From b257752812447f6209c56d80e751c563c4f52940 Mon Sep 17 00:00:00 2001
From: lwouis <lwouis@gmail.com>
Date: Wed, 25 Dec 2024 00:53:33 +0100
Subject: [PATCH] chore: make local setup work with openssl v3.x

---
 scripts/codesign/generate_selfsigned_certificate.sh | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/scripts/codesign/generate_selfsigned_certificate.sh b/scripts/codesign/generate_selfsigned_certificate.sh
index bfba0abaf..8fd03e678 100755
--- a/scripts/codesign/generate_selfsigned_certificate.sh
+++ b/scripts/codesign/generate_selfsigned_certificate.sh
@@ -23,5 +23,14 @@ EOL
 openssl genrsa -out $certificateFile.key 2048
 # generate self-signed certificate
 openssl req -x509 -new -config $certificateFile.conf -nodes -key $certificateFile.key -extensions extensions -sha256 -out $certificateFile.crt
+
+openssl_version=$(openssl version)
+# openssl v3.x requires to pass -legacy
+# see https://www.misterpki.com/openssl-pkcs12-legacy/
+if [[ $openssl_version == OpenSSL\ 3* ]]; then
+  flag="-legacy"
+else
+  flag=""
+fi
 # wrap key and certificate into PKCS12
-openssl pkcs12 -export -inkey $certificateFile.key -in $certificateFile.crt -out $certificateFile.p12 -passout pass:$certificatePassword
+openssl pkcs12 $flag -export -inkey $certificateFile.key -in $certificateFile.crt -out $certificateFile.p12 -passout pass:$certificatePassword