From aa998571b544302fbe3d8d3ba49ccebcfbc3d9a6 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Sat, 24 Mar 2012 11:35:52 +0100
Subject: Fix set use CRL file (not cert dir) as fallback for specific CA cert
 file.

---
 postfix/postfix.sh | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

(limited to 'postfix/postfix.sh')

diff --git a/postfix/postfix.sh b/postfix/postfix.sh
index e015ac9..b5be435 100755
--- a/postfix/postfix.sh
+++ b/postfix/postfix.sh
@@ -26,7 +26,13 @@ exit1()	{
 
 # Favor specific CA for our own server and client certificates
 # (comment out to trust any CA)
-cacert="/etc/ssl/certs/cacert.org.pem"
+cacert_smtpd="/etc/ssl/certs/cacert.org.pem"
+cacert_smtp=
+cacert_lmtp=
+
+# File containing all trusted CA certificates
+# (comment out if no chroot or it contains all individual files)
+cacert_default="/etc/ssl/certs/ca-certificates.crt"
 
 realmsdir='/etc/local-REDPILL'
 configdirs='/etc/local/postfix /etc/local-ORG/postfix /etc/local-REDPILL/postfix /etc/local-COMMON/postfix'
@@ -226,8 +232,9 @@ if [ -n "$sasl2" ] && [ -n "$sslcert" ]; then
 	$postconf -c "$tempdir" -e 'smtp_tls_CApath = /etc/ssl/certs'
 	$postconf -c "$tempdir" -e 'smtpd_tls_CApath = /etc/ssl/certs'
 	$postconf -c "$tempdir" -e 'lmtp_tls_CApath = /etc/ssl/certs'
-	$postconf -c "$tempdir" -e smtpd_tls_CAfile="$cacert"
-	$postconf -c "$tempdir" -e smtp_tls_CAfile=
+	$postconf -c "$tempdir" -e smtpd_tls_CAfile="${cacert_smptd:-$cacert_default}"
+	$postconf -c "$tempdir" -e smtp_tls_CAfile="${cacert_smtp:-$cacert_default}"
+	$postconf -c "$tempdir" -e lmtp_tls_CAfile="${cacert_lmtp:-$cacert_default}"
 	$postconf -c "$tempdir" -e 'smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache'
 	$postconf -c "$tempdir" -e 'smtpd_tls_session_cache_timeout = 3600s'
 	$postconf -c "$tempdir" -e 'tls_random_exchange_name = ${data_directory}/prng_exch'
-- 
cgit v1.2.3