-	# Default working dir; if vars exists, use it ONLY
-	if [ -e "$PWD/vars" ]; then
-		verbose "select_vars: PWD/vars"
-		set_var EASYRSA_VARS_FILE="$PWD/vars"
+			verbose "select_vars: PWD/pki/vars"
+			set_var EASYRSA_VARS_FILE "$PWD/pki/vars"
+		fi
+
+		# Default working dir; if vars exists, use it ONLY
+		if [ -e "$PWD/vars" ]; then
+			verbose "select_vars: PWD/vars"
+			set_var EASYRSA_VARS_FILE="$PWD/vars"
+		fi
 	fi
 
+	# User info
 	if [ -z "$EASYRSA_VARS_FILE" ]; then
 		[ "$require_pki" ] && information "\
 No Easy-RSA 'vars' configuration file exists!"