From c476a4d8a80da59fae71244a827d0dff43053e64 Mon Sep 17 00:00:00 2001
From: MadMaurice <madmaurice@zom.bi>
Date: Tue, 11 Aug 2020 23:00:15 +0200
Subject: [PATCH] Hotpatch missing intermediate certificates

---
 0001-Fix-ssl.patch | 40 ++++++++++++++++++++++++++++++++++++++++
 Dockerfile         |  2 ++
 2 files changed, 42 insertions(+)
 create mode 100644 0001-Fix-ssl.patch

diff --git a/0001-Fix-ssl.patch b/0001-Fix-ssl.patch
new file mode 100644
index 0000000..2dc56d3
--- /dev/null
+++ b/0001-Fix-ssl.patch
@@ -0,0 +1,40 @@
+diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp
+index 22a150b6..fa77d96f 100644
+--- a/src/murmur/Server.cpp
++++ b/src/murmur/Server.cpp
+@@ -1373,25 +1373,6 @@ void Server::newClient() {
+ 		sock->setPrivateKey(qskKey);
+ 		sock->setLocalCertificate(qscCert);
+ 
+-		QSslConfiguration config = sock->sslConfiguration();
+-#if QT_VERSION >= QT_VERSION_CHECK(5,15,0)
+-		// Qt 5.15 introduced QSslConfiguration::addCaCertificate(s) that should be preferred over the functions in QSslSocket
+-
+-		// Treat the leaf certificate as a root.
+-		// This shouldn't strictly be necessary,
+-		// and is a left-over from early on.
+-		// Perhaps it is necessary for self-signed
+-		// certs?
+-		config.addCaCertificate(qscCert);
+-
+-		// Add CA certificates specified via
+-		// murmur.ini's sslCA option.
+-		config.addCaCertificates(Meta::mp.qlCA);
+-
+-		// Add intermediate CAs found in the PEM
+-		// bundle used for this server's certificate.
+-		config.addCaCertificates(qlIntermediates);
+-#else
+ 		// Treat the leaf certificate as a root.
+ 		// This shouldn't strictly be necessary,
+ 		// and is a left-over from early on.
+@@ -1406,8 +1387,8 @@ void Server::newClient() {
+ 		// Add intermediate CAs found in the PEM
+ 		// bundle used for this server's certificate.
+ 		sock->addCaCertificates(qlIntermediates);
+-#endif
+ 
++		QSslConfiguration config = sock->sslConfiguration();
+ 		config.setCiphers(Meta::mp.qlCiphers);
+ #if defined(USE_QSSLDIFFIEHELLMANPARAMETERS)
+ 		config.setDiffieHellmanParameters(qsdhpDHParams);
diff --git a/Dockerfile b/Dockerfile
index 9a1e283..229d379 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -27,9 +27,11 @@ RUN apt-get update -yqq && apt-get install -yqq \
 		git --no-install-recommends
 
 WORKDIR /usr/src/murmur
+COPY 0001-Fix-ssl.patch /
 RUN \
     git clone https://github.com/mumble-voip/mumble.git . \
 	&& git checkout master \
+        && git apply /0001-Fix-ssl.patch \
 	&& git submodule init \
 	&& git submodule update