Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve debuggability by adding option to not remove temporary openssl config files #610

Closed
Yannik opened this issue Jun 23, 2022 · 3 comments · Fixed by #667
Closed

Improve debuggability by adding option to not remove temporary openssl config files #610

Yannik opened this issue Jun 23, 2022 · 3 comments · Fixed by #667
Assignees
@TinCanTech
Labels
Feature request feedback welcome
Milestone
v3.1.1 - RC1 - de...

Comments

@Yannik
Copy link

Yannik commented Jun 23, 2022

In #596 (comment), I suggested adding an option to not remove the temporary openssl config/extfile to improve debuggability.

Currently, this can only be achieved by commenting out

[ -z "$EASYRSA_TEMP_DIR_session" ] || rm -rf "$EASYRSA_TEMP_DIR_session"

and

rm -f "$easyrsa_openssl_conf"
rm -f "$easyrsa_extra_exts"
@Yannik Yannik mentioned this issue Jun 23, 2022
Open
@TinCanTech
Copy link
Collaborator

This is already taken care of.

easy-rsa/easyrsa3/easyrsa

Lines 656 to 662 in e5ec1ab

# Make a copy safe SSL config file for comparison (undocumented)
make_safe_ssl_copy() {
no_pki_required=1
require_safe_ssl_conf=1
make_copy_ssl_conf=1
easyrsa_openssl makesafeconf
} # => make_safe_ssl_copy()

@TinCanTech TinCanTech reopened this Aug 28, 2022
@TinCanTech
Copy link
Collaborator

TinCanTech commented Aug 28, 2022
edited
Loading

This is not a complete solution.

There is no other way to do this, other than to keep the temporary config file for verification.

Example: This string is not expanded by easyrsa, x509-types/kdc:

  • ${ENV::EASYRSA_KDC_REALM}

@TinCanTech TinCanTech self-assigned this Aug 28, 2022
@TinCanTech TinCanTech added the BUG label Aug 28, 2022
@TinCanTech TinCanTech added this to the v3.1.1-RC1 milestone Aug 28, 2022
@TinCanTech TinCanTech mentioned this issue Aug 29, 2022
Merged
@TinCanTech
Copy link
Collaborator

Testing welcome. #667

@TinCanTech TinCanTech mentioned this issue Sep 24, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TinCanTech TinCanTech

Labels
Feature request feedback welcome
Projects
None yet
Milestone
v3.1.1 - RC1 - development
Development

Successfully merging a pull request may close this issue.

Options: Introduce --keep-tmp=NAME; Keep the temporary session data TinCanTech/easy-rsa
2 participants
@Yannik @TinCanTech