diff options
Diffstat (limited to 'debian/patches/ssl-cert-location.patch')
| -rw-r--r-- | debian/patches/ssl-cert-location.patch | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/debian/patches/ssl-cert-location.patch b/debian/patches/ssl-cert-location.patch new file mode 100644 index 0000000..446dd87 --- /dev/null +++ b/debian/patches/ssl-cert-location.patch @@ -0,0 +1,73 @@ +From: "Jaldhar H. Vyas" <jaldhar@debian.org> +Date: Tue, 25 Sep 2012 01:12:07 -0400 +Subject: SSL cert location + +Last-Update: Sun, 30 Nov 2014 23:59:07 -0500 +Bug: #608719 + +Move dovecots generated X.509 certificate out of /etc/ssl where +it doesn't belong. +--- + doc/example-config/conf.d/10-ssl.conf | 7 ++++--- + doc/mkcert.sh | 10 +++++----- + 2 files changed, 9 insertions(+), 8 deletions(-) + +diff --git a/doc/example-config/conf.d/10-ssl.conf b/doc/example-config/conf.d/10-ssl.conf +index ad84766..4867a07 100644 +--- a/doc/example-config/conf.d/10-ssl.conf ++++ b/doc/example-config/conf.d/10-ssl.conf +@@ -3,14 +3,14 @@ + ## + + # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> +-#ssl = yes ++ssl = yes + + # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before + # dropping root privileges, so keep the key file unreadable by anyone but + # root. Included doc/mkcert.sh can be used to easily generate self-signed + # certificate, just make sure to update the domains in dovecot-openssl.cnf +-ssl_cert = </etc/ssl/certs/dovecot.pem +-ssl_key = </etc/ssl/private/dovecot.pem ++ssl_cert = </etc/dovecot/private/dovecot.pem ++ssl_key = </etc/dovecot/private/dovecot.key + + # If key file is password protected, give the password here. Alternatively + # give it when starting dovecot with -p parameter. Since this file is often +@@ -33,6 +33,7 @@ ssl_key = </etc/ssl/private/dovecot.pem + # RedHat-based systems. Note that ssl_client_ca_file isn't recommended with + # large CA bundles, because it leads to excessive memory usage. + #ssl_client_ca_dir = ++ssl_client_ca_dir = /etc/ssl/certs + #ssl_client_ca_file = + + # Require valid cert when connecting to a remote server +diff --git a/doc/mkcert.sh b/doc/mkcert.sh +index f7e484c..efcf85e 100644 +--- a/doc/mkcert.sh ++++ b/doc/mkcert.sh +@@ -8,19 +8,19 @@ OPENSSL=${OPENSSL-openssl} + SSLDIR=${SSLDIR-/etc/ssl} + OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf} + +-CERTDIR=$SSLDIR/certs +-KEYDIR=$SSLDIR/private ++CERTDIR=/etc/dovecot/ssl ++KEYDIR=/etc/dovecot/ssl + + CERTFILE=$CERTDIR/dovecot.pem +-KEYFILE=$KEYDIR/dovecot.pem ++KEYFILE=$KEYDIR/dovecot.key + + if [ ! -d $CERTDIR ]; then +- echo "$SSLDIR/certs directory doesn't exist" ++ echo "$CERTDIR directory doesn't exist" + exit 1 + fi + + if [ ! -d $KEYDIR ]; then +- echo "$SSLDIR/private directory doesn't exist" ++ echo "$KEYDIR directory doesn't exist" + exit 1 + fi + |