Force display_dn() and verify_file() to work without $OPENSSL_CONF

OpenVPN / easy-rsa

easy-rsa - Simple shell based CA utility

Other

3.96k stars 1.18k forks source link

Force display_dn() and verify_file() to work without $OPENSSL_CONF #1161

Closed TinCanTech closed 1 month ago

TinCanTech commented 1 month ago

A correctly configured, OpenSSL:Unexpanded, LibreSSL:Expanded, SSL config file is ALWAYS required for SSL command 'req'.

Previously, this has been provided by openssl-easyrsa.cnf in place. Without that file the SSL command 'req' always fails.

However, specifying OPENSSL_CONF as '' [empty string] allows SSL command 'req' to complete, without error, for the purposes of verifying the input request file or displaying the DN.

TinCanTech commented 1 month ago

Failure on macOS ... typical.

TinCanTech commented 1 month ago

This was a bad hack.

Follow-up: #1158