Re: dovecot ssl key configuration - example is wrong

[Adam Ciarciński <adam%NetBSD.org@localhost>]

> I just set up a system with 2.2.13 and found the ssl configuration to be
> boggling.  The example config file has
> 
>  # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
>  # dropping root privileges, so keep the key file unreadable by anyone but
>  # root. Included doc/mkcert.sh can be used to easily generate self-signed
>  # certificate, just make sure to update the domains in dovecot-openssl.cnf
>  #ssl_cert = /etc/openssl/certs/dovecot.pem
>  #ssl_key = /etc/openssl/private/dovecot.pem
> 
> which looks quite sane.  However, that got me
> 
>  Oct  9 14:40:31 foo dovecot: imap-login: Fatal: Couldn't parse private
>  ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line:
>  Expecting: ANY PRIVATE KEY
> 
> and I found that I had to put in the config file:
> 
>  ssl_key = </etc/openssl/private/foo.pem
>  ssl_cert = </etc/openssl/certs/foo.pem
> 
> and then all was well.  Interestingly doveconf did put a < in the
> converted file from the v1 config file, but I presumed that was a bug.
> 
> So if it really is the case that for a file one usee "<" (and presumably
> without < the RHS is the PEM-encoded key???), then the example should
> have a < and explain this.
> 
> Before sending the above to the dovecot list, I looked in the sources,
> and find that pkgsrc patches out the "<"!!
> But I can't figure out why.

I can't figure out either. I think patch-ab, -ac, and -ae are useless and should be removed.

Kind regards,
Adam