From 1111604c87bd642be399514895b914faa2858bca Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Tue, 17 Jan 2017 06:50:06 +0100
Subject: [PATCH] use openssl instead of make-ssl-cert to generate demo cert

We do not set things like subjectAltName, but the cert ist good
enough for the demo.
---
 simple-demo.pl | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/simple-demo.pl b/simple-demo.pl
index c1e1d0e..3cf8a67 100755
--- a/simple-demo.pl
+++ b/simple-demo.pl
@@ -104,10 +104,14 @@ use PVE::APIServer::Formatter::HTML;
 my $nodename = PVE::INotify::nodename();
 my $port = 9999;
 
-if (! -f "simple-demo.pem") {
+my $cert_file = "simple-demo.pem";
+
+if (! -f $cert_file) {
     print "generating demo server certificate\n";
-    my $cmd = ['make-ssl-cert', '/usr/share/ssl-cert/ssleay.cnf',
-	       'simple-demo.pem'];
+    my $cmd = ['openssl', 'req', '-batch', '-x509', '-newkey', 'rsa:4096',
+	       '-nodes', '-keyout', $cert_file, '-out', $cert_file,
+	       '-subj', "/CN=Simple Demo Server/OU=$nodename/",
+	       '-days', '3650'];
     run_command($cmd);
 }
 
@@ -134,7 +138,7 @@ my $server = DemoServer->new(
     lockfh => $lockfh,
     title => 'Simple Demo API',
     logfh => \*STDOUT,
-    tls_ctx  => { verify => 0, cert_file => "simple-demo.pem" },
+    tls_ctx  => { verify => 0, cert_file => $cert_file },
     pages => {
 	'/' => sub { get_index($nodename, @_) },
     },