split key and cert when generating ssl data, so we can more easily se…

…nd the cert to the client

git-svn-id: https://xpra.org/svn/Xpra/trunk@20177 3bb7dfac-3a0b-4e04-842a-767bc560f471

debian/xpra.postinst

@@ -15,7 +15,8 @@ if [ ! -f  /etc/xpra/ssl-cert.pem ]; then
 	umask 077
 	openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
 		-subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" \
-		-keyout "/etc/xpra/ssl-cert.pem" -out "/etc/xpra/ssl-cert.pem"
+		-keyout "/etc/xpra/key.pem" -out "/etc/xpra/cert.pem"
+	cat /etc/xpra/key.pem /etc/xpra/cert.pem > /etc/xpra/ssl-cert.pem
 	umask $umask
 fi
 

osx/postinstall

@@ -20,14 +20,17 @@ if [ -d "$APP_ROOT" ]; then
 		fi
 	fi
 
-	if [ ! -e "/Library/Application Support/Xpra/ssl-cert.pem" ]; then
-		mkdir "/Library/Application Support/Xpra" 2> /dev/null
-		chmod 755 "/Library/Application Support/Xpra"
+	LAS_XPRA="/Library/Application Support/Xpra"
+	if [ ! -e "${LAS_XPRA}/ssl-cert.pem" ]; then
+		mkdir "${LAS_XPRA}" 2> /dev/null
+		chmod 755 "${LAS_XPRA}"
 		umask=`umask`
 		umask 077
 		openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
 			-subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" \
-			-keyout "/Library/Application Support/Xpra/ssl-cert.pem" -out "/Library/Application Support/Xpra/ssl-cert.pem" 2> /dev/null
+			-keyout "${LAS_XPRA}/key.pem" \
+			-out "${LAS_XPRA}/cert.pem" 2> /dev/null
+		cat "${LAS_XPRA}/key.pem" "${LAS_XPRA}/cert.pem" > "${LAS_XPRA}/ssl-cert.pem"
 		umask $umask
 	fi
 

rpmbuild/xpra.spec

@@ -711,7 +711,8 @@ if [ ! -e "/etc/xpra/ssl-cert.pem" ]; then
 	umask 077
 	openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
 		-subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" \
-		-keyout "/etc/xpra/ssl-cert.pem" -out "/etc/xpra/ssl-cert.pem" 2> /dev/null
+		-keyout "/etc/xpra/key.pem" -out "/etc/xpra/cert.pem" 2> /dev/null
+	cat "/etc/xpra/key.pem" "/etc/xpra/cert.pem" > "/etc/xpra/ssl-cert.pem"
 	umask $umask
 fi
 %if 0%{update_firewall}