From 04990fc910f9c88a6b080692487b9315813183d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20M=E4kinen?= <tmakinen@foo.sh>
Date: Sat, 20 Apr 2013 23:23:23 +0300
Subject: [PATCH] Fixed mail server certificate check from sendmail::client.

---
 sendmail/manifests/init.pp       | 40 +++++++++++++++++++-------------
 sendmail/templates/submit.mc.erb |  2 ++
 2 files changed, 26 insertions(+), 16 deletions(-)

diff --git a/sendmail/manifests/init.pp b/sendmail/manifests/init.pp
index 5b83860..aa5cbb7 100644
--- a/sendmail/manifests/init.pp
+++ b/sendmail/manifests/init.pp
@@ -10,6 +10,7 @@ class sendmail::common {
         package { "sendmail":
             ensure => installed,
             name   => [ "sendmail", "sendmail-cf", ],
+            before => File["/etc/mail/certs"],
         }
         service { "sendmail":
             ensure  => running,
@@ -29,13 +30,36 @@ class sendmail::common {
                 notify  => Service["sendmail"],
             }
             $ostype = "linux"
+            $cabundle = "/etc/pki/tls/certs/ca-bundle.crt"
         }
         "ubuntu","debian": {
             $ostype = "linux"
+            $cabundle = "/etc/ssl/certs/ca-certificates.crt"
         }
         "openbsd": {
             $ostype = "openbsd"
+            $cabundle = "/etc/ssl/cert.pem"
         }
+        default: {
+            fail("sendmail module not supported on ${::operatingsystem}")
+        }
+    }
+
+    file { "/etc/mail/certs":
+        ensure  => directory,
+        mode    => "0755",
+        owner   => "root",
+        group   => $::operatingsystem ? {
+            "openbsd" => "wheel",
+            default   => "root",
+        },
+    }
+    exec { "populate-etc-mail-certs":
+        path    => "/bin:/usr/bin:/sbin:/usr/sbin",
+        command => "csplit -k ${cabundle} '/BEGIN/' '{1000}' ; sh -c 'for i in x* ; do name=`openssl x509 -hash -noout -in \$i`.0 ; openssl x509 -hash -in \$i -out \$name ; done' && rm -f x* .0",
+        cwd     => "/etc/mail/certs",
+        onlyif  => "find /etc/mail/certs ! -newer ${cabundle} | egrep '.*' || [ -z \"`ls /etc/mail/certs`\" ]",
+        require => File["/etc/mail/certs"],
     }
 
 }
@@ -240,22 +264,6 @@ class sendmail::server inherits sendmail::common {
         notify  => Service["sendmail"],
     }
 
-    file { "/etc/mail/certs":
-        ensure  => directory,
-        mode    => "0755",
-        owner   => "root",
-        group   => "root",
-        require => Package["sendmail"],
-    }
-    exec { "populate-etc-mail-certs":
-        path    => "/bin:/usr/bin:/sbin:/usr/sbin",
-        command => "csplit /etc/pki/tls/certs/ca-bundle.crt '/BEGIN/' '{*}' ; sh -c 'for i in x* ; do name=`openssl x509 -hash -noout -in \$i`.0 ; openssl x509 -hash -in \$i -out \$name ; done' && rm -f x* .0",
-        cwd     => "/etc/mail/certs",
-        onlyif  => "find /etc/mail/certs ! -newer /etc/pki/tls/certs/ca-bundle.crt | egrep '.*' || [ -z \"`ls /etc/mail/certs`\" ]",
-        require => File["/etc/mail/certs"],
-        before  => Service["sendmail"],
-    }
-
     file { "/etc/aliases":
         ensure  => present,
         name    => $::operatingsystem ? {
diff --git a/sendmail/templates/submit.mc.erb b/sendmail/templates/submit.mc.erb
index ba2bdcf..a1b5ea8 100644
--- a/sendmail/templates/submit.mc.erb
+++ b/sendmail/templates/submit.mc.erb
@@ -35,4 +35,6 @@ define(`confDOMAIN_NAME', `<%= mail_domain %>')dnl
 <% if ['CentOS','RedHat','Fedora'].index(operatingsystem) -%>
 define(`confPID_FILE', `/var/run/sm-client.pid')dnl
 <% end -%>
+define(`confCACERT_PATH', `/etc/mail/certs')dnl
+define(`confCACERT', `<%= scope.lookupvar('sendmail::common::cabundle') %>')dnl
 FEATURE(`use_ct_file')dnl