easy-rsa icon indicating copy to clipboard operation
easy-rsa copied to clipboard

Published 20 hours ago verified publisher icon OpenVPN

Remove obsolete 'sed' expansion of openssl-easyrsa.cnf

Open TinCanTech opened this issue 1 year ago • 1 comments

Removed:

  • 'sed' expansion of openssl-easyrsa.cnf from expand_ssl_config().
  • escape_hazard() completely.
  • Global option --old-safe-ssl.

All expansion is now performed by expanding here-docs.

TinCanTech avatar May 26 '24 22:05 TinCanTech

Unfortunately, this does not take into account use of ~LibreSSL~ ANY SSL with a custom openssl-easyrsa.cnf file. It forcibly over writes the user SSL config.

This means that removing sed expansion is not possible.

Alternatively, the code can catch this specific circumstance and refuse it with an informative error message. ~eg. EasyRRSA does not support custom SSL config for use with LibreSSL~

I'm looking hard at the alternative option above..

This is an ideal candidate for easyrsa-tools.lib, how often is a user going to customise openssl-easyrsa.cnf ? [Applies to both OpenSSL and LibreSSL]

Linking: #1121

Closed for the reason given in #1116

TinCanTech avatar May 27 '24 15:05 TinCanTech