The global safe SSL config is used by ancillary commands, such as 'vefiry_file()' and 'display_dn()', when no other SSL config has been created so far.
The global safe SSL config is created with all env-vars fully expanded, which allows this file to be used by any SSL library.
The local SSL config is used by commands that build X509 files, such as build-ca and gen-req. This file is created per command.
The local SSL config is created as per the requirements of the SSL library in use. eg. OpenSSL:Unexpanded, LibreSSL:Expanded.
The local SSL config is the file which is edited by commands, which insert data, such as "copy_extensions = copy" --copy-ext.
The local file is tracked via EASYRSA_SSL_CONF. Calling command easyrsa_openssl() finally sets OPENSSL_CONF to EASYRSA_SSL_CONF.
The global file is not tracked, it is only used when no local file has been created. OPENSSL_CONF is set to the global file, by default, from the start.
The global safe SSL config is used by ancillary commands, such as 'vefiry_file()' and 'display_dn()', when no other SSL config has been created so far.
The global safe SSL config is created with all env-vars fully expanded, which allows this file to be used by any SSL library.
The local SSL config is used by commands that build X509 files, such as build-ca and gen-req. This file is created per command.
The local SSL config is created as per the requirements of the SSL library in use. eg. OpenSSL:Unexpanded, LibreSSL:Expanded.
The local SSL config is the file which is edited by commands, which insert data, such as "copy_extensions = copy" --copy-ext.
The local file is tracked via EASYRSA_SSL_CONF. Calling command easyrsa_openssl() finally sets OPENSSL_CONF to EASYRSA_SSL_CONF.
The global file is not tracked, it is only used when no local file has been created. OPENSSL_CONF is set to the global file, by default, from the start.