From cab8075e7e5051882726f8883eae5b5b58401fb9 Mon Sep 17 00:00:00 2001
From: Seb Julliand <sebjulliand@gmail.com>
Date: Thu, 4 Jul 2024 17:15:06 +0200
Subject: [PATCH] Force use of /QOpenSys/usr/bin/openssl to generate
 certificates

Signed-off-by: Seb Julliand <sebjulliand@gmail.com>
---
 src/api/debug/certificates.ts | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/api/debug/certificates.ts b/src/api/debug/certificates.ts
index da997e18e..7ffb768b8 100644
--- a/src/api/debug/certificates.ts
+++ b/src/api/debug/certificates.ts
@@ -105,6 +105,7 @@ export async function setup(connection: IBMi, imported?: ImportedCertificate) {
     }
 
     let password;
+    const openssl = "/QOpenSys/usr/bin/openssl";
     if (imported) {
       password = imported.password;
       if (imported.localFile) {
@@ -120,8 +121,9 @@ export async function setup(connection: IBMi, imported?: ImportedCertificate) {
       }
 
       setProgress("generating client certificate");
+
       const clientCertificate = await connection.sendCommand({
-        command: `openssl pkcs12 -in ${debugConfig.getRemoteServiceCertificatePath()} -passin pass:${password} -info -nokeys -clcerts 2>/dev/null | openssl x509 -outform PEM`,
+        command: `${openssl} pkcs12 -in ${debugConfig.getRemoteServiceCertificatePath()} -passin pass:${password} -info -nokeys -clcerts 2>/dev/null | openssl x509 -outform PEM`,
       });
       try {
         if (!clientCertificate.code) {
@@ -143,10 +145,10 @@ export async function setup(connection: IBMi, imported?: ImportedCertificate) {
       const extFileContent = await getExtFileContent(hostInfo);
       //This will generate everything at once and keep only the .pfx (keystore) and .crt (client certificate) files.
       const commands = [
-        `openssl genrsa -out debug_service.key 2048`,
-        `openssl req -new -key debug_service.key -out debug_service.csr -subj '/CN=${hostInfo.hostNames[0]}'`,
-        `openssl x509 -req -in debug_service.csr -signkey debug_service.key -out ${CLIENT_CERTIFICATE} -days 1095 -sha256 -req -extfile <(printf "${extFileContent}")`,
-        `openssl pkcs12 -export -out ${SERVICE_CERTIFICATE} -inkey debug_service.key -in ${CLIENT_CERTIFICATE} -password pass:${password}`,
+        `${openssl} genrsa -out debug_service.key 2048`,
+        `${openssl} req -new -key debug_service.key -out debug_service.csr -subj '/CN=${hostInfo.hostNames[0]}'`,
+        `${openssl} x509 -req -in debug_service.csr -signkey debug_service.key -out ${CLIENT_CERTIFICATE} -days 1095 -sha256 -req -extfile <(printf "${extFileContent}")`,
+        `${openssl} pkcs12 -export -out ${SERVICE_CERTIFICATE} -inkey debug_service.key -in ${CLIENT_CERTIFICATE} -password pass:${password}`,
         `rm debug_service.key debug_service.csr`
       ];