From d27307d27b50d87493b8a752a64581e6eeb5dd4d Mon Sep 17 00:00:00 2001
From: Thomas Vander Stichele <thomas (at) apestaart (dot) org>
Date: Sat, 27 Aug 2016 20:36:16 +0000
Subject: [PATCH 1/2] Add smtpd_tls_CApath support

---
 manifests/server.pp   | 1 +
 templates/main.cf.erb | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/manifests/server.pp b/manifests/server.pp
index a1872bd..9a1f9e4 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -61,6 +61,7 @@
   $smtpd_tls_key_file = undef,
   $smtpd_tls_cert_file = undef,
   $smtpd_tls_CAfile = undef,
+  $smtpd_tls_CApath = undef,
   $smtpd_sasl_auth = false,
   $smtpd_sasl_type = 'dovecot',
   $smtpd_sasl_path = 'private/auth',
diff --git a/templates/main.cf.erb b/templates/main.cf.erb
index c09ce70..e1e07d5 100644
--- a/templates/main.cf.erb
+++ b/templates/main.cf.erb
@@ -754,6 +754,14 @@ smtpd_tls_ask_ccert = yes
 tls_append_default_CA = yes
 <% end -%>
 
+<% if @smtpd_tls_CAfile -%>
+smtpd_tls_CAfile = <%= @smtpd_tls_CAfile %>
+<% end -%>
+
+<% if @smtpd_tls_CApath -%>
+smtpd_tls_CApath = <%= @smtpd_tls_CApath %>
+<% end -%>
+
 <% end -%>
 <% if @smtpd_sasl_auth -%>
 # Auth against external daemon (usually dovecot or cyrus)

From 4c756d7a25c29270aa437d0a6fe8c578fd13f7be Mon Sep 17 00:00:00 2001
From: Thomas Vander Stichele <thomas (at) apestaart (dot) org>
Date: Sat, 27 Aug 2016 21:26:58 +0000
Subject: [PATCH 2/2] remove double smtpd_tls_CAfile

---
 templates/main.cf.erb | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/templates/main.cf.erb b/templates/main.cf.erb
index e1e07d5..9e9af49 100644
--- a/templates/main.cf.erb
+++ b/templates/main.cf.erb
@@ -747,6 +747,9 @@ smtpd_tls_cert_file = /etc/pki/tls/certs/<%= @ssl %>.crt
 <% if @smtpd_tls_CAfile -%>
 smtpd_tls_CAfile = <%= @smtpd_tls_CAfile %>
 <% end -%>
+<% if @smtpd_tls_CApath -%>
+smtpd_tls_CApath = <%= @smtpd_tls_CApath %>
+<% end -%>
 <% if @smtpd_tls_ask_ccert -%>
 smtpd_tls_ask_ccert = yes
 <% end -%>
@@ -754,14 +757,6 @@ smtpd_tls_ask_ccert = yes
 tls_append_default_CA = yes
 <% end -%>
 
-<% if @smtpd_tls_CAfile -%>
-smtpd_tls_CAfile = <%= @smtpd_tls_CAfile %>
-<% end -%>
-
-<% if @smtpd_tls_CApath -%>
-smtpd_tls_CApath = <%= @smtpd_tls_CApath %>
-<% end -%>
-
 <% end -%>
 <% if @smtpd_sasl_auth -%>
 # Auth against external daemon (usually dovecot or cyrus)