Upstream issue https://github.com/OpenVPN/easy-rsa/issues/76 Ideally they could generate on-the-fly the cnf file instead of using the environment.
FYI: For people who cannot wait, here is a simple workaround that WFM: Install easy-rsa as usual. Instead of creating the file vars from vars.example and setting the variables there, edit openssl-xxx.cnf directly: Replace each occurrence of $ENV::VARIABLE by $VARIABLE, thus removing ENV::, and set VARIABLE=value at the beginning of this config file. Grab comments and default values from vars.example.
Created attachment 509610 [details, diff] openssl-1.0.cnf.patch openssl-1.0.cnf.patch fixed settings for app-crypt/easy-rsa with liressl.
(In reply to Joerg Neikes from comment #2) > Created attachment 509610 [details, diff] [details, diff] > openssl-1.0.cnf.patch > > openssl-1.0.cnf.patch fixed settings for app-crypt/easy-rsa with liressl. change +EASYRSA_PKI="$EASYRSA/pki" with +EASYRSA_PKI=${EASYRSA}"/pki"
(In reply to Luca Barbato from comment #0) > Upstream issue https://github.com/OpenVPN/easy-rsa/issues/76 > > Ideally they could generate on-the-fly the cnf file instead of using the > environment. 3.0.5 (the latest in the tree) has the fix.