Minor corrections and improvements

easyrsa3/easyrsa

@@ -13,7 +13,7 @@
 # Help/usage output to stdout
 usage() {
 	# command help:
-	print "
+	information "
 Easy-RSA 3 usage and overview
 
 $easyrsa_help_title
@@ -63,21 +63,6 @@ A list of commands is shown below:
 	work_dir="${EASYRSA:-undefined}"
 	pki_dir="${EASYRSA_PKI:-undefined}"
 
-	# CA Status
-	if verify_ca_init test; then
-		CA_cert="$EASYRSA_PKI/ca.crt"
-		CA_status="   CA status: OK"
-		CA_subject="$(
-				"$EASYRSA_OPENSSL" x509 -in "$CA_cert" \
-					-noout -subject -nameopt multiline \
-					2>/dev/null
-			)"
-		CA_subject="  CA subject: ${CA_subject#subject=}"
-		CA_status="${CA_status}${NL}${CA_subject}"
-	else
-		CA_status="   CA status: CA has not been built"
-	fi
-
 	# check for vars changing PKI unexpectedly!
 	if [ "$invalid_vars" ]; then
 		ivmsg="
@@ -88,22 +73,32 @@ Invalid vars setting for EASYRSA and/or EASYRSA_PKI${NL}"
 	fi
 
 	# Print details
-	print "
+	information "
 DIRECTORY STATUS (commands would take effect on these locations)
      EASYRSA: $work_dir
          PKI: $pki_dir
-   vars-file: ${EASYRSA_VARS_FILE:-Missing or undefined}${ivmsg}
-$CA_status${NL}"
+   vars-file: ${EASYRSA_VARS_FILE:-Missing or undefined}${ivmsg}"
+
+	# CA Status
+	if verify_ca_init test; then
+		if [ -z "$EASYRSA_SILENT" ]; then
+			# Show SSL output directly, with easyrsa header
+			printf '%s' "   CA status: OK${NL}${NL}    "
+			"$EASYRSA_OPENSSL" x509 -in "$EASYRSA_PKI/ca.crt" \
+				-noout -subject -nameopt utf8,multiline
+			print "" # for a clean line
+		fi
+	else
+		information "   CA status: CA has not been built${NL}"
+	fi
 
 	# verbose info
 	verbose "ssl-cnf: ${EASYRSA_SSL_CONF:-built-in}"
 	verbose "x509-types: ${EASYRSA_EXT_DIR:-built-in}"
 	if [ -d "$EASYRSA_TEMP_DIR" ]; then
 		verbose "temp-dir: Found: $EASYRSA_TEMP_DIR"
-	elif [ "$EASYRSA_TEMP_DIR" ]; then
-		verbose "temp-dir: Missing: $EASYRSA_TEMP_DIR"
 	else
-		verbose "temp-dir: undefined"
+		verbose "temp-dir: Missing: ${EASYRSA_TEMP_DIR:-undefined}"
 	fi
 } # => usage()
 
@@ -565,7 +560,7 @@ ${opts:-
 # Options usage
 opt_usage() {
 	text_only=1
-	print "
+	information "
 Easy-RSA Global Option Flags
 
 The following global-options may be provided before the command.
@@ -701,7 +696,7 @@ $1${NL}"
 # verbose information
 verbose() {
 	[ "$EASYRSA_VERBOSE" ] || return 0
-	printf '%s\n' "  > $*"
+	printf '%s\n' "  # $*"
 } # => verbose()
 
 # non-fatal warning output
@@ -1226,12 +1221,16 @@ easyrsa_openssl() {
 		# Exec SSL
 		if [ "$EASYRSA_SILENT_SSL" ] && [ "$EASYRSA_BATCH" ]
 		then
-			"$EASYRSA_OPENSSL" "$openssl_command" "$@" \
-				2>/dev/null && \
-					return
+			if "$EASYRSA_OPENSSL" "$openssl_command" "$@" \
+				2>/dev/null
+			then
+				return
+			fi
 		else
-			"$EASYRSA_OPENSSL" "$openssl_command" "$@" && \
-					return
+			if "$EASYRSA_OPENSSL" "$openssl_command" "$@"
+			then
+				return
+			fi
 		fi
 	esac
 
@@ -1469,21 +1468,6 @@ locate_support_files() {
 	x509_types_dir='x509-types'
 	easyrsa_tools='easyrsa-tools.lib'
 
-	# "$EASYRSA_PKI" - Preferred
-	# "$EASYRSA" - Old default and Windows
-	# "$PWD" - Usually the same as above, avoid
-	# "${0%/*}" - Usually the same as above, avoid
-	# '/usr/local/share/easy-rsa' - Default user installed
-	# '/usr/share/easy-rsa' - Default system installed
-	# Room for more..
-	# '/etc/easy-rsa' - Last resort
-
-	# Not currently used:
-	# Set EASYRSA_PKI only flag
-	#is_in_pki=1
-	#x509_dir_in_pki=""
-	#ssl_cnf_in_pki=""
-
 	# Find data-files
 	for area in \
 		"$EASYRSA_PKI" \
@@ -1498,29 +1482,22 @@ locate_support_files() {
 		# Find x509-types
 		if [ -e "${area}/${x509_types_dir}" ]; then
 			set_var EASYRSA_EXT_DIR "${area}/${x509_types_dir}"
-			#[ "$is_in_pki" ] && x509_dir_in_pki=1
-			verbose "> Found x509 dir: ${area}/${x509_types_dir}"
 		fi
 
 		# Find openssl-easyrsa.cnf
 		if [ -e "${area}/${ssl_cnf_file}" ]; then
 			set_var EASYRSA_SSL_CONF "${area}/${ssl_cnf_file}"
-			#[ "$is_in_pki" ] && ssl_cnf_in_pki=1
-			verbose "> Found SSL cnf: ${area}/${ssl_cnf_file}"
 		fi
 
 		# Find easyrsa-tools.lib
 		if [ -e "${area}/${easyrsa_tools}" ]; then
 			set_var EASYRSA_TOOLS_LIB "${area}/${easyrsa_tools}"
-			verbose "> Found tools.lib: ${area}/${easyrsa_tools}"
 		fi
-
-		# Clear EASYRSA_PKI only flag
-		#unset -v is_in_pki
 	done
 
-	verbose "> EASYRSA_EXT_DIR: $EASYRSA_EXT_DIR"
-	verbose "> EASYRSA_SSL_CONF: $EASYRSA_SSL_CONF"
+	verbose "> EASYRSA_EXT_DIR: ${EASYRSA_EXT_DIR:-built-in}"
+	verbose "> EASYRSA_SSL_CONF: ${EASYRSA_SSL_CONF:-built-in}"
+	verbose "> EASYRSA_TOOLS_LIB: ${EASYRSA_TOOLS_LIB:-undefined}"
 	verbose "locate_support_files: COMPLETED"
 } # => locate_support_files()
 
@@ -2562,10 +2539,11 @@ Forced subject=
 			grep -s 'X509v3 Subject Alternative Name'
 		then
 			# extract requested SAN
+			# 'grep -A' may not be strictly POSIX, die on error
 			req_x509_san="$(
 				echo "$req_text" | \
 					grep -A 1 'X509v3 Subject Alternative Name'
-			)" || die "sign-req: req_x509_san: grep -A 1 "
+			)" || die "sign-req: req_x509_san: grep -A 1 (POSIX)"
 		else
 			# No requested SAN
 			req_x509_san=
@@ -4450,9 +4428,9 @@ force_set_var() {
 	die "force_set_var - set_var '$*'"
 } # => force_set_var()
 
-# Verify: $EASYRSA_SSL_CONF pki/openssl-easyrsa.cnf
-# If the existing file is default then delete it
-# and create temp-file. Otherwise, leave in place.
+# Create as needed: $EASYRSA_SSL_CONF pki/openssl-easyrsa.cnf
+# If the existing file has a known hash then use temp-file.
+# Otherwise, use the file in place.
 write_easyrsa_ssl_cnf_tmp() {
 	if [ -f "$EASYRSA_SSL_CONF" ]; then
 		verbose "write_easyrsa_ssl_cnf_tmp: SSL config EXISTS"
@@ -4549,7 +4527,6 @@ write_easyrsa_ssl_cnf_tmp: SSL config using temp-file"
 
 # Write x509 type file to a temp file
 write_x509_type_tmp() {
-		# Use a temp file
 		type="$1"
 		shift
 
@@ -4708,7 +4685,6 @@ set_openssl_easyrsa_cnf_vars(){
 		conf_EASYRSA_PKI="$EASYRSA_PKI"
 		conf_EASYRSA_DIGEST="$EASYRSA_DIGEST"
 		conf_EASYRSA_KEY_SIZE="$EASYRSA_KEY_SIZE"
-		conf_EASYRSA_DIGEST="$EASYRSA_DIGEST"
 		conf_EASYRSA_DN="$EASYRSA_DN"
 		conf_EASYRSA_REQ_CN="$EASYRSA_REQ_CN"
 		conf_EASYRSA_REQ_COUNTRY="$EASYRSA_REQ_COUNTRY"
@@ -4725,7 +4701,6 @@ set_openssl_easyrsa_cnf_vars(){
 		conf_EASYRSA_PKI='$ENV::EASYRSA_PKI'
 		conf_EASYRSA_DIGEST='$ENV::EASYRSA_DIGEST'
 		conf_EASYRSA_KEY_SIZE='$ENV::EASYRSA_KEY_SIZE'
-		conf_EASYRSA_DIGEST='$ENV::EASYRSA_DIGEST'
 		conf_EASYRSA_DN='$ENV::EASYRSA_DN'
 		conf_EASYRSA_REQ_CN='$ENV::EASYRSA_REQ_CN'
 		conf_EASYRSA_REQ_COUNTRY='$ENV::EASYRSA_REQ_COUNTRY'
@@ -5751,11 +5726,12 @@ Place a copy of easyrsa-tools.lib in a standard system location."
 Unknown command '$cmd'. Run without commands for usage help."
 esac
 
+verbose "mktemp_counter: $mktemp_counter uses"
+
 # Check for untrapped errors
 # shellcheck disable=SC2181 # Quote expand - pre-cleanup $?
 if [ $? = 0 ]; then
 	# Do 'cleanup ok' on successful completion
-	#print "mktemp_counter: $mktemp_counter uses"
 	cleanup ok
 fi