pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

dovecot ssl key configuration - example is wrong

I just set up a system with 2.2.13 and found the ssl configuration to be
boggling.  The example config file has

  # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
  # dropping root privileges, so keep the key file unreadable by anyone but
  # root. Included doc/ can be used to easily generate self-signed
  # certificate, just make sure to update the domains in dovecot-openssl.cnf
  #ssl_cert = /etc/openssl/certs/dovecot.pem
  #ssl_key = /etc/openssl/private/dovecot.pem

which looks quite sane.  However, that got me

  Oct  9 14:40:31 foo dovecot: imap-login: Fatal: Couldn't parse private
  ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line:
  Expecting: ANY PRIVATE KEY

and I found that I had to put in the config file:

  ssl_key = </etc/openssl/private/foo.pem
  ssl_cert = </etc/openssl/certs/foo.pem

and then all was well.  Interestingly doveconf did put a < in the
converted file from the v1 config file, but I presumed that was a bug.

So if it really is the case that for a file one usee "<" (and presumably
without < the RHS is the PEM-encoded key???), then the example should
have a < and explain this.

Before sending the above to the dovecot list, I looked in the sources,
and find that pkgsrc patches out the "<"!!
But I can't figure out why.

Attachment: pgpAFCOFE5b2Z.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index