cp_check_and_sed '#ssl_key = </etc/dovecot/private/dovecot.pem' \
's|#ssl_key = </etc/dovecot/private/dovecot.pem|ssl_key = </etc/dovecot/private/dovecot.pem|g' \
/etc/dovecot/conf.d/10-ssl.conf || true
- # negdje se pojavljuje dovecot.key
+ # negdje se pojavljuje dovecot.key umjesto dovecot.pem
cp_check_and_sed 'ssl_key = </etc/dovecot/private/dovecot.key' \
's|ssl_key = </etc/dovecot/private/dovecot.key|ssl_key = </etc/dovecot/private/dovecot.pem|g' \
/etc/dovecot/conf.d/10-ssl.conf || true
fi
+### buster ima ssl_min_protocol umjesto ssl_protocols
+# ne radimo ništa ako već postoji ^ssl_min_protocol = TLS*, možda je sistemac smanjivao level TLS-a
+if ! grep -q "^ssl_min_protocol = TLS"; then
+ # postavlja minimalni TLS protokol i mijenja ime varijable
+ cp_check_and_sed '#ssl_protocols =' \
+ 's/^#ssl_protocols.*/ssl_min_protocol = TLSv1.2/g' \
+ /etc/dovecot/conf.d/10-ssl.conf || true
+ # postavlja minimalni TLS protokol ako je varijabla već uključena
+ cp_check_and_sed 'ssl_protocols =' \
+ 's/^ssl_protocols.*/ssl_min_protocol = TLSv1.2/g' \
+ /etc/dovecot/conf.d/10-ssl.conf || true
+
+ # samo popravlja inačicu protokola i uključuje varijablu
+ cp_check_and_sed '#ssl_min_protocol =' \
+ 's/^#ssl_min_protocol.*/ssl_min_protocol = TLSv1.2/g' \
+ /etc/dovecot/conf.d/10-ssl.conf || true
+
+ # popravlja inačicu protokola ako je varijabla već uključena (ako je zaostao SSLv2 i SSLv3)
+ cp_check_and_sed 'ssl_min_protocol =' \
+ 's/^ssl_min_protocol.*/ssl_min_protocol = TLSv1.2/g' \
+ /etc/dovecot/conf.d/10-ssl.conf || true
+fi
+
+# maknuti kludge kreiran u carnet-upgrade
+echo "CN: Prebacujem stare konfiguracije za dovecot 95-cn#-upgrade.conf u /var/backups..."
+test -f /etc/dovecot/conf.d/95-cn6-upgrade.conf && mv /etc/dovecot/conf.d/95-cn6-upgrade.conf /var/backups || true
+test -f /etc/dovecot/conf.d/95-cn7-upgrade.conf && mv /etc/dovecot/conf.d/95-cn7-upgrade.conf /var/backups || true
+test -f /etc/dovecot/conf.d/95-cn8-upgrade.conf && mv /etc/dovecot/conf.d/95-cn8-upgrade.conf /var/backups || true
+test -f /etc/dovecot/conf.d/95-cn9-upgrade.conf && mv /etc/dovecot/conf.d/95-cn9-upgrade.conf /var/backups || true
+
+# staro, može se brisati
# dodao ico, gasi SSLv3 protokol
-cp_check_and_sed '#ssl_protocols =' \
- 's/^#ssl_protocols.*/ssl_protocols = !SSLv3/g' \
- /etc/dovecot/conf.d/10-ssl.conf || true
+#cp_check_and_sed '#ssl_protocols =' \
+# 's/^#ssl_protocols.*/ssl_protocols = !SSLv3/g' \
+# /etc/dovecot/conf.d/10-ssl.conf || true
# dodao zelja, gasi stare SSL protokole
-cp_check_and_sed 'ssl_protocols =' \
- 's/\!SSLv2 //g' \
- /etc/dovecot/conf.d/10-ssl.conf || true
+#cp_check_and_sed 'ssl_protocols =' \
+# 's/\!SSLv2 //g' \
+# /etc/dovecot/conf.d/10-ssl.conf || true
# dodao zelja, gasi stare SSL protokole/ciphere u 95-cn9-upgrade.conf ako postoje
-if [ -f /etc/dovecot/conf.d/95-cn9-upgrade.conf ]; then
- cp_check_and_sed 'ssl_protocols =' \
- 's/\!SSLv2 //g' \
- /etc/dovecot/conf.d/95-cn9-upgrade.conf || true
- cp_check_and_sed 'ssl_cipher_list' \
- 's/:\!SSLv2//g' \
- /etc/dovecot/conf.d/95-cn9-upgrade.conf || true
-fi
+#if [ -f /etc/dovecot/conf.d/95-cn9-upgrade.conf ]; then
+# cp_check_and_sed 'ssl_protocols =' \
+# 's/\!SSLv2 //g' \
+# /etc/dovecot/conf.d/95-cn9-upgrade.conf || true
+# cp_check_and_sed 'ssl_cipher_list' \
+# 's/:\!SSLv2//g' \
+# /etc/dovecot/conf.d/95-cn9-upgrade.conf || true
+#fi
# restart
service dovecot restart || true
projects / dovecot-cn.git / commitdiff