1 files changed, 16 insertions, 3 deletions

diff --git a/main/dovecot/dovecot.post-install b/main/dovecot/dovecot.post-install
index a7cccddfd..d75f01ea2 100644
--- a/main/dovecot/dovecot.post-install
+++ b/main/dovecot/dovecot.post-install
@@ -3,7 +3,6 @@
 # based on  doc/mkcert.sh
 
 # Generates a self-signed certificate.
-# Edit dovecot-openssl.cnf before running this.
 
 OPENSSL=${OPENSSL-openssl}
 SSLDIR=${SSLDIR-/etc/ssl/dovecot}
@@ -12,8 +11,17 @@ OPENSSLCONFIG=${OPENSSLCONFIG-/etc/dovecot/dovecot-openssl.cnf}
 CERTDIR=$SSLDIR
 KEYDIR=$SSLDIR
 
-CERTFILE=$CERTDIR/server.pem
-KEYFILE=$KEYDIR/server.key
+# parse cert and key file from dovecot.conf
+dovecot_conf=/etc/dovecot/dovecot.conf
+ssl_cert_file=
+ssl_key_file=
+if [ -r "$dovecot_conf" ]; then
+	ssl_cert_file=$(awk -F'[[:space:]]*=[[:space:]]*' '/^ssl_cert_file/ { print $2}' $dovecot_conf)
+	ssl_cert_file=$(awk -F'[[:space:]]*=[[:space:]]*' '/^ssl_key_file/ { print $2}' $dovecot_conf)
+fi
+
+CERTFILE=${ssl_cert_file:-$CERTDIR/server.pem}
+KEYFILE=${ssl_key_file:-$KEYDIR/server.key}
 
 if [ -e "$CERTFILE" ]; then
 	echo "Keeiping existing $CERTFILE"
@@ -25,6 +33,11 @@ if [ -e "$KEYFILE" ]; then
 	exit 0
 fi
 
+if [ ! -c /dev/urandom ] && [ ! -c /dev/random ]; then
+	echo "No /dev/urandom or /dev/random so ssl cert not created"
+	exit 1
+fi
+
 $OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2
 chmod 0600 $KEYFILE
 echo