IMAP proxy: copy only the leaf cert, not the whole chain.

The comment regarding stunnel4 seems to not be relevant any longer.
author: Guilhem Moulin <guilhem@fripost.org> 2016-05-22 17:49:36 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2016-05-22 17:54:11 +0200
commit: deb4777fb64a8427fa029bcd932a0c58adf203d6 (patch)
tree: 4fa5411c5537a8fccb290fba5659bb7f28e191ce /roles/IMAP-proxy/tasks/main.yml
parent: 95223463c427517a76e944b8a67d35ece6eb56c1 (diff)
1 files changed, 4 insertions, 8 deletions
diff --git a/roles/IMAP-proxy/tasks/main.yml b/roles/IMAP-proxy/tasks/main.yml
index 3d4efb1..7fcf91d 100644
--- a/roles/IMAP-proxy/tasks/main.yml
+++ b/roles/IMAP-proxy/tasks/main.yml
@@ -33,48 +33,44 @@
     - 15-mailboxes.conf
     - 20-imapc.conf
     - auth-imap.conf.ext
   notify:
     - Restart Dovecot
 
 - name: Start Dovecot
   service: name=dovecot state=started
   when: not r.changed
 
 - meta: flush_handlers
 
 
 - name: Create /etc/stunnel/certs
   file: path=/etc/stunnel/certs
         state=directory
         owner=root group=root
         mode=0755
 
 - name: Copy Dovecot's X.509 certificate
-  # XXX: it's unfortunate that we have to store the whole CA chain...
-  # for some reason stunnel's level 4 "verify" (CA chain and only verify
-  # peer certificate) doesn't always work:
-  # https://www.stunnel.org/pipermail/stunnel-users/2013-July/004249.html
-  assemble: src=certs/dovecot remote_src=no
-            dest=/etc/stunnel/certs/imap.fripost.org.pem
-            owner=root group=root
-            mode=0644
+  copy: src=certs/public/imap.fripost.org.pem
+        dest=/etc/stunnel/certs/imap.fripost.org.pem
+        owner=root group=root
+        mode=0644
   register: r1
   notify:
     - Restart stunnel@roundcube
 
 - name: Copy slapd's X.509 certificate
   copy: src=certs/ldap/ldap.fripost.org.pem
         dest=/etc/stunnel/certs/ldap.fripost.org.pem
         owner=root group=root
         mode=0644
   register: r2
   notify:
     - Restart stunnel@roundcube
 
 - name: Configure stunnel
   copy: src=etc/stunnel/roundcube.conf
         dest=/etc/stunnel/roundcube.conf
         owner=root group=root
         mode=0644
   register: r3
   notify:
author	Guilhem Moulin <guilhem@fripost.org>	2016-05-22 17:49:36 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2016-05-22 17:54:11 +0200
commit	deb4777fb64a8427fa029bcd932a0c58adf203d6 (patch)
tree	4fa5411c5537a8fccb290fba5659bb7f28e191ce /roles/IMAP-proxy/tasks/main.yml
parent	95223463c427517a76e944b8a67d35ece6eb56c1 (diff)