Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:computersalat:devel:mail
dovecot23
dovecot-2.3.0-dont_use_etc_ssl_certs.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File dovecot-2.3.0-dont_use_etc_ssl_certs.patch of Package dovecot23
Index: doc/man/doveconf.1.in =================================================================== --- doc/man/doveconf.1.in.orig +++ doc/man/doveconf.1.in @@ -136,7 +136,7 @@ Show passwords and other sensitive value .TP .B \-x Expand configuration variables (e.g. \(Domail_plugins \(rA quota) and show -file contents (from e.g. ssl_cert = </etc/ssl/certs/dovecot.pem). +file contents (from e.g. ssl_cert = </etc/ssl/private/dovecot.crt). .\"--------------------------------- .TP .I section_name @@ -217,4 +217,4 @@ dict/quota = pgsql:@pkgsysconfdir@/dovec .BR doveadm (1), .BR dovecot (1), .BR dovecot\-lda (1), -.BR dsync (1) \ No newline at end of file +.BR dsync (1) Index: doc/mkcert.sh =================================================================== --- doc/mkcert.sh.orig +++ doc/mkcert.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # Generates a self-signed certificate. # Edit dovecot-openssl.cnf before running this. @@ -8,33 +8,33 @@ OPENSSL=${OPENSSL-openssl} SSLDIR=${SSLDIR-/etc/ssl} OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf} -CERTDIR=$SSLDIR/certs +CERTDIR=$SSLDIR/private KEYDIR=$SSLDIR/private -CERTFILE=$CERTDIR/dovecot.pem +CERTFILE=$CERTDIR/dovecot.crt KEYFILE=$KEYDIR/dovecot.pem -if [ ! -d $CERTDIR ]; then - echo "$SSLDIR/certs directory doesn't exist" +if [[ ! -d "${CERTDIR}" ]]; then + echo "$CERTDIR directory doesn't exist" exit 1 fi -if [ ! -d $KEYDIR ]; then +if [[ ! -d "${KEYDIR}" ]]; then echo "$SSLDIR/private directory doesn't exist" exit 1 fi -if [ -f $CERTFILE ]; then +if [[ -f "${CERTFILE}" ]]; then echo "$CERTFILE already exists, won't overwrite" exit 1 fi -if [ -f $KEYFILE ]; then +if [[ -f "${KEYFILE}" ]]; then echo "$KEYFILE already exists, won't overwrite" exit 1 fi -$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2 -chmod 0600 $KEYFILE +$OPENSSL req -new -x509 -nodes -config "${OPENSSLCONFIG}" -out "${CERTFILE}" -keyout "${KEYFILE}" -days 365 || exit 2 +chmod 0600 "${KEYFILE}" echo -$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2 +$OPENSSL x509 -subject -fingerprint -noout -in "${CERTFILE}" || exit 2 Index: doc/wiki/CompilingSource.txt =================================================================== --- doc/wiki/CompilingSource.txt.orig +++ doc/wiki/CompilingSource.txt @@ -142,7 +142,7 @@ non-standard path. Make sure you have th installed, and if it is not in the standard location, set 'CPPFLAGS' and 'LDFLAGS' as shown in <the first section above.> [CompilingSource.txt] -By default the SSL certificate is read from '/etc/ssl/certs/dovecot.pem' and +By default the SSL certificate is read from '/etc/ssl/private/dovecot.crt' and the private key from '/etc/ssl/private/dovecot.pem'. The '/etc/ssl' directory can be changed using the '--with-ssldir=DIR' configure option. Both can of course be overridden from the configuration file. Index: doc/wiki/SSL.CertificateCreation.txt =================================================================== --- doc/wiki/SSL.CertificateCreation.txt.orig +++ doc/wiki/SSL.CertificateCreation.txt @@ -39,7 +39,7 @@ CN matches the connected host name, othe invalid. It's also possible to use wildcards (eg. *.domain.com) in the host name. They should work with most clients. -By default the certificate is created to '/etc/ssl/certs/dovecot.pem' and the +By default the certificate is created to '/etc/ssl/private/dovecot.crt' and the private key file is created to '/etc/ssl/private/dovecot.pem'. Also by default the certificate will expire in 365 days. If you wish to change any of these, modify the mkcert.sh script. Index: doc/wiki/SSL.DovecotConfiguration.txt =================================================================== --- doc/wiki/SSL.DovecotConfiguration.txt.orig +++ doc/wiki/SSL.DovecotConfiguration.txt @@ -41,7 +41,7 @@ The most important SSL settings are (in ---%<------------------------------------------------------------------------- ssl = yes # Preferred permissions: root:root 0444 -ssl_cert = </etc/ssl/certs/dovecot.pem +ssl_cert = </etc/ssl/private/dovecot.crt # Preferred permissions: root:root 0400 ssl_key = </etc/ssl/private/dovecot.pem ---%<------------------------------------------------------------------------- @@ -73,11 +73,11 @@ override the global setting.: ---%<------------------------------------------------------------------------- protocol imap { - ssl_cert = </etc/ssl/certs/imap.pem + ssl_cert = </etc/ssl/private/imap.crt ssl_key = </etc/ssl/private/imap.pem } protocol pop3 { - ssl_cert = </etc/ssl/certs/pop3.pem + ssl_cert = </etc/ssl/private/pop3.crt ssl_key = </etc/ssl/private/pop3.pem } ---%<------------------------------------------------------------------------- @@ -194,11 +194,11 @@ support SNI. ---%<------------------------------------------------------------------------- local_name imap.example.org { - ssl_cert = </etc/ssl/certs/imap.example.org.crt + ssl_cert = </etc/ssl/private/imap.example.org.crt ssl_key = </etc/ssl/private/imap.example.org.key } local_name imap.example2.org { - ssl_cert = </etc/ssl/certs/imap.example2.org.crt + ssl_cert = </etc/ssl/private/imap.example2.org.crt ssl_key = </etc/ssl/private/imap.example2.org.key } # ..etc.. Index: doc/example-config/conf.d/10-ssl.conf =================================================================== --- doc/example-config/conf.d/10-ssl.conf.orig +++ doc/example-config/conf.d/10-ssl.conf @@ -9,7 +9,7 @@ # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf -ssl_cert = </etc/ssl/certs/dovecot.pem +ssl_cert = </etc/ssl/private/dovecot.crt ssl_key = </etc/ssl/private/dovecot.pem # If key file is password protected, give the password here. Alternatively
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor