set_var EASYRSA_SSL_CONF - add wrong /

[GLADtr]

Hi. For an experiment in vars, I uncommented the value of set_var EASYRSA_SSL_CONFopenssl-easyrsa.cnf. when running ./easyrsa build-ca I got a sed error: cannot read /openssl-easyrsa.cnf: No such file or directory. Having set the set -x and set -v flags, I discovered that an erroneous, extra / is passed at the variable assignment stage.

set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf"

set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf"

• set_var EASYRSA_SSL_CONF /openssl-easyrsa.cnf
• var=EASYRSA_SSL_CONF +shift + value=/openssl-easyrsa.cnf
• eval export EASYRSA_SSL_CONF="${EASYRSA_SSL_CONF-/openssl-easyrsa.cnf}"
• export EASYRSA_SSL_CONF=/openssl-easyrsa.cnf

[TinCanTech]

Which version of EasyRSA are you using ?

~Where have you uncommented the value of set_var EASYRSA_SSL_CONF openssl-easyrsa.cnf ? Do you mean that you edited the vars file ?~

Got it, you did edit the vars file.

Ok, I think I understand the problem:

• EASYRSA_PKI expands to an empty string in the vars file, unless you also uncomment #set_var EASYRSA_PKI "$PWD/pki" in the vars file.

Please try uncommenting #set_var EASYRSA_PKI "$PWD/pki" in the vars file and try again.

[GLADtr]

I have at moment next uncommented strings:

`it@datasrv:~/easyrsa$ grep -v "^#" easyrsa3/vars

set_var EASYRSA_PKI "$PWD/pki" set_var EASYRSA_DN "org" set_var EASYRSA_REQ_COUNTRY "" set_var EASYRSA_REQ_PROVINCE "" set_var EASYRSA_REQ_CITY "" set_var EASYRSA_REQ_ORG "" set_var EASYRSA_REQ_EMAIL "" set_var EASYRSA_REQ_OU "" set_var EASYRSA_KEY_SIZE 2048 set_var EASYRSA_ALGO rsa set_var EASYRSA_CA_EXPIRE 3650 set_var EASYRSA_CERT_EXPIRE 1080 set_var EASYRSA_TEMP_FILE "$EASYRSA_PKI/extensions.temp" set_var EASYRSA_EXT_DIR "$EASYRSA_PKI/x509-types" set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf" set_var EASYRSA_DIGEST "sha256"`

Maybe I'm wrong in my reasoning, but - I apologize for the following words, but this is not logical. The parameter you specified works by default. and to guess about such a connection - you need to know this and understand the script itself. This is difficult without diving into the topic. Once again I apologize.

[TinCanTech]

@GLADtr There is no need to apologize, this issue is valid.

And yes, there is a basic logical flaw having certain variables in vars.

I have been phasing out the variables from vars which cause this problem .. but I have to try to maintain backward compatibility for the most part.

In this specific issue, you have selected to define the openssl-easyrsa.cnf file. This is now considered to be an advanced configuration and, once again yes, you have found an issue with the way vars is currently expected to work. This way is not my design.

[TinCanTech]

With current v3.2, you would not use the vars file to set easyrsa-openssl.cnf. Instead, you would make your changes to pki/openssl-easyrsa.cnf and the script would use your file, in this PKI.

To specify a different PKI, from default pki/, you would use command line option --pki=<YOUR_PKI>. This approach also fixes this issue because EASYRSA_PKI is defined on the command line, not the vars file.

Also, current v32x built-in vars.example file does not have the setting for EASYRSA_SSL_CONF. This is how I have decided to stage this change. I may also change the distribution vars.example file before v3.2.0 release (Undecided).

[TinCanTech]

EasyRSA v317 was intentionally made to conform to traditional v31x methodology, broken or not.

EasyRSA v32x is being intentionally developed to replace the old methodologies , specifically to remove inconsistencies like this issue.

Which is why this issue is valid, and @GLADtr thank you for reporting it.