From 4a31b814a318a37fe8b58d42f2025e49072971e4 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 28 Apr 2024 11:51:25 +0200
Subject: Adding debian version 1:2.3.19.1+dfsg1-2.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/patches/ssl-cert-location.patch | 73 ++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 debian/patches/ssl-cert-location.patch

(limited to 'debian/patches/ssl-cert-location.patch')

diff --git a/debian/patches/ssl-cert-location.patch b/debian/patches/ssl-cert-location.patch
new file mode 100644
index 0000000..446dd87
--- /dev/null
+++ b/debian/patches/ssl-cert-location.patch
@@ -0,0 +1,73 @@
+From: "Jaldhar H. Vyas" <jaldhar@debian.org>
+Date: Tue, 25 Sep 2012 01:12:07 -0400
+Subject: SSL cert location
+
+Last-Update: Sun, 30 Nov 2014 23:59:07 -0500
+Bug: #608719
+
+Move dovecots generated X.509 certificate out of /etc/ssl where
+it doesn't belong.
+---
+ doc/example-config/conf.d/10-ssl.conf |  7 ++++---
+ doc/mkcert.sh                         | 10 +++++-----
+ 2 files changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/doc/example-config/conf.d/10-ssl.conf b/doc/example-config/conf.d/10-ssl.conf
+index ad84766..4867a07 100644
+--- a/doc/example-config/conf.d/10-ssl.conf
++++ b/doc/example-config/conf.d/10-ssl.conf
+@@ -3,14 +3,14 @@
+ ##
+ 
+ # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
+-#ssl = yes
++ssl = yes
+ 
+ # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
+ # dropping root privileges, so keep the key file unreadable by anyone but
+ # root. Included doc/mkcert.sh can be used to easily generate self-signed
+ # certificate, just make sure to update the domains in dovecot-openssl.cnf
+-ssl_cert = </etc/ssl/certs/dovecot.pem
+-ssl_key = </etc/ssl/private/dovecot.pem
++ssl_cert = </etc/dovecot/private/dovecot.pem
++ssl_key = </etc/dovecot/private/dovecot.key
+ 
+ # If key file is password protected, give the password here. Alternatively
+ # give it when starting dovecot with -p parameter. Since this file is often
+@@ -33,6 +33,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
+ # RedHat-based systems. Note that ssl_client_ca_file isn't recommended with
+ # large CA bundles, because it leads to excessive memory usage.
+ #ssl_client_ca_dir =
++ssl_client_ca_dir = /etc/ssl/certs
+ #ssl_client_ca_file =
+ 
+ # Require valid cert when connecting to a remote server
+diff --git a/doc/mkcert.sh b/doc/mkcert.sh
+index f7e484c..efcf85e 100644
+--- a/doc/mkcert.sh
++++ b/doc/mkcert.sh
+@@ -8,19 +8,19 @@ OPENSSL=${OPENSSL-openssl}
+ SSLDIR=${SSLDIR-/etc/ssl}
+ OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}
+ 
+-CERTDIR=$SSLDIR/certs
+-KEYDIR=$SSLDIR/private
++CERTDIR=/etc/dovecot/ssl
++KEYDIR=/etc/dovecot/ssl
+ 
+ CERTFILE=$CERTDIR/dovecot.pem
+-KEYFILE=$KEYDIR/dovecot.pem
++KEYFILE=$KEYDIR/dovecot.key
+ 
+ if [ ! -d $CERTDIR ]; then
+-  echo "$SSLDIR/certs directory doesn't exist"
++  echo "$CERTDIR directory doesn't exist"
+   exit 1
+ fi
+ 
+ if [ ! -d $KEYDIR ]; then
+-  echo "$SSLDIR/private directory doesn't exist"
++  echo "$KEYDIR directory doesn't exist"
+   exit 1
+ fi
+ 
-- 
cgit v1.2.3