feat(self-signed): improve compat with OpenSSL 3

`-key -` appears to no longer be supported, generating the key in the same step works better.

It's still compatible with OpenSSL 1.

@xen-orchestra/self-signed/index.js

@@ -2,22 +2,23 @@
 
 const { execFile } = require('child_process')
 
-const openssl = (cmd, args, { input, ...opts } = {}) =>
+const RE =
+  /^(-----BEGIN PRIVATE KEY-----.+-----END PRIVATE KEY-----\n)(-----BEGIN CERTIFICATE-----.+-----END CERTIFICATE-----\n)$/s
+exports.genSelfSignedCert = async ({ days = 360 } = {}) =>
   new Promise((resolve, reject) => {
-    const child = execFile('openssl', [cmd, ...args], opts, (error, stdout) =>
+    execFile(
-      error != null ? reject(error) : resolve(stdout)
+      'openssl',
+      ['req', '-batch', '-new', '-x509', '-days', String(days), '-nodes', '-newkey', 'rsa:2048', '-keyout', '-'],
+      (error, stdout) => {
+        if (error != null) {
+          return reject(error)
+        }
+        const matches = RE.exec(stdout)
+        if (matches === null) {
+          return reject(new Error('stdout does not match regular expression'))
+        }
+        const [, key, cert] = matches
+        resolve({ cert, key })
+      }
     )
-    if (input !== undefined) {
-      child.stdin.end(input)
-    }
   })
-
-exports.genSelfSignedCert = async ({ days = 360 } = {}) => {
-  const key = await openssl('genrsa', ['2048'])
-  return {
-    cert: await openssl('req', ['-batch', '-new', '-key', '-', '-x509', '-days', String(days), '-nodes'], {
-      input: key,
-    }),
-    key,
-  }
-}

CHANGELOG.unreleased.md

@@ -35,6 +35,7 @@
 
 <!--packages-start-->
 
+- @xen-orchestra/self-signed patch
 - vhd-lib patch
 - @xen-orchestra/fs patch
 - vhd-cli patch