From fb2bf698ca28d5e92fddddd91241d6fad242e53b Mon Sep 17 00:00:00 2001
From: sneak <sneak@sneak.berlin>
Date: Sun, 22 Mar 2020 05:43:16 -0700
Subject: [PATCH] enables TLS by default

* update to config file to use TLS
* generates self-signed certs if none exist and saves them in config dir
---
 root/etc/service/adchpp/run |  8 +++++++-
 src/etc/adchpp.xml          | 17 ++++++++++++-----
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/root/etc/service/adchpp/run b/root/etc/service/adchpp/run
index 086ec40..857aa09 100644
--- a/root/etc/service/adchpp/run
+++ b/root/etc/service/adchpp/run
@@ -9,5 +9,11 @@ if [[ ! -d /config/scripts ]]; then
     cp /usr/local/src/adchpp/plugins/Script/examples/*.lua /config/scripts
 fi
 
-cd /tmp
+if [[ ! -d /config/certs ]]; then
+    mkdir -p /config/certs
+    cd /config/certs
+    bash /usr/local/src/adchpp/linux/generate_certs.sh
+fi
+
+cd /config
 exec /usr/local/bin/adchppd -c /config
diff --git a/src/etc/adchpp.xml b/src/etc/adchpp.xml
index e5e92ee..368812d 100644
--- a/src/etc/adchpp.xml
+++ b/src/etc/adchpp.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8" standalone="yes"?>
 <ADCHubPlusPlus>
 
-<!-- IMPORTANT: under Linux, you should use absolute paths in the various path settings 
+<!-- IMPORTANT: under Linux, you should use absolute paths in the various path settings
 	of this configuration file -->
 
 	<Settings>
@@ -59,7 +59,6 @@
 
 		To create secure connections, set TLS="1" and define the following (preferably absolute)
 		paths: Certificate, PrivateKey, TrustedPath, DHParams. An example secure server setting:
-		<Server Port="2780" TLS="1" Certificate="certs/cacert.pem" PrivateKey="certs/privkey.pem" TrustedPath="certs/trusted/" DHParams="certs/dhparam.pem"/>
 
 		Simple OpenSSL commands to generate files used for secure connections:
 		openssl genrsa -out privkey.pem 2048
@@ -69,8 +68,16 @@
 		Alternatively, you can use the cert generator contributed on
 		<http://launchpadlibrarian.net/31960965/Cert_Generator.7z>.
 
-		-->
 		<Server Port="2780"/>
+		-->
+        <Server
+            Port="2780"
+            TLS="1"
+            Certificate="/config/certs/cacert.pem"
+            PrivateKey="/config/certs/privkey.pem"
+            TrustedPath="/config/certs/trusted/"
+            DHParams="/config/certs/dhparam.pem"
+        />
 	</Servers>
 
 	<!-- Instead of scripts, ADCH++ uses plugins. Plugins can do the same work
@@ -79,9 +86,9 @@
 		 write a script plugin, enabling people to choose their own script language,
 		 if someone's written a script plugin for it. You must specify the path to your
 		 plugins in linux default place it looks for the plugin path is /home/<username>/adchpp/ -->
-		 
+
 	<!--Plugins Path="~/adchpp/"-->
-	
+
 	<Plugins>
 		<!-- This plugins provides the scripting support. -->
 		<Plugin>Script</Plugin>