easy-rsa LibreSSL does not return version when an incompatible config file can be found

LibreSSL does not return version when an incompatible config file can be found

Open TinCanTech opened this issue 3 years ago • 2 comments

Required:

verify_ssl_lib() {
	if [ -z "$EASYRSA_SSL_OK" ]; then
		save_OPENSSL_CONF="$OPENSSL_CONF"
		unset OPENSSL_CONF
		# redirect std-err to ignore missing etc/ssl/openssl.cnf file
		"$EASYRSA_OPENSSL" version
		val="$("$EASYRSA_OPENSSL" version 2>/dev/null)" || die "\
SSL version error: $val
"
		case "${val%% *}" in
			# OpenSSL does require a safe config-file for ampersand
			OpenSSL) ssl_lib=openssl; require_safe_ssl_conf=1 ;;
			LibreSSL) ssl_lib=libressl; require_safe_ssl_conf=1 ;;
			*) die "\
Missing or invalid OpenSSL: ${val%% *}
Expected to find openssl command at: $EASYRSA_OPENSSL"
		esac

		OPENSSL_CONF="$save_OPENSSL_CONF"
		unset save_OPENSSL_CONF

Jun 18 '22 23:06 TinCanTech

https://github.com/libressl-portable/portable/issues/767

Jun 18 '22 23:06 TinCanTech

This is not a bug in easyrsa because $OPENSSL_CNF always points to $EASYRSA_SAFE_CONF. However, do not copy openssl-easyrsa.cnf to /usr/local/etc/ssl, unless the intention is to bork LibreSSL.

Jun 19 '22 17:06 TinCanTech

Closed via Commit a3db60f229514abda9c301780dd0bdf4fb2976d1

Aug 22 '22 11:08 TinCanTech

easy-rsa easy-rsa copied to clipboard

LibreSSL does not return version when an incompatible config file can be found

easy-rsa
easy-rsa copied to clipboard