From edcc61c49b4cb107e4740f8a1d6ea98700200de7 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Fri, 29 Sep 2023 18:58:29 +0100
Subject: [PATCH] select_vars: Selective use of default "$PWD/pki/vars"

If either EASYRSA or EASYRSA_PKI is already defined when searching for
default "$PWD/pki/var" then ignore this default vars file.

If EASYRSA_PKI is defined then do not load a vars file from a different PKI.
If EASYRSA is defined then do not load a vars file from any PKI.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index cc501fb41..de0d23f52 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -5642,7 +5642,10 @@ select_vars() {
 		fi
 
 		# Default PKI; if vars exists, use it ONLY
-		if [ -e "$PWD/pki/vars" ]; then
+		if [ -e "$PWD/pki/vars" ] && \
+			[ -z "$EASYRSA_PKI" ] && \
+			[ -z "$EASYRSA" ]
+		then
 			# Prevent vars from changing expected PKI.
 			# A vars in the PKI MUST always imply EASYRSA_PKI
 			# This is NOT backward compatible