Commit 9879e754 authored by Paul Cammish's avatar Paul Cammish

Merge branch 'dovecot-sni-chain-fix_buster' into 'buster-testing'

Dovecot SNI Chain Fix (buster)

See merge request !132
parents 90048a7e ec06c64a
Pipeline #707 passed with stages
in 36 minutes and 21 seconds
sympl-mail (10.0.190917.0) stable; urgency=medium
* Adds full chain to Dovecot SNI, needed by some clients.
-- Paul Cammish <sympl@kelduum.net> Tue, 17 Sep 2019 12:57:15 +0100
sympl-mail (10.0.190708.0) stable; urgency=medium
* Re-enable Dovecot SNI
......
......@@ -24,7 +24,7 @@ fi
for certificate in $( find -L /srv -mindepth 5 -maxdepth 5 -name 'ssl.crt' -path '*/config/ssl/current/*' -print ); do
certpath="$( echo $certificate | sed 's|/config/ssl/current/.*$|/config/ssl/current|' )"
# Ensure there is a matching key file, and the path doesnt include an underscore
if [ -f "${certpath}/ssl.key" ] && [ -f "${certpath}/ssl.bundle" ] && [ "$certpath" != "*_*" ] ; then
if [ -f "${certpath}/ssl.key" ] && [ -f "${certpath}/ssl.combined" ] && [ "$certpath" != "*_*" ] ; then
# Go through the certs, listing all the domains, and filter them, one cert per domain.
openssl x509 -noout -text -in "$certificate" \
| grep 'Subject: CN\|DNS:' \
......@@ -40,8 +40,7 @@ echo "# Auto generated SNI configuration by sympl-mail-dovecot-sni." > /dev/shm/
cat /dev/shm/sympl-mail-dovecot-sni.data | while read certpath certificate domain; do
echo "# Enable SNI for $domain"
echo "local_name $domain {"
echo " ssl_ca = <$certpath/ssl.bundle"
echo " ssl_cert = <$certificate"
echo " ssl_cert = <$certpath/ssl.combined"
echo " ssl_key = <$certpath/ssl.key"
echo "}"
echo
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment