aboutsummaryrefslogblamecommitdiffstats
path: root/main/dovecot/dovecot.post-install
blob: c014fcbb47bac05d235ed2d6ddd9dd9ddb71236d (plain) (tree)
1
2
3
4
5
6
7



                         
                                     
                                                   
                                      







                                                               
                                                               



                                      
                                                                                                       
                                                                                                     

  


                                                                
                                                     



                                                                               
                                              
                                           

                           
                                         



                          
                                        


              




                                                                     



                                                                                                         
#!/bin/sh

# based on  doc/mkcert.sh

# if ssl disabled then lets just exit
doveconf ssl 2>/dev/null | grep -q 'yes' || exit 0 
# Generates a self-signed certificate.

OPENSSL=${OPENSSL-openssl}
SSLDIR=${SSLDIR-/etc/ssl/dovecot}
OPENSSLCONFIG=${OPENSSLCONFIG-/etc/dovecot/dovecot-openssl.cnf}

CERTDIR=$SSLDIR
KEYDIR=$SSLDIR

# parse cert and key file from dovecot.conf (1.2) for upgraders
dovecot_conf=/etc/dovecot/dovecot.conf
ssl_cert_file=
ssl_key_file=
if [ -r "$dovecot_conf" ]; then
	ssl_cert_file=$(awk -F'[[:space:]]*=[[:space:]]*' '/^ssl_cert_file/ { print $2}' $dovecot_conf)
	ssl_key_file=$(awk -F'[[:space:]]*=[[:space:]]*' '/^ssl_key_file/ { print $2}' $dovecot_conf)
fi

# check if we have ssl_cert and/or key (for dovecot-2.0+)
# try expand the cert/key itself and if found, lets just keep it
[ -n "$(doveconf -x ssl_cert 2>/dev/null)" ] && exit 0
[ -n "$(doveconf -x ssl_key 2>/dev/null)" ] && exit 0

[ -z "$ssl_cert_file" ] && ssl_cert_file=$(doveconf ssl_cert | sed 's/.*= <//')
[ -z "$ssl_key_file" ] && ssl_key_file=$(doveconf ssl_key | sed 's/.*= <//')

CERTFILE=${ssl_cert_file:-$CERTDIR/server.pem}
KEYFILE=${ssl_key_file:-$KEYDIR/server.key}

if [ -e "$CERTFILE" ]; then
	echo "Keeping existing $CERTFILE"
	exit 0
fi

if [ -e "$KEYFILE" ]; then
	echo "Keeping existing $KEYFILE"
	exit 0
fi

if [ ! -c /dev/urandom ] && [ ! -c /dev/random ]; then
	echo "No /dev/urandom or /dev/random so ssl cert not created"
	exit 1
fi

$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2
chmod 0600 $KEYFILE
echo 
$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2