File dovecot-2.3.0-dont_use_etc_ssl_certs.patch of Package dovecot23
Index: doc/man/doveconf.1.in
===================================================================
--- doc/man/doveconf.1.in.orig
+++ doc/man/doveconf.1.in
@@ -136,7 +136,7 @@ Show passwords and other sensitive value
.TP
.B \-x
Expand configuration variables (e.g. \(Domail_plugins \(rA quota) and show
-file contents (from e.g. ssl_cert = </etc/ssl/certs/dovecot.pem).
+file contents (from e.g. ssl_cert = </etc/ssl/private/dovecot.crt).
.\"---------------------------------
.TP
.I section_name
@@ -217,4 +217,4 @@ dict/quota = pgsql:@pkgsysconfdir@/dovec
.BR doveadm (1),
.BR dovecot (1),
.BR dovecot\-lda (1),
-.BR dsync (1)
\ No newline at end of file
+.BR dsync (1)
Index: doc/mkcert.sh
===================================================================
--- doc/mkcert.sh.orig
+++ doc/mkcert.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
# Generates a self-signed certificate.
# Edit dovecot-openssl.cnf before running this.
@@ -8,33 +8,33 @@ OPENSSL=${OPENSSL-openssl}
SSLDIR=${SSLDIR-/etc/ssl}
OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}
-CERTDIR=$SSLDIR/certs
+CERTDIR=$SSLDIR/private
KEYDIR=$SSLDIR/private
-CERTFILE=$CERTDIR/dovecot.pem
+CERTFILE=$CERTDIR/dovecot.crt
KEYFILE=$KEYDIR/dovecot.pem
-if [ ! -d $CERTDIR ]; then
- echo "$SSLDIR/certs directory doesn't exist"
+if [[ ! -d "${CERTDIR}" ]]; then
+ echo "$CERTDIR directory doesn't exist"
exit 1
fi
-if [ ! -d $KEYDIR ]; then
+if [[ ! -d "${KEYDIR}" ]]; then
echo "$SSLDIR/private directory doesn't exist"
exit 1
fi
-if [ -f $CERTFILE ]; then
+if [[ -f "${CERTFILE}" ]]; then
echo "$CERTFILE already exists, won't overwrite"
exit 1
fi
-if [ -f $KEYFILE ]; then
+if [[ -f "${KEYFILE}" ]]; then
echo "$KEYFILE already exists, won't overwrite"
exit 1
fi
-$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2
-chmod 0600 $KEYFILE
+$OPENSSL req -new -x509 -nodes -config "${OPENSSLCONFIG}" -out "${CERTFILE}" -keyout "${KEYFILE}" -days 365 || exit 2
+chmod 0600 "${KEYFILE}"
echo
-$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2
+$OPENSSL x509 -subject -fingerprint -noout -in "${CERTFILE}" || exit 2
Index: doc/wiki/CompilingSource.txt
===================================================================
--- doc/wiki/CompilingSource.txt.orig
+++ doc/wiki/CompilingSource.txt
@@ -142,7 +142,7 @@ non-standard path. Make sure you have th
installed, and if it is not in the standard location, set 'CPPFLAGS' and
'LDFLAGS' as shown in <the first section above.> [CompilingSource.txt]
-By default the SSL certificate is read from '/etc/ssl/certs/dovecot.pem' and
+By default the SSL certificate is read from '/etc/ssl/private/dovecot.crt' and
the private key from '/etc/ssl/private/dovecot.pem'. The '/etc/ssl' directory
can be changed using the '--with-ssldir=DIR' configure option. Both can of
course be overridden from the configuration file.
Index: doc/wiki/SSL.CertificateCreation.txt
===================================================================
--- doc/wiki/SSL.CertificateCreation.txt.orig
+++ doc/wiki/SSL.CertificateCreation.txt
@@ -39,7 +39,7 @@ CN matches the connected host name, othe
invalid. It's also possible to use wildcards (eg. *.domain.com) in the host
name. They should work with most clients.
-By default the certificate is created to '/etc/ssl/certs/dovecot.pem' and the
+By default the certificate is created to '/etc/ssl/private/dovecot.crt' and the
private key file is created to '/etc/ssl/private/dovecot.pem'. Also by default
the certificate will expire in 365 days. If you wish to change any of these,
modify the mkcert.sh script.
Index: doc/wiki/SSL.DovecotConfiguration.txt
===================================================================
--- doc/wiki/SSL.DovecotConfiguration.txt.orig
+++ doc/wiki/SSL.DovecotConfiguration.txt
@@ -41,7 +41,7 @@ The most important SSL settings are (in
---%<-------------------------------------------------------------------------
ssl = yes
# Preferred permissions: root:root 0444
-ssl_cert = </etc/ssl/certs/dovecot.pem
+ssl_cert = </etc/ssl/private/dovecot.crt
# Preferred permissions: root:root 0400
ssl_key = </etc/ssl/private/dovecot.pem
---%<-------------------------------------------------------------------------
@@ -73,11 +73,11 @@ override the global setting.:
---%<-------------------------------------------------------------------------
protocol imap {
- ssl_cert = </etc/ssl/certs/imap.pem
+ ssl_cert = </etc/ssl/private/imap.crt
ssl_key = </etc/ssl/private/imap.pem
}
protocol pop3 {
- ssl_cert = </etc/ssl/certs/pop3.pem
+ ssl_cert = </etc/ssl/private/pop3.crt
ssl_key = </etc/ssl/private/pop3.pem
}
---%<-------------------------------------------------------------------------
@@ -194,11 +194,11 @@ support SNI.
---%<-------------------------------------------------------------------------
local_name imap.example.org {
- ssl_cert = </etc/ssl/certs/imap.example.org.crt
+ ssl_cert = </etc/ssl/private/imap.example.org.crt
ssl_key = </etc/ssl/private/imap.example.org.key
}
local_name imap.example2.org {
- ssl_cert = </etc/ssl/certs/imap.example2.org.crt
+ ssl_cert = </etc/ssl/private/imap.example2.org.crt
ssl_key = </etc/ssl/private/imap.example2.org.key
}
# ..etc..
Index: doc/example-config/conf.d/10-ssl.conf
===================================================================
--- doc/example-config/conf.d/10-ssl.conf.orig
+++ doc/example-config/conf.d/10-ssl.conf
@@ -9,7 +9,7 @@
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
-ssl_cert = </etc/ssl/certs/dovecot.pem
+ssl_cert = </etc/ssl/private/dovecot.crt
ssl_key = </etc/ssl/private/dovecot.pem
# If key file is password protected, give the password here. Alternatively
