From 6d2014011d422a5cd4d0a4de254a000a5e7a84ec Mon Sep 17 00:00:00 2001
From: Ivan Rako <irako@nekkar.carnet.hr>
Date: Tue, 9 May 2017 15:46:00 +0200
Subject: [PATCH] dodan openssl-dovecot.cnf

---
 debian/install      |    3 ++-
 debian/postinst     |    7 ++++---
 dovecot-openssl.cnf |   31 +++++++++++++++++++++++++++++++
 mkcert.sh           |    2 +-
 4 files changed, 38 insertions(+), 5 deletions(-)
 create mode 100644 dovecot-openssl.cnf

diff --git a/debian/install b/debian/install
index 8fbdb23..d362fd6 100644
--- a/debian/install
+++ b/debian/install
@@ -1 +1,2 @@
-mkcert.sh	usr/share/dovecot-cn
+mkcert.sh		usr/share/dovecot-cn
+dovecot-openssl.cnf	usr/share/dovecot-cn
diff --git a/debian/postinst b/debian/postinst
index 6ecc8f6..4cc3cb3 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -46,15 +46,16 @@ cp_check_and_sed 'ssl = no' \
 
 if ! grep -q ^ssl_cert /etc/dovecot/conf.d/10-ssl.conf \
   && ! grep -q ^ssl_key /etc/dovecot/conf.d/10-ssl.conf; then
+
+  echo "CN: Generating certificate and key..."
+  /usr/share/dovecot-cn/mkcert.sh > /dev/null
+
   cp_check_and_sed '#ssl_cert = </etc/dovecot/dovecot.pem' \
 		   's|#ssl_cert = </etc/dovecot/dovecot.pem|ssl_cert = </etc/dovecot/dovecot.pem|g' \
 		   /etc/dovecot/conf.d/10-ssl.conf || true
   cp_check_and_sed '#ssl_key = </etc/dovecot/private/dovecot.pem' \
 		   's|#ssl_key = </etc/dovecot/private/dovecot.pem|ssl_key = </etc/dovecot/private/dovecot.pem|g' \
 		   /etc/dovecot/conf.d/10-ssl.conf || true
-
-  echo "CN: Generating certificate and key..."
-  /usr/share/dovecot-cn/mkcert.sh > /dev/null
 fi
 
 
diff --git a/dovecot-openssl.cnf b/dovecot-openssl.cnf
new file mode 100644
index 0000000..b2dfebf
--- /dev/null
+++ b/dovecot-openssl.cnf
@@ -0,0 +1,31 @@
+[ req ]
+default_bits = 1024
+encrypt_key = yes
+distinguished_name = req_dn
+x509_extensions = cert_type
+prompt = no
+
+[ req_dn ]
+# country (2 letter code)
+#C=FI
+
+# State or Province Name (full name)
+#ST=
+
+# Locality Name (eg. city)
+#L=Helsinki
+
+# Organization (eg. company)
+#O=Dovecot
+
+# Organizational Unit Name (eg. section)
+OU=IMAP server
+
+# Common Name (*.example.com is also possible)
+CN=imap.example.com
+
+# E-mail contact
+emailAddress=postmaster@example.com
+
+[ cert_type ]
+nsCertType = server
diff --git a/mkcert.sh b/mkcert.sh
index 3cd5a8a..3689b17 100755
--- a/mkcert.sh
+++ b/mkcert.sh
@@ -6,7 +6,7 @@
 umask 077
 OPENSSL=${OPENSSL-openssl}
 SSLDIR=${SSLDIR-/etc/ssl}
-OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}
+OPENSSLCONFIG=${OPENSSLCONFIG-/usr/share/dovecot-cn/dovecot-openssl.cnf}
 
 CERTDIR=/etc/dovecot
 KEYDIR=/etc/dovecot/private
-- 
1.7.10.4