Merge branch 'TinCanTech-libressl-x509-no-ext-opt'

Signed-off-by: Richard T Bonhomme <[email protected]>
OpenVPN · Jan 24, 2024 · 42e43ad · 42e43ad
2 parents 5218e7d + 3a0df21
commit 42e43ad
Showing 1 changed file with 13 additions and 6 deletions.
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
@@ -3929,12 +3929,19 @@ ssl_cert_x509v3_eku() {
 	unset -v __known
 
 	# Extract certificate Extended Key Usage
-	__eku="$(
-		OPENSSL_CONF=/dev/null
-		"$EASYRSA_OPENSSL" x509 -in "${__crt}" -noout \
-			-ext extendedKeyUsage | \
-				sed -e /"${__pattern}"/d -e s/^\ *//
-		)"
+	if [ "$ssl_lib" = libressl ]; then
+		__eku="$(
+			easyrsa_openssl x509 -in "${__crt}" -noout -text | \
+				sed -n "/${__pattern}/{n;s/^ *//g;p;}"
+			)"
+	else
+		__eku="$(
+			OPENSSL_CONF=/dev/null
+			"$EASYRSA_OPENSSL" x509 -in "${__crt}" -noout \
+				-ext extendedKeyUsage | \
+					sed -e /"${__pattern}"/d -e s/^\ *//
+			)"
+	fi
 
 	# Match EKU with supported usage
 	case "$__eku" in