From ac3ac750c117ccf7699a59f2d29f6678a0db2d1c Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Tue, 16 Mar 2021 08:27:23 +0000
Subject: [PATCH] sendmail: Don't hardcode tls key and cert paths

---
 roles/sendmail/templates/sendmail.mc.j2 | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/roles/sendmail/templates/sendmail.mc.j2 b/roles/sendmail/templates/sendmail.mc.j2
index 08b04d3..4cd4507 100644
--- a/roles/sendmail/templates/sendmail.mc.j2
+++ b/roles/sendmail/templates/sendmail.mc.j2
@@ -23,11 +23,11 @@ TRUST_AUTH_MECH(`GSSAPI LOGIN PLAIN')dnl
 define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI LOGIN PLAIN')dnl
 dnl #
 define(`confCACERT_PATH', `/etc/mail/certs')dnl
-define(`confCACERT', `/etc/pki/tls/certs/{{ mail_server }}-chain.crt')dnl
-define(`confSERVER_CERT', `/etc/pki/tls/certs/{{ mail_server }}.crt')dnl
-define(`confSERVER_KEY', `/etc/pki/tls/private/{{ mail_server }}.key')dnl
-define(`confCLIENT_CERT', `/etc/pki/tls/certs/{{ mail_server }}.crt')dnl
-define(`confCLIENT_KEY', `/etc/pki/tls/private/{{ mail_server }}.key')dnl
+define(`confCACERT', `{{ tls_certs }}/{{ mail_server }}-chain.crt')dnl
+define(`confSERVER_CERT', `{{ tls_certs }}/{{ mail_server }}.crt')dnl
+define(`confSERVER_KEY', `{{ tls_private }}/{{ mail_server }}.key')dnl
+define(`confCLIENT_CERT', `{{ tls_certs }}/{{ mail_server }}.crt')dnl
+define(`confCLIENT_KEY', `{{ tls_private }}/{{ mail_server }}.key')dnl
 dnl #
 FEATURE(`no_default_msa', `dnl')dnl
 FEATURE(`smrsh', `/usr/sbin/smrsh')dnl