From: Ivan Rako Date: Tue, 9 May 2017 13:35:41 +0000 (+0200) Subject: generira certifikat ako ga nema X-Git-Tag: debian/1%2.2.13_cn1~3 X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=commitdiff_plain;h=a80671d5f813a53e6199cd63c7db8e89ba8c0d87;p=dovecot-cn.git generira certifikat ako ga nema --- diff --git a/debian/changelog b/debian/changelog index bedade6..a8d3f4c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,7 @@ dovecot-cn (1:2.2.13~cn1) stable; urgency=medium * Postavlja ssl = yes u 10-auth.conf + * Generira self-signed certifikat -- Ivan Rako Tue, 09 May 2017 14:34:56 +0200 diff --git a/debian/dirs b/debian/dirs new file mode 100644 index 0000000..1e98d4b --- /dev/null +++ b/debian/dirs @@ -0,0 +1 @@ +usr/share/dovecot-cn diff --git a/debian/install b/debian/install new file mode 100644 index 0000000..8fbdb23 --- /dev/null +++ b/debian/install @@ -0,0 +1 @@ +mkcert.sh usr/share/dovecot-cn diff --git a/debian/postinst b/debian/postinst index ad23302..6ecc8f6 100755 --- a/debian/postinst +++ b/debian/postinst @@ -44,6 +44,21 @@ cp_check_and_sed 'ssl = no' \ 's/^ssl = no/ssl = yes/g' \ /etc/dovecot/conf.d/10-ssl.conf || true +if ! grep -q ^ssl_cert /etc/dovecot/conf.d/10-ssl.conf \ + && ! grep -q ^ssl_key /etc/dovecot/conf.d/10-ssl.conf; then + cp_check_and_sed '#ssl_cert = /dev/null +fi + + + # dodao ico, gasi stare SSL protokole cp_check_and_sed '#ssl_protocols =' \ 's/^#ssl_protocols.*/ssl_protocols = !SSLv2 !SSLv3/g' \ diff --git a/mkcert.sh b/mkcert.sh new file mode 100755 index 0000000..3cd5a8a --- /dev/null +++ b/mkcert.sh @@ -0,0 +1,40 @@ +#!/bin/sh + +# Generates a self-signed certificate. +# Edit dovecot-openssl.cnf before running this. + +umask 077 +OPENSSL=${OPENSSL-openssl} +SSLDIR=${SSLDIR-/etc/ssl} +OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf} + +CERTDIR=/etc/dovecot +KEYDIR=/etc/dovecot/private + +CERTFILE=$CERTDIR/dovecot.pem +KEYFILE=$KEYDIR/dovecot.pem + +if [ ! -d $CERTDIR ]; then + echo "$SSLDIR/certs directory doesn't exist" + exit 1 +fi + +if [ ! -d $KEYDIR ]; then + echo "$SSLDIR/private directory doesn't exist" + exit 1 +fi + +if [ -f $CERTFILE ]; then + echo "$CERTFILE already exists, won't overwrite" + exit 1 +fi + +if [ -f $KEYFILE ]; then + echo "$KEYFILE already exists, won't overwrite" + exit 1 +fi + +$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2 +chmod 0600 $KEYFILE +echo +$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2