Merge branch 'TinCanTech-tools-lib-call-ssl-direct'

Signed-off-by: Richard T Bonhomme <[email protected]>
OpenVPN · Jun 2, 2024 · c7f6927 · c7f6927
2 parents 9eec1a7 + 8bf6d98
commit c7f6927
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 7 deletions.
diff --git a/dev/easyrsa-tools.lib b/dev/easyrsa-tools.lib
@@ -8,6 +8,9 @@ if [ -z "$EASYRSA_TOOLS_CALLER" ]; then
 	return 1
 fi
 
+# Set tools version
+EASYRSA_TOOLS_VERSION=1.0.1
+
 # Get certificate start date
 # shellcheck disable=2317 # Unreach - ssl_cert_not_before_date()
 ssl_cert_not_before_date() {
@@ -18,7 +21,7 @@ ssl_cert_not_before_date - input error"
 ssl_cert_not_before_date - missing cert"
 
 	fn_ssl_out="$(
-		easyrsa_openssl x509 -in "$1" -noout -startdate
+		"$EASYRSA_OPENSSL" x509 -in "$1" -noout -startdate
 		)" || die "\
 ssl_cert_not_before_date - failed: -startdate"
 
@@ -39,7 +42,7 @@ ssl_cert_not_after_date - input error"
 ssl_cert_not_after_date - missing cert"
 
 	fn_ssl_out="$(
-		easyrsa_openssl x509 -in "$1" -noout -enddate
+		"$EASYRSA_OPENSSL" x509 -in "$1" -noout -enddate
 		)" || die "\
 ssl_cert_not_after_date - failed: -enddate"
 
@@ -62,7 +65,7 @@ iso_8601_cert_startdate: missing cert"
 
 	# On error return, let the caller decide what to do
 	if fn_ssl_out="$(
-		easyrsa_openssl x509 -in "$1" -noout \
+		"$EASYRSA_OPENSSL" x509 -in "$1" -noout \
 			-startdate -dateopt iso_8601
 		)"
 	then
@@ -92,8 +95,7 @@ iso_8601_cert_enddate: missing cert"
 
 	# On error return, let the caller decide what to do
 	if fn_ssl_out="$(
-		EASYRSA_VERBOSE=
-		easyrsa_openssl x509 -in "$1" -noout \
+		"$EASYRSA_OPENSSL" x509 -in "$1" -noout \
 			-enddate -dateopt iso_8601
 		)"
 	then
@@ -664,8 +666,7 @@ expire_status: FALL-BACK completed"
 
 		# Check cert expiry against window
 		# openssl direct call because error is expected
-		if OPENSSL_CONF=/dev/null \
-			"$EASYRSA_OPENSSL" x509 -in "$cert_issued" \
+		if "$EASYRSA_OPENSSL" x509 -in "$cert_issued" \
 				-noout -checkend "$pre_expire_window_s" \
 				1>/dev/null
 		then

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
@@ -5639,6 +5639,20 @@ Use of Status Reports requires Easy-RSA tools library, source:
 Place a copy of easyrsa-tools.lib in a standard system location."
 		fi
 
+		# Verify tools version
+		if [ "$EASYRSA_TOOLS_VERSION" = 1.0.1 ]; then
+			verbose "EASYRSA_TOOLS_VERSION: $EASYRSA_TOOLS_VERSION"
+		else
+			warn "\
+EasyRSA Tools version is out of date:
+* EASYRSA_TOOLS_VERSION: $EASYRSA_TOOLS_VERSION"
+		fi
+
+		# Validate or create openssl-easyrsa.cnf
+		write_easyrsa_ssl_cnf_tmp
+		export OPENSSL_CONF="$EASYRSA_SSL_CONF"
+		verbose "$cmd: OPENSSL_CONF = $OPENSSL_CONF"
+
 		case "$cmd" in
 			show-expire)
 				[ -z "$alias_days" ] || \