TinCanTech
commented
1 month ago The reason that b015eec failed is:
- The file passed to
source_vars()containsexport, called byescape_hazard() escape_hazard()is called becauseopenssl-easyrsa.cnfis not recognised by hash.openssl-easyrsa.cnfis not recognised because Windows version usesCRLF, notLF.
House of cards; on the edge of a cliff; in a stiff breeze; what could go wrong .. ?
The reason that this did not occur before is down to the code logic that this PR is addressing. This fallout is somewhat expected and good to resolve.
By not adding Windows hashes for openssl-easyrsa.cnf, Windows can continue to test the old expansion mechanism. Although, a *nix based unit-test would be preferable ..
nix test added via #1151
The problem was that easyrsa_openssl() would select an SSL config file based on the existence of the $EASYRSA_SAFE_CONF file. This caused the selector to ignore a newer $EASYRSA_SSL_CONF file.
This only occurs: 1. During build_full(), when gen_req() and sign_req() are chained together, instead of being separate instnces. Combined with
This change forces easyrsa_openssl() to only ever set $OPENSSL_CONF to $EASYRSA_SSL_CONF, ignoring the safe config file.
Use of the safe config file $EASYRSA_SAFE_CONF is now completely removed.
Also includes verbose diagnostic information.