From 4f33a9db1dae60040d7252a8f0111ab88967f864 Mon Sep 17 00:00:00 2001
From: Jay Sorg <jay.sorg@gmail.com>
Date: Fri, 11 Nov 2016 22:55:21 -0800
Subject: [PATCH] change xrdp.ini security_layer=negotiate and auto generate
 tls keys on make install

---
 keygen/Makefile.am | 3 ++-
 xrdp/xrdp.ini      | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/keygen/Makefile.am b/keygen/Makefile.am
index ffe6d956..8cdea746 100644
--- a/keygen/Makefile.am
+++ b/keygen/Makefile.am
@@ -18,7 +18,8 @@ xrdpsysconfdir = $(sysconfdir)/xrdp
 
 install-data-hook:
 	umask 077 && \
-	  if [ ! -f $(DESTDIR)$(xrdpsysconfdir)/rsakeys.ini ]; then ./xrdp-keygen xrdp $(DESTDIR)$(xrdpsysconfdir)/rsakeys.ini; fi
+	  if [ ! -f $(DESTDIR)$(xrdpsysconfdir)/rsakeys.ini ]; then ./xrdp-keygen xrdp $(DESTDIR)$(xrdpsysconfdir)/rsakeys.ini; fi && \
+	  if [ ! -f $(DESTDIR)$(xrdpsysconfdir)/cert.pem ]; then openssl req -x509 -newkey rsa:2048 -nodes -keyout $(DESTDIR)$(xrdpsysconfdir)/key.pem -out $(DESTDIR)$(xrdpsysconfdir)/cert.pem -days 365 -subj /C=US/ST=CA/L=Sunnyvale/O=xrdp/CN=www.xrdp.org; fi
 
 uninstall-hook:
 	rm -f $(DESTDIR)$(xrdpsysconfdir)/rsakeys.ini
diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini
index e5bc148b..8acd8214 100644
--- a/xrdp/xrdp.ini
+++ b/xrdp/xrdp.ini
@@ -13,7 +13,7 @@ fork=yes
 crypt_level=high
 # security layer can be 'tls', 'rdp' or 'negotiate'
 # for client compatible layer
-security_layer=rdp
+security_layer=negotiate
 # X.509 certificate and private key
 # openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
 certificate=