Calling `pki-authority sign` fails with unbound variable

[tdavis]

When attempting to call lib/pki-authority sign manually (I want to manually sign some CSRs with the authority provided by debops), it fails with: lib/pki-authority: line 661: 4: unbound variable. The line in sub_sign only calls sign_${library}_certificate with 3 arguments;

sign_${library}_certificate "config/${library}-sign.conf" "${input}" "${output}"

Additionally, there is no such function sign_gnutls_certificate, so using that library wouldn't work. It looks like sign-by-host is the only variant used by Ansible tasks here so I doubt this bug would be encountered under normal operation.

[drybjed]

You're right, this feature is incomplete and is not activated by the Ansible playbook. I planned for the ./pki-authority sign command to help with signing custom certificates by the internal CA but I haven't got around to it. I guess that's something to introduce later.

The GnuTLS version of a CA isn't very advanced, I would stick to OpenSSL library in this case.