From deb4777fb64a8427fa029bcd932a0c58adf203d6 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 22 May 2016 17:49:36 +0200 Subject: IMAP proxy: copy only the leaf cert, not the whole chain. The comment regarding stunnel4 seems to not be relevant any longer. --- roles/IMAP-proxy/tasks/main.yml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/roles/IMAP-proxy/tasks/main.yml b/roles/IMAP-proxy/tasks/main.yml index 3d4efb1..7fcf91d 100644 --- a/roles/IMAP-proxy/tasks/main.yml +++ b/roles/IMAP-proxy/tasks/main.yml @@ -50,14 +50,10 @@ mode=0755 - name: Copy Dovecot's X.509 certificate - # XXX: it's unfortunate that we have to store the whole CA chain... - # for some reason stunnel's level 4 "verify" (CA chain and only verify - # peer certificate) doesn't always work: - # https://www.stunnel.org/pipermail/stunnel-users/2013-July/004249.html - assemble: src=certs/dovecot remote_src=no - dest=/etc/stunnel/certs/imap.fripost.org.pem - owner=root group=root - mode=0644 + copy: src=certs/public/imap.fripost.org.pem + dest=/etc/stunnel/certs/imap.fripost.org.pem + owner=root group=root + mode=0644 register: r1 notify: - Restart stunnel@roundcube -- cgit v1.2.3