use official pull request patch

0001-Fix-ssl.patch

@@ -1,40 +0,0 @@
-diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp
-index 22a150b6..fa77d96f 100644
---- a/src/murmur/Server.cpp
-+++ b/src/murmur/Server.cpp
-@@ -1373,25 +1373,6 @@ void Server::newClient() {
- 		sock->setPrivateKey(qskKey);
- 		sock->setLocalCertificate(qscCert);
- 
--		QSslConfiguration config = sock->sslConfiguration();
--#if QT_VERSION >= QT_VERSION_CHECK(5,15,0)
--		// Qt 5.15 introduced QSslConfiguration::addCaCertificate(s) that should be preferred over the functions in QSslSocket
--
--		// Treat the leaf certificate as a root.
--		// This shouldn't strictly be necessary,
--		// and is a left-over from early on.
--		// Perhaps it is necessary for self-signed
--		// certs?
--		config.addCaCertificate(qscCert);
--
--		// Add CA certificates specified via
--		// murmur.ini's sslCA option.
--		config.addCaCertificates(Meta::mp.qlCA);
--
--		// Add intermediate CAs found in the PEM
--		// bundle used for this server's certificate.
--		config.addCaCertificates(qlIntermediates);
--#else
- 		// Treat the leaf certificate as a root.
- 		// This shouldn't strictly be necessary,
- 		// and is a left-over from early on.
-@@ -1406,8 +1387,8 @@ void Server::newClient() {
- 		// Add intermediate CAs found in the PEM
- 		// bundle used for this server's certificate.
- 		sock->addCaCertificates(qlIntermediates);
--#endif
- 
-+		QSslConfiguration config = sock->sslConfiguration();
- 		config.setCiphers(Meta::mp.qlCiphers);
- #if defined(USE_QSSLDIFFIEHELLMANPARAMETERS)
- 		config.setDiffieHellmanParameters(qsdhpDHParams);

4414.patch

@@ -0,0 +1,43 @@
+From b47e309f3113a3c147070d42e27a2d96ecffb6b8 Mon Sep 17 00:00:00 2001
+From: MadMaurice <madmaurice@zom.bi>
+Date: Tue, 11 Aug 2020 22:43:02 +0200
+Subject: [PATCH] FIX(certificate): Retrieve QSslConfiguration after setting CA
+
+Commit bdb12c6 added a regression for servers built with QT older than version
+5.15. After this commit these servers do not serve intermediate certificates
+anymore.  This happens because the QSslConfiguration is retrieved before adding
+the CA certificates to the socket and is reinserted into the socket again after
+adding the CA certificates, thereby overwriting the CA certificates added in
+between.
+
+This commit fixes that by retrieving the QSslConfiguration just after setting
+the CA certificates in case an older QT version than 5.15 is used.
+---
+ src/murmur/Server.cpp | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp
+index 22a150b621..9b76709bf9 100644
+--- a/src/murmur/Server.cpp
++++ b/src/murmur/Server.cpp
+@@ -1373,8 +1373,9 @@ void Server::newClient() {
+ 		sock->setPrivateKey(qskKey);
+ 		sock->setLocalCertificate(qscCert);
+ 
+-		QSslConfiguration config = sock->sslConfiguration();
++		QSslConfiguration config;
+ #if QT_VERSION >= QT_VERSION_CHECK(5,15,0)
++		config = sock->sslConfiguration();
+ 		// Qt 5.15 introduced QSslConfiguration::addCaCertificate(s) that should be preferred over the functions in QSslSocket
+ 
+ 		// Treat the leaf certificate as a root.
+@@ -1406,6 +1407,9 @@ void Server::newClient() {
+ 		// Add intermediate CAs found in the PEM
+ 		// bundle used for this server's certificate.
+ 		sock->addCaCertificates(qlIntermediates);
++
++		// Must not get config from socket before setting CA certificates
++		config = sock->sslConfiguration();
+ #endif
+ 
+ 		config.setCiphers(Meta::mp.qlCiphers);

Dockerfile

@@ -27,11 +27,11 @@ RUN apt-get update -yqq && apt-get install -yqq \
     git --no-install-recommends
 
 WORKDIR /usr/src/murmur
-COPY 0001-Fix-ssl.patch /
+COPY 4414.patch /
 RUN \
     git clone https://github.com/mumble-voip/mumble.git . \
     && git checkout master \
-    && git apply /0001-Fix-ssl.patch \
+    && git apply /4414.patch \
     && git submodule init \
     && git submodule update