mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-05-09 11:54:23 +02:00
54 lines
1.6 KiB
Bash
54 lines
1.6 KiB
Bash
#!/bin/sh
|
|
|
|
# based on doc/mkcert.sh
|
|
|
|
# if ssl disabled then lets just exit
|
|
doveconf ssl 2>/dev/null | grep -Eq '(yes|required)' || exit 0
|
|
# Generates a self-signed certificate.
|
|
|
|
OPENSSL=${OPENSSL-openssl}
|
|
SSLDIR=${SSLDIR-/etc/ssl/dovecot}
|
|
OPENSSLCONFIG=${OPENSSLCONFIG-/etc/dovecot/dovecot-openssl.cnf}
|
|
|
|
CERTDIR=$SSLDIR
|
|
KEYDIR=$SSLDIR
|
|
|
|
# parse cert and key file from dovecot.conf (1.2) for upgraders
|
|
dovecot_conf=/etc/dovecot/dovecot.conf
|
|
ssl_cert_file=
|
|
ssl_key_file=
|
|
if [ -r "$dovecot_conf" ]; then
|
|
ssl_cert_file=$(awk -F'[[:space:]]*=[[:space:]]*' '/^ssl_cert_file/ { print $2}' $dovecot_conf)
|
|
ssl_key_file=$(awk -F'[[:space:]]*=[[:space:]]*' '/^ssl_key_file/ { print $2}' $dovecot_conf)
|
|
fi
|
|
|
|
# check if we have ssl_cert and/or key (for dovecot-2.0+)
|
|
# try expand the cert/key itself and if found, lets just keep it
|
|
[ -n "$(doveconf -x ssl_cert 2>/dev/null)" ] && exit 0
|
|
[ -n "$(doveconf -x ssl_key 2>/dev/null)" ] && exit 0
|
|
|
|
[ -z "$ssl_cert_file" ] && ssl_cert_file=$(doveconf ssl_cert | sed 's/.*= <//')
|
|
[ -z "$ssl_key_file" ] && ssl_key_file=$(doveconf ssl_key | sed 's/.*= <//')
|
|
|
|
CERTFILE=${ssl_cert_file:-$CERTDIR/server.pem}
|
|
KEYFILE=${ssl_key_file:-$KEYDIR/server.key}
|
|
|
|
if [ -e "$CERTFILE" ]; then
|
|
echo "Keeping existing $CERTFILE"
|
|
exit 0
|
|
fi
|
|
|
|
if [ -e "$KEYFILE" ]; then
|
|
echo "Keeping existing $KEYFILE"
|
|
exit 0
|
|
fi
|
|
|
|
if [ ! -c /dev/urandom ] && [ ! -c /dev/random ]; then
|
|
echo "No /dev/urandom or /dev/random so ssl cert not created"
|
|
exit 1
|
|
fi
|
|
|
|
$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2
|
|
chmod 0600 $KEYFILE
|
|
echo
|
|
$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2
|