[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: dovecot ssl key configuration - example is wrong
> I just set up a system with 2.2.13 and found the ssl configuration to be
> boggling. The example config file has
> # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
> # dropping root privileges, so keep the key file unreadable by anyone but
> # root. Included doc/mkcert.sh can be used to easily generate self-signed
> # certificate, just make sure to update the domains in dovecot-openssl.cnf
> #ssl_cert = /etc/openssl/certs/dovecot.pem
> #ssl_key = /etc/openssl/private/dovecot.pem
> which looks quite sane. However, that got me
> Oct 9 14:40:31 foo dovecot: imap-login: Fatal: Couldn't parse private
> ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line:
> Expecting: ANY PRIVATE KEY
> and I found that I had to put in the config file:
> ssl_key = </etc/openssl/private/foo.pem
> ssl_cert = </etc/openssl/certs/foo.pem
> and then all was well. Interestingly doveconf did put a < in the
> converted file from the v1 config file, but I presumed that was a bug.
> So if it really is the case that for a file one usee "<" (and presumably
> without < the RHS is the PEM-encoded key???), then the example should
> have a < and explain this.
> Before sending the above to the dovecot list, I looked in the sources,
> and find that pkgsrc patches out the "<"!!
> But I can't figure out why.
I can't figure out either. I think patch-ab, -ac, and -ae are useless and should be removed.
Main Index |
Thread Index |