From ac23119ec4d84dfce243c1da94a65b987a0f27e5 Mon Sep 17 00:00:00 2001
From: Antoine Martin <totaam@xpra.org>
Date: Thu, 23 Aug 2018 13:19:16 +0000
Subject: [PATCH] split key and cert when generating ssl data, so we can more
 easily send the cert to the client

git-svn-id: https://xpra.org/svn/Xpra/trunk@20177 3bb7dfac-3a0b-4e04-842a-767bc560f471
---
 debian/xpra.postinst |  3 ++-
 osx/postinstall      | 11 +++++++----
 rpmbuild/xpra.spec   |  3 ++-
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/debian/xpra.postinst b/debian/xpra.postinst
index a86c5e563b..bd2a9a6fc5 100644
--- a/debian/xpra.postinst
+++ b/debian/xpra.postinst
@@ -15,7 +15,8 @@ if [ ! -f  /etc/xpra/ssl-cert.pem ]; then
 	umask 077
 	openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
 		-subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" \
-		-keyout "/etc/xpra/ssl-cert.pem" -out "/etc/xpra/ssl-cert.pem"
+		-keyout "/etc/xpra/key.pem" -out "/etc/xpra/cert.pem"
+	cat /etc/xpra/key.pem /etc/xpra/cert.pem > /etc/xpra/ssl-cert.pem
 	umask $umask
 fi
 
diff --git a/osx/postinstall b/osx/postinstall
index 0da3d27217..ac8e4a14fa 100755
--- a/osx/postinstall
+++ b/osx/postinstall
@@ -20,14 +20,17 @@ if [ -d "$APP_ROOT" ]; then
 		fi
 	fi
 
-	if [ ! -e "/Library/Application Support/Xpra/ssl-cert.pem" ]; then
-		mkdir "/Library/Application Support/Xpra" 2> /dev/null
-		chmod 755 "/Library/Application Support/Xpra"
+	LAS_XPRA="/Library/Application Support/Xpra"
+	if [ ! -e "${LAS_XPRA}/ssl-cert.pem" ]; then
+		mkdir "${LAS_XPRA}" 2> /dev/null
+		chmod 755 "${LAS_XPRA}"
 		umask=`umask`
 		umask 077
 		openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
 			-subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" \
-			-keyout "/Library/Application Support/Xpra/ssl-cert.pem" -out "/Library/Application Support/Xpra/ssl-cert.pem" 2> /dev/null
+			-keyout "${LAS_XPRA}/key.pem" \
+			-out "${LAS_XPRA}/cert.pem" 2> /dev/null
+		cat "${LAS_XPRA}/key.pem" "${LAS_XPRA}/cert.pem" > "${LAS_XPRA}/ssl-cert.pem"
 		umask $umask
 	fi
 
diff --git a/rpmbuild/xpra.spec b/rpmbuild/xpra.spec
index d6066ed128..3b2d065a0e 100644
--- a/rpmbuild/xpra.spec
+++ b/rpmbuild/xpra.spec
@@ -711,7 +711,8 @@ if [ ! -e "/etc/xpra/ssl-cert.pem" ]; then
 	umask 077
 	openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
 		-subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" \
-		-keyout "/etc/xpra/ssl-cert.pem" -out "/etc/xpra/ssl-cert.pem" 2> /dev/null
+		-keyout "/etc/xpra/key.pem" -out "/etc/xpra/cert.pem" 2> /dev/null
+	cat "/etc/xpra/key.pem" "/etc/xpra/cert.pem" > "/etc/xpra/ssl-cert.pem"
 	umask $umask
 fi
 %if 0%{update_firewall}