On Wed, 1 Mar 2023 19:05:13 +0200, Adrian Bunk wrote: > Has anyone discussed this with upstream? > > This seems to be an area with frequent changes upstream, adding a >patch > that is not a backport from upstream might be a bad idea.
From what I can tell upstream has addressed this issue in release 3.1.1. I propose to backport upstream commit 525a116 (fix-make-cadir.patch attached) to restore the correct behaviour. I wrote a small test script (test.sh) which initialises a new cadir, sets EASYRSA_KEY_SIZE and generates a CA + certificate to verify that the configured key size is applied. Regards, Dennis PS: Please note that the subject of the certificate generated by test.sh is incorrect (#1032270).
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 46de7dd..525a116 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -977,7 +977,7 @@ and initialize a fresh PKI here."
Your newly created PKI dir is:
* $EASYRSA_PKI"
- if [ "$user_vars_true" ]; then
+ if [ "$user_vars_true" ] || [ "$old_vars_true" ]; then
: # ok - No message required
else
message "\
@@ -1079,12 +1079,18 @@ install_data_to_pki () {
fi
# Create PKI/vars from PKI/example
+ unset -v old_vars_true
case "$context" in
init-pki)
- if [ -e "${EASYRSA_PKI}/${vars_file_example}" ]; then
- [ -e "${EASYRSA_PKI}/${vars_file}" ] || \
- cp "${EASYRSA_PKI}/${vars_file_example}" \
- "${EASYRSA_PKI}/${vars_file}" || :
+ if [ -e ./vars ]; then
+ # If the old vars exists then do nothing
+ old_vars_true=1
+ else
+ if [ -e "${EASYRSA_PKI}/${vars_file_example}" ]; then
+ [ -e "${EASYRSA_PKI}/${vars_file}" ] || \
+ cp "${EASYRSA_PKI}/${vars_file_example}" \
+ "${EASYRSA_PKI}/${vars_file}" || :
+ fi
fi
;;
vars-setup)
test.sh
Description: application/shellscript
