On 2015/09/19 06:44, Stuart Henderson wrote: > CVSROOT: /cvs > Module name: ports > Changes by: [email protected] 2015/09/19 06:44:38 > > Modified files: > security/easy-rsa: Makefile > Added files: > security/easy-rsa/patches: patch-easy-rsa_1_0_build-ca > patch-easy-rsa_1_0_build-dh > patch-easy-rsa_1_0_build-inter > patch-easy-rsa_1_0_build-key > patch-easy-rsa_1_0_build-key-pass > patch-easy-rsa_1_0_build-key-pkcs12 > patch-easy-rsa_1_0_build-key-server > patch-easy-rsa_1_0_build-req > patch-easy-rsa_1_0_build-req-pass > patch-easy-rsa_1_0_list-crl > patch-easy-rsa_1_0_make-crl > patch-easy-rsa_1_0_revoke-crt > patch-easy-rsa_1_0_revoke-full > patch-easy-rsa_1_0_sign-req > patch-easy-rsa_2_0_pkitool > > Log message: > switch easy-rsa to using openssl to unbreak; libressl doesn't allow $ENV:: > in config files and easy-arrrrsa uses this heavily. >
Very much non-ideal, but I don't see a better way given how easy-rsa works. It looks like TinyCA will have a similar problem, and the isakmpd(8) manual also needs revising as it passes env variables in to generate subjectAltName fields.
