summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-05-22 17:49:36 +0200
committerGuilhem Moulin <guilhem@fripost.org>2016-05-22 17:54:11 +0200
commitdeb4777fb64a8427fa029bcd932a0c58adf203d6 (patch)
tree4fa5411c5537a8fccb290fba5659bb7f28e191ce
parent95223463c427517a76e944b8a67d35ece6eb56c1 (diff)
IMAP proxy: copy only the leaf cert, not the whole chain.
The comment regarding stunnel4 seems to not be relevant any longer.
-rw-r--r--roles/IMAP-proxy/tasks/main.yml12
1 files changed, 4 insertions, 8 deletions
diff --git a/roles/IMAP-proxy/tasks/main.yml b/roles/IMAP-proxy/tasks/main.yml
index 3d4efb1..7fcf91d 100644
--- a/roles/IMAP-proxy/tasks/main.yml
+++ b/roles/IMAP-proxy/tasks/main.yml
@@ -50,14 +50,10 @@
mode=0755
- name: Copy Dovecot's X.509 certificate
- # XXX: it's unfortunate that we have to store the whole CA chain...
- # for some reason stunnel's level 4 "verify" (CA chain and only verify
- # peer certificate) doesn't always work:
- # https://www.stunnel.org/pipermail/stunnel-users/2013-July/004249.html
- assemble: src=certs/dovecot remote_src=no
- dest=/etc/stunnel/certs/imap.fripost.org.pem
- owner=root group=root
- mode=0644
+ copy: src=certs/public/imap.fripost.org.pem
+ dest=/etc/stunnel/certs/imap.fripost.org.pem
+ owner=root group=root
+ mode=0644
register: r1
notify:
- Restart stunnel@roundcube