From: Jaldhar H. Vyas <jaldhar@debian.org>
Date: Tue, 25 Sep 2012 05:12:07 +0000 (-0400)
Subject: SSL cert location
X-Git-Tag: archive/raspbian/1%2.3.21.1+dfsg1-1+rpi1^2~23
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=9587e1ddaf6bf32c029c05cf5f2b5c90bb0733ca;p=dovecot.git

SSL cert location

Last-Update: Sun, 30 Nov 2014 23:59:07 -0500
Bug: #608719

Move dovecots generated X.509 certificate out of /etc/ssl where
it doesn't belong.

Gbp-Pq: Name ssl-cert-location.patch
---

diff --git a/doc/example-config/conf.d/10-ssl.conf b/doc/example-config/conf.d/10-ssl.conf
index ad84766..4867a07 100644
--- a/doc/example-config/conf.d/10-ssl.conf
+++ b/doc/example-config/conf.d/10-ssl.conf
@@ -3,14 +3,14 @@
 ##
 
 # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
-#ssl = yes
+ssl = yes
 
 # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
 # dropping root privileges, so keep the key file unreadable by anyone but
 # root. Included doc/mkcert.sh can be used to easily generate self-signed
 # certificate, just make sure to update the domains in dovecot-openssl.cnf
-ssl_cert = </etc/ssl/certs/dovecot.pem
-ssl_key = </etc/ssl/private/dovecot.pem
+ssl_cert = </etc/dovecot/private/dovecot.pem
+ssl_key = </etc/dovecot/private/dovecot.key
 
 # If key file is password protected, give the password here. Alternatively
 # give it when starting dovecot with -p parameter. Since this file is often
@@ -33,6 +33,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
 # RedHat-based systems. Note that ssl_client_ca_file isn't recommended with
 # large CA bundles, because it leads to excessive memory usage.
 #ssl_client_ca_dir =
+ssl_client_ca_dir = /etc/ssl/certs
 #ssl_client_ca_file =
 
 # Require valid cert when connecting to a remote server
diff --git a/doc/mkcert.sh b/doc/mkcert.sh
index f7e484c..efcf85e 100644
--- a/doc/mkcert.sh
+++ b/doc/mkcert.sh
@@ -8,19 +8,19 @@ OPENSSL=${OPENSSL-openssl}
 SSLDIR=${SSLDIR-/etc/ssl}
 OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}
 
-CERTDIR=$SSLDIR/certs
-KEYDIR=$SSLDIR/private
+CERTDIR=/etc/dovecot/ssl
+KEYDIR=/etc/dovecot/ssl
 
 CERTFILE=$CERTDIR/dovecot.pem
-KEYFILE=$KEYDIR/dovecot.pem
+KEYFILE=$KEYDIR/dovecot.key
 
 if [ ! -d $CERTDIR ]; then
-  echo "$SSLDIR/certs directory doesn't exist"
+  echo "$CERTDIR directory doesn't exist"
   exit 1
 fi
 
 if [ ! -d $KEYDIR ]; then
-  echo "$SSLDIR/private directory doesn't exist"
+  echo "$KEYDIR directory doesn't exist"
   exit 1
 fi