From 98952afc6fe2e3cd1aa478d7161861cc72337265 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Fri, 31 May 2024 18:57:00 +0100
Subject: [PATCH] import-req, revoke: Provide SSL Config file for verify_file()
 use

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index ae6da405d..21c0091d1 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -2980,6 +2980,14 @@ Unable to revoke as no certificate was found.
 Certificate was expected at:
 * $crt_in"
 
+	# Verify or create openssl-easyrsa.cnf temp-file
+	# Must be done after setting EASYRSA_REQ_CN
+	# Must be done before using $EASYRSA_EXTRA_EXTS etc
+	# And export $OPENSSL_CONF
+	write_easyrsa_ssl_cnf_tmp
+	export OPENSSL_CONF="$EASYRSA_SSL_CONF"
+	verbose "sign_req: OPENSSL_CONF = $OPENSSL_CONF"
+
 	# Verify certificate
 	verify_file x509 "$crt_in" || user_error "\
 Unable to revoke as the input-file is not a valid certificate.
@@ -3302,6 +3310,15 @@ No request found for the input: '$2'
 Expected to find the request at:
 * $in_req"
 
+	# Verify or create openssl-easyrsa.cnf temp-file
+	# Must be done after setting EASYRSA_REQ_CN
+	# Must be done before using $EASYRSA_EXTRA_EXTS etc
+	# And export $OPENSSL_CONF
+	write_easyrsa_ssl_cnf_tmp
+	export OPENSSL_CONF="$EASYRSA_SSL_CONF"
+	verbose "sign_req: OPENSSL_CONF = $OPENSSL_CONF"
+
+	# Verify request
 	verify_file req "$in_req" || user_error "\
 The certificate request file is not in a valid X509 format:
 * $in_req"