feat(self-signed): improve compat with OpenSSL 3

`-key -` appears to no longer be supported, generating the key in the same step works better. It's still compatible with OpenSSL 1.
2022-05-27 12:52:19 +02:00 · 2022-05-27 12:52:19 +02:00 · ad5691dcb2
commit ad5691dcb2
parent 80974fa1dc
2 changed files with 18 additions and 16 deletions
--- a/@xen-orchestra/self-signed/index.js
+++ b/@xen-orchestra/self-signed/index.js
@ -2,22 +2,23 @@

 const { execFile } = require('child_process')

-const openssl = (cmd, args, { input, ...opts } = {}) =>
+const RE =
+  /^(-----BEGIN PRIVATE KEY-----.+-----END PRIVATE KEY-----\n)(-----BEGIN CERTIFICATE-----.+-----END CERTIFICATE-----\n)$/s
+exports.genSelfSignedCert = async ({ days = 360 } = {}) =>
  new Promise((resolve, reject) => {
-    const child = execFile('openssl', [cmd, ...args], opts, (error, stdout) =>
-      error != null ? reject(error) : resolve(stdout)
+    execFile(
+      'openssl',
+      ['req', '-batch', '-new', '-x509', '-days', String(days), '-nodes', '-newkey', 'rsa:2048', '-keyout', '-'],
+      (error, stdout) => {
+        if (error != null) {
+          return reject(error)
+        }
+        const matches = RE.exec(stdout)
+        if (matches === null) {
+          return reject(new Error('stdout does not match regular expression'))
+        }
+        const [, key, cert] = matches
+        resolve({ cert, key })
+      }
    )
-    if (input !== undefined) {
-      child.stdin.end(input)
-    }
  })
-
-exports.genSelfSignedCert = async ({ days = 360 } = {}) => {
-  const key = await openssl('genrsa', ['2048'])
-  return {
-    cert: await openssl('req', ['-batch', '-new', '-key', '-', '-x509', '-days', String(days), '-nodes'], {
-      input: key,
-    }),
-    key,
-  }
-}
--- a/CHANGELOG.unreleased.md
+++ b/CHANGELOG.unreleased.md
@ -35,6 +35,7 @@

 <!--packages-start-->

+- @xen-orchestra/self-signed patch
 - vhd-lib patch
 - @xen-orchestra/fs patch
 - vhd-cli patch