From 671c62289dd00daf65ca7295bb7d777240bbd755 Mon Sep 17 00:00:00 2001
From: Ilia Ross <ilia@ross.gdn>
Date: Sun, 31 Aug 2025 22:30:09 +0300
Subject: [PATCH] Fix Dovecot 2.4 "SSL Configuration" page work

---
 dovecot/dovecot-lib.pl | 10 +++++++++
 dovecot/edit_ssl.cgi   | 47 ++++++++++++++++++++++++++++--------------
 dovecot/save_ssl.cgi   | 39 +++++++++++++++++++++++++++--------
 3 files changed, 72 insertions(+), 24 deletions(-)

diff --git a/dovecot/dovecot-lib.pl b/dovecot/dovecot-lib.pl
index 4c59c7ea0..ffe266250 100755
--- a/dovecot/dovecot-lib.pl
+++ b/dovecot/dovecot-lib.pl
@@ -555,6 +555,16 @@ return 0 if (!$ver);
 return &compare_version_numbers($ver, $wantver) >= 0;
 }
 
+# version_atmost(ver)
+# Returns 1 if running at most some version or below
+sub version_atmost
+{
+local ($wantver) = @_;
+local $ver = &get_dovecot_version();
+return 0 if (!$ver);
+return &compare_version_numbers($ver, $wantver) < 0;
+}
+
 sub list_lock_methods
 {
 local ($forindex) = @_;
diff --git a/dovecot/edit_ssl.cgi b/dovecot/edit_ssl.cgi
index 89f531b6a..abf8b8d24 100755
--- a/dovecot/edit_ssl.cgi
+++ b/dovecot/edit_ssl.cgi
@@ -9,7 +9,11 @@ print &ui_form_start("save_ssl.cgi", "post");
 print &ui_table_start($text{'ssl_header'}, "width=100%", 4);
 
 # SSL cert and key files
-if (&find_value("ssl_cert", $conf, 2) || &version_atleast("2.2")) {
+if (&version_atleast("2.4")) {
+	$cert = &find_value('ssl_server_cert_file', $conf, 0, "");
+	$cert =~ s/^<//;
+	}
+elsif (&find_value("ssl_cert", $conf, 2) || &version_atleast("2.2")) {
 	$cert = &find_value("ssl_cert", $conf, 0, "");
 	$cert =~ s/^<//;
 	}
@@ -20,7 +24,11 @@ print &ui_table_row($text{'ssl_cert'},
 	    &ui_opt_textbox("cert", $cert, 40, &getdef("ssl_cert_file")), 3,
 	    [ undef, "nowrap" ]);
 
-if (&find_value("ssl_key", $conf, 2) || &version_atleast("2.2")) {
+if (&version_atleast("2.4")) {
+	$key = &find_value('ssl_server_key_file', $conf, 0, "");
+	$key =~ s/^<//;
+	}
+elsif (&find_value("ssl_key", $conf, 2) || &version_atleast("2.2")) {
 	$key = &find_value("ssl_key", $conf, 0, "");
 	$key =~ s/^<//;
 	}
@@ -31,14 +39,12 @@ print &ui_table_row($text{'ssl_key'},
 	    &ui_opt_textbox("key", $key, 40, &getdef("ssl_key_file")), 3,
 	    [ undef, "nowrap" ]);
 
-# SSL key password
-$pass = &find_value("ssl_key_password", $conf);
-print &ui_table_row($text{'ssl_pass'},
-	    &ui_opt_textbox("pass", $pass, 20, $text{'ssl_prompt'}), 3,
-	    [ undef, "nowrap" ]);
-
 # SSL CA file
-if (&find_value("ssl_ca", $conf, 2) || &version_atleast("2.2")) {
+if (&version_atleast("2.4")) {
+	$ca = &find_value('ssl_server_ca_file', $conf, 0, "");
+	$ca =~ s/^<//;
+	}
+elsif (&find_value("ssl_ca", $conf, 2) || &version_atleast("2.2")) {
 	$ca = &find_value("ssl_ca", $conf, 0, "");
 	$ca =~ s/^<//;
 	}
@@ -50,12 +56,23 @@ print &ui_table_row($text{'ssl_ca'},
 		&getdef("ssl_ca_file", [ [ "", $text{'ssl_none'} ] ])), 3,
 	    [ undef, "nowrap" ]);
 
+# SSL key password
+my $passdir = &version_atleast("2.4")
+	? "ssl_server_key_password"
+	: "ssl_key_password";
+$pass = &find_value($passdir, $conf);
+print &ui_table_row($text{'ssl_pass'},
+	    &ui_opt_textbox("pass", $pass, 20, $text{'ssl_prompt'}), 3,
+	    [ undef, "nowrap" ]);
+
 # Parameter regen time
-$regen = &find_value("ssl_parameters_regenerate", $conf);
-print &ui_table_row($text{'ssl_regen'},
-		    &ui_opt_textbox("regen", $regen, 5,
-				    &getdef("ssl_parameters_regenerate")).
-				    " ".$text{'ssl_hours'}, 3);
+if (&version_atmost("2.4")) {
+	$regen = &find_value("ssl_parameters_regenerate", $conf);
+	print &ui_table_row($text{'ssl_regen'},
+			&ui_opt_textbox("regen", $regen, 5,
+					&getdef("ssl_parameters_regenerate")).
+					" ".$text{'ssl_hours'}, 3);
+	}
 
 # Disable plaintext passwords when not SSL
 if (&find_value("auth_allow_cleartext", $conf, 2)) {
@@ -64,7 +81,7 @@ if (&find_value("auth_allow_cleartext", $conf, 2)) {
 	print &ui_table_row($text{'ssl_plain2'},
 	    &ui_radio("plain", $plain,
 		      [ @opts,
-			[ '', &getdef("auth_allow_cleartext", \@opts) ] ]), 3);
+			[ '', "$text{'default'} (No)" ] ]), 3);
 	}
 else {
 	@opts = ( [ 'yes', $text{'yes'} ], [ 'no', $text{'no'} ] );
diff --git a/dovecot/save_ssl.cgi b/dovecot/save_ssl.cgi
index be2439c5c..fe48ed8ed 100755
--- a/dovecot/save_ssl.cgi
+++ b/dovecot/save_ssl.cgi
@@ -7,10 +7,14 @@ require './dovecot-lib.pl';
 $conf = &get_config();
 &lock_dovecot_files($conf);
 
-# Save SSL cert and key
+# Save SSL cert
 $in{'cert_def'} || -r $in{'cert'} || $in{'cert'} =~ /^[<>\|]/ ||
 	&error($text{'ssl_ecert'});
-if (&find_value("ssl_cert", $conf, 2) || &version_atleast("2.2")) {
+if (&version_atleast("2.4")) {
+	&save_directive($conf, "ssl_server_cert_file",
+		        $in{'cert_def'} ? undef : $in{'cert'}, "");
+	}
+elsif (&find_value("ssl_cert", $conf, 2) || &version_atleast("2.2")) {
 	$in{'cert'} = "<".$in{'cert'} if ($in{'cert'} =~ /^\//);
 	&save_directive($conf, "ssl_cert",
 		        $in{'cert_def'} ? undef : $in{'cert'}, "");
@@ -20,9 +24,14 @@ else {
 		        $in{'cert_def'} ? undef : $in{'cert'});
 	}
 
+# Save SSL key
 $in{'key_def'} || -r $in{'key'} || $in{'key'} =~ /^[<>\|]/ ||
 	&error($text{'ssl_ekey'});
-if (&find_value("ssl_key", $conf, 2) || &version_atleast("2.2")) {
+if (&version_atleast("2.4")) {
+	&save_directive($conf, "ssl_server_key_file",
+		        $in{'key_def'} ? undef : $in{'key'}, "");
+	}
+elsif (&find_value("ssl_key", $conf, 2) || &version_atleast("2.2")) {
 	$in{'key'} = "<".$in{'key'} if ($in{'key'} =~ /^\//);
 	&save_directive($conf, "ssl_key",
 		        $in{'key_def'} ? undef : $in{'key'}, "");
@@ -35,7 +44,11 @@ else {
 # Save SSL CA cert
 $in{'ca_def'} || -r $in{'ca'} || $in{'ca'} =~ /^[<>\|]/ ||
 	&error($text{'ssl_eca'});
-if (&find_value("ssl_ca", $conf, 2) || &version_atleast("2.2")) {
+if (&version_atleast("2.4")) {
+	&save_directive($conf, "ssl_server_ca_file",
+		        $in{'ca_def'} ? undef : $in{'ca'}, "");
+	}
+elsif (&find_value("ssl_ca", $conf, 2) || &version_atleast("2.2")) {
 	$in{'ca'} = "<".$in{'ca'} if ($in{'ca'} =~ /^\//);
 	&save_directive($conf, "ssl_ca",
 		        $in{'ca_def'} ? undef : $in{'ca'}, "");
@@ -47,13 +60,21 @@ else {
 
 # Save SSL key password
 $in{'pass_def'} || $in{'pass'} =~ /\S/ || &error($text{'ssl_epass'});
-&save_directive($conf, "ssl_key_password",
-		$in{'pass_def'} ? undef : $in{'pass'});
+&save_directive($conf,
+	&version_atleast("2.4")
+		? "ssl_server_key_password"
+		: "ssl_key_password",
+	$in{'pass_def'} ? undef : $in{'pass'});
 
-$in{'regen_def'} || $in{'regen'} =~ /^\d+$/ || &error($text{'ssl_eregen'});
-&save_directive($conf, "ssl_parameters_regenerate",
-		$in{'regen_def'} ? undef : $in{'regen'});
+# Save SSL parameter regeneration time
+if (&version_atmost("2.4")) {
+	$in{'regen_def'} || $in{'regen'} =~ /^\d+$/ ||
+		&error($text{'ssl_eregen'});
+	&save_directive($conf, "ssl_parameters_regenerate",
+			$in{'regen_def'} ? undef : $in{'regen'});
+	}
 
+# Save plaintext password setting
 if (&find_value("auth_allow_cleartext", $conf, 2)) {
 	&save_directive($conf, "auth_allow_cleartext",
 			$in{'plain'} ? $in{'plain'} : undef);