Commit 3a95b3dd authored by Paul Cammish's avatar Paul Cammish

Fixes #281

parent 323282c2
Pipeline #855 passed with stages
in 26 minutes and 44 seconds
CHANGELOG
---------
2020-04-18
sympl-mail
* Fixed sympl-mail-dovecot-sni issue with filesystem loops (#281)
2020-04-15
sympl-core
* Added --verbose switch to sympl-filesystem-security
......
sympl-mail (10.0.200418.0) stable; urgency=medium
* Fixed sympl-mail-dovecot-sni issue with filesystem loops (#281)
-- Paul Cammish <sympl@kelduum.net> Sat, 18 Apr 2019 10:59:18 +0100
sympl-mail (10.0.191227.0) stable; urgency=medium
* Improves default PCI Compliance by disabling TLS1.0
......
......@@ -2,8 +2,8 @@
set -e
if [ "$( find -L /srv -mindepth 5 -maxdepth 5 -name 'ssl.crt' -path '*/config/ssl/current/*' -print | wc -l )" == "0" ]; then
# No certs avaialable, so check if /etc/dovecot/sympl.d/10-main/60-sni exists
if [ $( find -L /srv/*/config/ssl/current/ -maxdepth 1 -mindepth 1 -name 'ssl.crt' -print | wc -l ) -eq 0 ]; then
# No certs available, so check if /etc/dovecot/sympl.d/10-main/60-sni exists
if [ -f /etc/dovecot/sympl.d/10-main/60-sni ]; then
# it exists, so remove it
rm /etc/dovecot/sympl.d/10-main/60-sni
......@@ -21,7 +21,7 @@ if [ "$( find -L /srv -mindepth 5 -maxdepth 5 -name 'ssl.crt' -path '*/config/ss
fi
fi
for certificate in $( find -L /srv -mindepth 5 -maxdepth 5 -name 'ssl.crt' -path '*/config/ssl/current/*' -print ); do
for certificate in $( find -L /srv/*/config/ssl/current/ -maxdepth 1 -mindepth 1 -name 'ssl.crt' -print); do
certpath="$( echo $certificate | sed 's|/config/ssl/current/.*$|/config/ssl/current|' )"
# Ensure there is a matching key file, and the path doesnt include an underscore
if [ -f "${certpath}/ssl.key" ] && [ -f "${certpath}/ssl.combined" ] && [ "$certpath" != "*_*" ] ; then
......@@ -67,4 +67,4 @@ fi
if [ -f /dev/shm/sympl-mail-dovecot-sni.data ]; then rm /dev/shm/sympl-mail-dovecot-sni.data; fi
exit 0
\ No newline at end of file
exit 0
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment