From 6a941311b2b85773316e08aee9fb2e7e7efa8857 Mon Sep 17 00:00:00 2001
From: a-mugica <49809305+a-mugica@users.noreply.github.com>
Date: Thu, 22 Jul 2021 03:31:55 -0700
Subject: [PATCH] Update to xo-install.sh to allow use of ECC/ECDSA
 certificates

the CheckCertificate function fails when using ECC certificates
this change updates the openssl commands that compare certificate and key to ones that are algorithm-generic so that both RSA and ECC (and others?) can be compared and used.
based on answers here: https://security.stackexchange.com/questions/73127/how-can-you-check-if-a-private-key-and-certificate-match-in-openssl-with-ecdsa
and the other linked question: https://security.stackexchange.com/questions/56697/determine-if-private-key-belongs-to-certificate
---
 xo-install.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xo-install.sh b/xo-install.sh
index 380fe01..5a95aad 100755
--- a/xo-install.sh
+++ b/xo-install.sh
@@ -968,8 +968,8 @@ function CheckSystemd {
 # do not let the user define non functional cert/key pair
 function CheckCertificate {
 	if [[ "$HTTPS" == "true" ]]; then
-		local CERT="$(runcmd_stdout "openssl x509 -modulus -noout -in $PATH_TO_HTTPS_CERT | openssl md5")"
-		local KEY="$(runcmd_stdout "openssl rsa -modulus -noout -in $PATH_TO_HTTPS_KEY | openssl md5")"
+		local CERT="$(runcmd_stdout "openssl x509 -pubkey -noout -in $PATH_TO_HTTPS_CERT | openssl md5")"
+		local KEY="$(runcmd_stdout "openssl pkey -pubout -in $PATH_TO_HTTPS_KEY -outform PEM | openssl md5")"
 		if [[ "$CERT" != "$KEY" ]]; then
 			echo
 			printinfo "$PATH_TO_HTTPS_CERT:"