From a80671d5f813a53e6199cd63c7db8e89ba8c0d87 Mon Sep 17 00:00:00 2001
From: Ivan Rako <irako@nekkar.carnet.hr>
Date: Tue, 9 May 2017 15:35:41 +0200
Subject: [PATCH] generira certifikat ako ga nema

---
 debian/changelog |    1 +
 debian/dirs      |    1 +
 debian/install   |    1 +
 debian/postinst  |   15 +++++++++++++++
 mkcert.sh        |   40 ++++++++++++++++++++++++++++++++++++++++
 5 files changed, 58 insertions(+)
 create mode 100644 debian/dirs
 create mode 100644 debian/install
 create mode 100755 mkcert.sh

diff --git a/debian/changelog b/debian/changelog
index bedade6..a8d3f4c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
 dovecot-cn (1:2.2.13~cn1) stable; urgency=medium
 
   * Postavlja ssl = yes u 10-auth.conf
+  * Generira self-signed certifikat
 
  -- Ivan Rako <Ivan.Rako@CARNet.hr>  Tue, 09 May 2017 14:34:56 +0200
 
diff --git a/debian/dirs b/debian/dirs
new file mode 100644
index 0000000..1e98d4b
--- /dev/null
+++ b/debian/dirs
@@ -0,0 +1 @@
+usr/share/dovecot-cn
diff --git a/debian/install b/debian/install
new file mode 100644
index 0000000..8fbdb23
--- /dev/null
+++ b/debian/install
@@ -0,0 +1 @@
+mkcert.sh	usr/share/dovecot-cn
diff --git a/debian/postinst b/debian/postinst
index ad23302..6ecc8f6 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -44,6 +44,21 @@ cp_check_and_sed 'ssl = no' \
 		 's/^ssl = no/ssl = yes/g' \
 		 /etc/dovecot/conf.d/10-ssl.conf || true
 
+if ! grep -q ^ssl_cert /etc/dovecot/conf.d/10-ssl.conf \
+  && ! grep -q ^ssl_key /etc/dovecot/conf.d/10-ssl.conf; then
+  cp_check_and_sed '#ssl_cert = </etc/dovecot/dovecot.pem' \
+		   's|#ssl_cert = </etc/dovecot/dovecot.pem|ssl_cert = </etc/dovecot/dovecot.pem|g' \
+		   /etc/dovecot/conf.d/10-ssl.conf || true
+  cp_check_and_sed '#ssl_key = </etc/dovecot/private/dovecot.pem' \
+		   's|#ssl_key = </etc/dovecot/private/dovecot.pem|ssl_key = </etc/dovecot/private/dovecot.pem|g' \
+		   /etc/dovecot/conf.d/10-ssl.conf || true
+
+  echo "CN: Generating certificate and key..."
+  /usr/share/dovecot-cn/mkcert.sh > /dev/null
+fi
+
+
+
 # dodao ico, gasi stare SSL protokole
 cp_check_and_sed '#ssl_protocols =' \
 		 's/^#ssl_protocols.*/ssl_protocols = !SSLv2 !SSLv3/g' \
diff --git a/mkcert.sh b/mkcert.sh
new file mode 100755
index 0000000..3cd5a8a
--- /dev/null
+++ b/mkcert.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+# Generates a self-signed certificate.
+# Edit dovecot-openssl.cnf before running this.
+
+umask 077
+OPENSSL=${OPENSSL-openssl}
+SSLDIR=${SSLDIR-/etc/ssl}
+OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}
+
+CERTDIR=/etc/dovecot
+KEYDIR=/etc/dovecot/private
+
+CERTFILE=$CERTDIR/dovecot.pem
+KEYFILE=$KEYDIR/dovecot.pem
+
+if [ ! -d $CERTDIR ]; then
+  echo "$SSLDIR/certs directory doesn't exist"
+  exit 1
+fi
+
+if [ ! -d $KEYDIR ]; then
+  echo "$SSLDIR/private directory doesn't exist"
+  exit 1
+fi
+
+if [ -f $CERTFILE ]; then
+  echo "$CERTFILE already exists, won't overwrite"
+  exit 1
+fi
+
+if [ -f $KEYFILE ]; then
+  echo "$KEYFILE already exists, won't overwrite"
+  exit 1
+fi
+
+$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2
+chmod 0600 $KEYFILE
+echo 
+$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2
-- 
1.7.10.4