diff --git a/ChangeLog b/ChangeLog index bec13da7..1b9f243e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,7 @@ Easy-RSA 3 ChangeLog 3.2.2 (TBD) + * New global variable 'EASYRSA_DISABLE_INLINE' (ad257ab) (#1245) * bugfix: revoke, renew: Remove pki/inline/private/$file.inline (febef85) (#1244) Initial bug report #1242 (Minor) Stop removing old credentials file pki/$file.creds (a871e9c) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index a001a97a..7ee87fa8 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -1461,7 +1461,7 @@ Please delete the key above that is no longer in use." # new dirs: easyrsa_mkdir "$EASYRSA_PKI" - for i in issued private reqs inline; do + for i in issued private reqs; do easyrsa_mkdir "${EASYRSA_PKI}/$i" done @@ -2976,8 +2976,16 @@ See error messages above for details." # Generate inline file V2 inline_file() { + # Allow complete disable + [ "$EASYRSA_DISABLE_INLINE" ] && return + + # definitive source [ "$1" ] || die "inline_file - Missing file_name_base" + # make inline dirs + easyrsa_mkdir "$EASYRSA_PKI"/inline + easyrsa_mkdir "$EASYRSA_PKI"/inline/private + # Source files crt_source="${EASYRSA_PKI}/issued/${1}.crt" key_source="${EASYRSA_PKI}/private/${1}.key" @@ -2987,8 +2995,6 @@ inline_file() { # output inline_out="${EASYRSA_PKI}/inline/${1}.inline" - easyrsa_mkdir "$EASYRSA_PKI"/inline - easyrsa_mkdir "$EASYRSA_PKI"/inline/private print "\ # Inline files in the 'private' directory contain security keys which # MUST only be transmitted over a secure connection, such as 'scp'." \ @@ -5297,6 +5303,10 @@ fi #set_var EASYRSA_KU_CRIT 1 #set_var EASYRSA_EKU_CRIT 1 #set_var EASYRSA_SAN_CRIT 1 + +# Disable automatic inline files +# +#set_var EASYRSA_DISABLE_INLINE 1 CREATE_VARS_EXAMPLE ;; ssl-cnf|safe-cnf) diff --git a/easyrsa3/vars.example b/easyrsa3/vars.example index 26b4face..95e401fc 100644 --- a/easyrsa3/vars.example +++ b/easyrsa3/vars.example @@ -174,6 +174,10 @@ fi #set_var EASYRSA_EKU_CRIT 1 #set_var EASYRSA_SAN_CRIT 1 +# Disable automatic inline files +# +#set_var EASYRSA_DISABLE_INLINE 1 + # Support deprecated "Netscape" extensions? (choices "yes" or "no"). # The default is "no", to discourage use of deprecated extensions. # If you require this feature to use with --ns-cert-type, set this to "yes".