Skip to content

Commit

Permalink
select_vars: Selective use of default "$PWD/pki/vars"
Browse files Browse the repository at this point in the history 
If either EASYRSA or EASYRSA_PKI is already defined when searching for
default "$PWD/pki/var" then ignore this default vars file.

If EASYRSA_PKI is defined then do not load a vars file from a different PKI.
If EASYRSA is defined then do not load a vars file from any PKI.

Signed-off-by: Richard T Bonhomme <[email protected]>
  • Loading branch information
@TinCanTech
TinCanTech committed Sep 29, 2023
1 parent 9db0671 commit edcc61c
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion easyrsa3/easyrsa
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5642,7 +5642,10 @@ select_vars() {
fi

# Default PKI; if vars exists, use it ONLY
if [ -e "$PWD/pki/vars" ]; then
if [ -e "$PWD/pki/vars" ] && \
[ -z "$EASYRSA_PKI" ] && \
[ -z "$EASYRSA" ]
then
# Prevent vars from changing expected PKI.
# A vars in the PKI MUST always imply EASYRSA_PKI
# This is NOT backward compatible
Expand Down

0 comments on commit edcc61c

Please sign in to comment.