pve-qemu-qoup/debian/patches/pve/0004-PVE-Config-ui-spice-default-to-pve-certificates.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Mon, 6 Apr 2020 12:16:33 +0200
Subject: [PATCH] PVE: [Config] ui/spice: default to pve certificates

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 ui/spice-core.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/ui/spice-core.c b/ui/spice-core.c
index 272d19b0c1..9719214f19 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -694,32 +694,35 @@ static void qemu_spice_init(void)
 
     if (tls_port) {
         x509_dir = qemu_opt_get(opts, "x509-dir");
-        if (!x509_dir) {
-            x509_dir = ".";
-        }
 
         str = qemu_opt_get(opts, "x509-key-file");
         if (str) {
             x509_key_file = g_strdup(str);
-        } else {
+        } else if (x509_dir) {
             x509_key_file = g_strdup_printf("%s/%s", x509_dir,
                                             X509_SERVER_KEY_FILE);
+        } else {
+            x509_key_file = g_strdup("/etc/pve/local/pve-ssl.key");
         }
 
         str = qemu_opt_get(opts, "x509-cert-file");
         if (str) {
             x509_cert_file = g_strdup(str);
-        } else {
+        } else if (x509_dir) {
             x509_cert_file = g_strdup_printf("%s/%s", x509_dir,
                                              X509_SERVER_CERT_FILE);
+        } else {
+            x509_cert_file = g_strdup("/etc/pve/local/pve-ssl.pem");
         }
 
         str = qemu_opt_get(opts, "x509-cacert-file");
         if (str) {
             x509_cacert_file = g_strdup(str);
-        } else {
+        } else if (x509_dir) {
             x509_cacert_file = g_strdup_printf("%s/%s", x509_dir,
                                                X509_CA_CERT_FILE);
+        } else {
+            x509_cacert_file = g_strdup("/etc/pve/pve-root-ca.pem");
         }
 
         x509_key_password = qemu_opt_get(opts, "x509-key-password");