From dda87f40a4db6426400507d46ccdca1cf96fbbe8 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Sat, 24 Mar 2012 11:43:03 +0100
Subject: Fix favor specific CA cert (not bogusly use CRL file always) for
 smtpd, but also disable cacert.org as specific file: fallback to other certs
 is broken due to lack of those files getting mirrored into chroot.

---
 postfix/postfix.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/postfix/postfix.sh b/postfix/postfix.sh
index b5be435..8ba2042 100755
--- a/postfix/postfix.sh
+++ b/postfix/postfix.sh
@@ -26,7 +26,7 @@ exit1()	{
 
 # Favor specific CA for our own server and client certificates
 # (comment out to trust any CA)
-cacert_smtpd="/etc/ssl/certs/cacert.org.pem"
+#cacert_smtpd="/etc/ssl/certs/cacert.org.pem"
 cacert_smtp=
 cacert_lmtp=
 
@@ -232,7 +232,7 @@ if [ -n "$sasl2" ] && [ -n "$sslcert" ]; then
 	$postconf -c "$tempdir" -e 'smtp_tls_CApath = /etc/ssl/certs'
 	$postconf -c "$tempdir" -e 'smtpd_tls_CApath = /etc/ssl/certs'
 	$postconf -c "$tempdir" -e 'lmtp_tls_CApath = /etc/ssl/certs'
-	$postconf -c "$tempdir" -e smtpd_tls_CAfile="${cacert_smptd:-$cacert_default}"
+	$postconf -c "$tempdir" -e smtpd_tls_CAfile="${cacert_smtpd:-$cacert_default}"
 	$postconf -c "$tempdir" -e smtp_tls_CAfile="${cacert_smtp:-$cacert_default}"
 	$postconf -c "$tempdir" -e lmtp_tls_CAfile="${cacert_lmtp:-$cacert_default}"
 	$postconf -c "$tempdir" -e 'smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache'
-- 
cgit v1.2.3