From c13c9035eb86e332cc75f77cdc18c2464f6340d1 Mon Sep 17 00:00:00 2001
From: KOVACS Krisztian <hidden@balabit.com>
Date: Thu, 28 Sep 2017 14:00:18 +0200
Subject: [PATCH] libfreerdp/core/certificate: open key file for reading only

There's no point in writing the key file for read-write, and it makes it
impossible to run the shadow server with the key file being read only.
---
 libfreerdp/core/certificate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libfreerdp/core/certificate.c b/libfreerdp/core/certificate.c
index 1d93f6c..e2d5c3a 100644
--- a/libfreerdp/core/certificate.c
+++ b/libfreerdp/core/certificate.c
@@ -753,7 +753,7 @@ rdpRsaKey* key_new(const char* keyfile)
 	char* buffer = NULL;
 	rdpRsaKey* key = NULL;
 
-	fp = fopen(keyfile, "r+b");
+	fp = fopen(keyfile, "rb");
 	if (!fp)
 	{
 		WLog_ERR(TAG, "unable to open RSA key file %s: %s.", keyfile, strerror(errno));
-- 
2.7.4