From 4d989f61f07bf95c80d3a4d73545c2be62dfca6a Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Wed, 17 Apr 2024 23:37:35 +0100
Subject: [PATCH] Improve ssl_cert_x509v3_eku()

Remove subshell definition for OPENSSL_CONF, not required.
Call SSL binary directly, do not use easyrsa_openssl() wrapper.
Add comment to clarify error detection from subshell failure.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 5ec86a175..f65c43842 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -3557,12 +3557,11 @@ ssl_cert_x509v3_eku() {
 	# Extract certificate Extended Key Usage
 	if [ "$ssl_lib" = libressl ]; then
 		__eku="$(
-			easyrsa_openssl x509 -in "${__crt}" -noout -text | \
+			"$EASYRSA_OPENSSL" x509 -in "${__crt}" -noout -text | \
 				sed -n "/${__pattern}/{n;s/^ *//g;p;}"
 			)"
 	else
 		__eku="$(
-			OPENSSL_CONF=/dev/null
 			"$EASYRSA_OPENSSL" x509 -in "${__crt}" -noout \
 				-ext extendedKeyUsage | \
 					sed -e /"${__pattern}"/d -e s/^\ *//
@@ -3614,6 +3613,8 @@ ssl_cert_x509v3_eku() {
 		return
 	fi
 
+	# Also, catch errors from SSL x509 command
+	# for '__eku' subshell+pipe
 	return 1
 } # => ssl_cert_x509v3_eku()