From 5d25466e8365577c48df98afdd22d2880b7ef5ce Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Thu, 3 Oct 2013 13:16:43 -0400
Subject: It turns out postfix's variable for 1024bit DH parameters can
 actually take a file of arbitrary length (#4012)

 Neither Postfix nor OpenSSL actually care about the size of the prime in
 "smtpd_tls_dh1024_param_file".  You can make it 2048 bits

Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5
---
 puppet/modules/site_postfix/manifests/mx/tls.pp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/puppet/modules/site_postfix/manifests/mx/tls.pp b/puppet/modules/site_postfix/manifests/mx/tls.pp
index 96cfa911..cff686e5 100644
--- a/puppet/modules/site_postfix/manifests/mx/tls.pp
+++ b/puppet/modules/site_postfix/manifests/mx/tls.pp
@@ -29,8 +29,8 @@ class site_postfix::mx::tls {
   # parameters Neither Postfix nor OpenSSL actually care about the size of the
   # prime in "smtpd_tls_dh1024_param_file".  You can make it 2048 bits
 
-  exec { 'certtool-postfix-gendh-1024':
-    command => 'certtool --generate-dh-params --bits=2048 --outfile=/etc/postfix/smtpd_tls_dh_param.pem',
+  exec { 'certtool-postfix-gendh':
+    command => 'certtool --generate-dh-params --bits 2048 --outfile /etc/postfix/smtpd_tls_dh_param.pem',
     user    => root,
     group   => root,
     creates => '/etc/postfix/smtpd_tls_dh_param.pem',
@@ -43,7 +43,7 @@ class site_postfix::mx::tls {
       owner   => root,
       group   => root,
       mode    => '0600',
-      require => Exec['certtool-postfix-gendh-1024'];
+      require => Exec['certtool-postfix-gendh'];
   }
 
   postfix::config { 'smtpd_tls_dh1024_param_file':
-- 
cgit v1.2.3