From 5c900491bd0d86f1b0ad09462c30f6e6d982e7ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20Fr=C3=B6hle?= <froehle@b1-systems.de>
Date: Fri, 16 Jul 2021 13:29:13 +0200
Subject: [PATCH 1/2] latest APK-Build

---
 apk-build | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apk-build b/apk-build
index 5ebb44d9..f0056581 160000
--- a/apk-build
+++ b/apk-build
@@ -1 +1 @@
-Subproject commit 5ebb44d991ad0a2feb7d07702085f3aad3cd2b1e
+Subproject commit f0056581f04a1ca5289c3ba48685f2ef646c77a0

From 7519b4a5b85240ecafd8e1aa0ad2582358a5c45e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20Fr=C3=B6hle?= <froehle@b1-systems.de>
Date: Fri, 16 Jul 2021 13:40:35 +0200
Subject: [PATCH 2/2] Support custome SSl Certificates

---
 config/supervisord.conf | 15 +++++++++++++++
 scripts/entrypoint.sh   |  2 ++
 scripts/start.sh        | 11 +++++++++--
 3 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/config/supervisord.conf b/config/supervisord.conf
index 92164237..da74a6c1 100644
--- a/config/supervisord.conf
+++ b/config/supervisord.conf
@@ -115,6 +115,21 @@ stopsignal=TERM
 stopasgroup=true
 killasgroup=true
 
+[program:gsad-https-owncert]
+command=/usr/bin/gsad -f --verbose --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0 --ssl-certificate=%(ENV_CERTIFICATE)s --ssl-private-key=%(ENV_CERTIFICATE_KEY)s --timeout=%(ENV_TIMEOUT)s --no-redirect --mlisten=127.0.0.1 --mport=9390 --port=9392
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s_err.log
+priority=30
+user=gvm
+startretries=5
+startsecs=10
+autorestart=true
+autostart=false
+depends_on=redis,postgresql,ospd-openvas,gvmd
+stopsignal=KILL
+stopasgroup=true
+killasgroup=true
+
 [program:gsad-https]
 command=/usr/bin/gsad -f --verbose --gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0 --timeout=%(ENV_TIMEOUT)s --no-redirect --mlisten=127.0.0.1 --mport=9390 --port=9392
 stdout_logfile=/var/log/supervisor/%(program_name)s.log
diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh
index 77836a23..c9dacf82 100755
--- a/scripts/entrypoint.sh
+++ b/scripts/entrypoint.sh
@@ -12,6 +12,8 @@ export RELAYHOST=${RELAYHOST:-smtp}
 export SMTPPORT=${SMTPPORT:-25}
 export AUTO_SYNC=${AUTO_SYNC:-true}
 export HTTPS=${HTTPS:-true}
+export CERTIFICATE=${CERTIFICATE:-none}
+export CERTIFICATE_KEY=${CERTIFICATE_KEY:-none}
 export TZ=${TZ:-Etc/UTC}
 export DEBUG=${DEBUG:-N}
 export SSHD=${SSHD:-false}
diff --git a/scripts/start.sh b/scripts/start.sh
index c099de17..6e3a3a0c 100755
--- a/scripts/start.sh
+++ b/scripts/start.sh
@@ -11,6 +11,8 @@ export RELAYHOST=${RELAYHOST:-smtp}
 export SMTPPORT=${SMTPPORT:-25}
 export AUTO_SYNC=${AUTO_SYNC:-true}
 export HTTPS=${HTTPS:-true}
+export CERTIFICATE=${CERTIFICATE:-none}
+export CERTIFICATE_KEY=${CERTIFICATE_KEY:-none}
 export TZ=${TZ:-Etc/UTC}
 export SSHD=${SSHD:-false}
 export DB_PASSWORD=${DB_PASSWORD:-none}
@@ -104,7 +106,7 @@ until (pg_isready --username=postgres >/dev/null 2>&1 && psql --username=postgre
 	sleep 1
 done
 
-if [[ ! -d "/etc/ssh" ]] || [[ -d "/etc/ssh/" && $(find /etc/ssh/ -type d -empty) ]]; then
+if [[ ! -d "/etc/ssh" ]] || [[ -d "/etc/ssh/" && $(find /etc/ssh/ -maxdepth 0 -empty) ]]; then
 	mkdir /etc/ssh
 	ssh-keygen -A
 fi
@@ -251,7 +253,12 @@ if [ ! -f "/var/lib/gvm/.created_gvm_user" ]; then
 fi
 
 echo "Starting Greenbone Security Assistant..."
-if [ "${HTTPS}" == "true" ]; then
+if [ "${HTTPS}" == "true" ] && [ -e "${CERTIFICATE}" ] && [ -e "${CERTIFICATE_KEY}" ]; then
+	${SUPVISD} start gsad-https-owncert
+	if [ "${DEBUG}" == "Y" ]; then
+		${SUPVISD} status gsad-https-owncert
+	fi
+elif [ "${HTTPS}" == "true" ]; then
 	${SUPVISD} start gsad-https
 	if [ "${DEBUG}" == "Y" ]; then
 		${SUPVISD} status gsad-https