diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2016-05-17 20:35:37 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2016-05-17 22:07:45 +0200 |
| commit | 7a562e807515506d7dca2f370f63057be7366c34 (patch) | |
| tree | 129a3fb021685ce04f9916c3163eb13ae3f30570 | |
| parent | c459a95cd4013e489ef4f9d47c05d1c98798522c (diff) | |
roundube: Pin X.509 certificate for sieve.fripost.org:4190.
| -rw-r--r-- | roles/webmail/tasks/roundcube.yml | 10 | ||||
| -rw-r--r-- | roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2 (renamed from roles/webmail/files/etc/roundcube/plugins/managesieve/config.inc.php) | 7 |
2 files changed, 11 insertions, 6 deletions
diff --git a/roles/webmail/tasks/roundcube.yml b/roles/webmail/tasks/roundcube.yml index eb04ba1..e416656 100644 --- a/roles/webmail/tasks/roundcube.yml +++ b/roles/webmail/tasks/roundcube.yml @@ -27,7 +27,6 @@ - roundcube-plugins - php-net-sieve - php-net-ldap3 - - php-mail-mimedecode - name: Copy fripost's logo copy: src=usr/share/roundcube/skins/{{ item }}/images/fripost_logo.png @@ -97,9 +96,16 @@ with_items: - additional_message_headers - jqueryui - - managesieve - password +- name: Configure Roundcube plugins (2) + template: src=etc/roundcube/plugins/{{ item }}/config.inc.php.j2 + dest=/etc/roundcube/plugins/{{ item }}/config.inc.php + owner=root group=root + mode=0644 + with_items: + - managesieve + - name: Start php5-fpm service: name=php5-fpm state=started diff --git a/roles/webmail/files/etc/roundcube/plugins/managesieve/config.inc.php b/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2 index 9c9b3fc..6ad7343 100644 --- a/roles/webmail/files/etc/roundcube/plugins/managesieve/config.inc.php +++ b/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2 @@ -26,7 +26,7 @@ $config['managesieve_auth_pw'] = null; // use or not TLS for managesieve server connection // Note: tls:// prefix in managesieve_host is also supported -$config['managesieve_usetls'] = false; +$config['managesieve_usetls'] = true; // Connection scket context options // See http://php.net/manual/en/context.ssl.php @@ -34,10 +34,9 @@ $config['managesieve_usetls'] = false; $config['managesieve_conn_options'] = array( 'ssl' => array( 'verify_peer' => true, - 'verify_depth' => 3, - 'cafile' => '/etc/stunnel/certs/imap.fripost.org.pem', 'disable_compression' => true, - 'ciphers' => 'EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL', + 'ciphers' => 'EECDH+AES!MEDIUM!LOW!EXP!aNULL!eNULL', + 'peer_fingerprint' => array('sha1' => '{{ lookup('pipe', 'openssl x509 -in certs/public/imap.fripost.org.pem -noout -fingerprint -sha1 | sed "s/[^=]*=\s*//" | tr -d :') }}'), ), ); |