[packages/courier.git] / courier-certs.patch

diff -Nur old/configure.in new/configure.in
--- old/configure.in	2004-05-16 02:40:19.000000000 +0000
+++ new/configure.in	2004-05-25 07:37:13.000000000 +0000
@@ -58,6 +58,11 @@
 eval "localstatedir=$localstatedir"
 eval "datadir=$datadir"
 
+AC_ARG_WITH(certsdir, [  --with-certsdir Directory where certs are created ],
+certsdir="$withval", certsdir=$datadir)
+
+AC_SUBST(certsdir)
+
 AC_ARG_WITH(userdb, [
 -- see INSTALL, or courier/doc/install.html for configuration options -- ], ,
 	ac_configure_args="$ac_configure_args --with-userdb=${sysconfdir}/userdb")
diff -Nur old/courier/configure.in new/courier/configure.in
--- old/courier/configure.in	2004-05-02 14:59:42.000000000 +0000
+++ new/courier/configure.in	2004-05-25 07:38:14.000000000 +0000
@@ -575,6 +575,12 @@
 
 eval "exec_prefix=$exec_prefix"
 eval "bindir=$bindir"
+eval "datadir=$datadir"
+
+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
+certsdir="$withval", certsdir=$datadir)
+
+AC_SUBST(certsdir)
 
 MAILDROP="$bindir/maildrop"
 AC_SUBST(MAILDROP)
diff -Nur old/courier/imapd-ssl.rc.in new/courier/imapd-ssl.rc.in
--- old/courier/imapd-ssl.rc.in	2004-05-24 21:25:19.000000000 +0000
+++ new/courier/imapd-ssl.rc.in	2004-05-24 21:32:29.000000000 +0000
@@ -28,6 +28,11 @@
 
 case $1 in
 start)
+	# If we do not have a certificate, make one up.
+	if [ ! -f @certsdir@/imapd.pem ]; then
+	@sbindir@/mkimapdcert
+	fi
+
 	LIBAUTHMODULES=""
 	for f in `echo $AUTHMODULES`
 	do
diff -Nur old/courier/module.esmtp/configure.in new/courier/module.esmtp/configure.in
--- old/courier/module.esmtp/configure.in	2004-05-11 00:16:05.000000000 +0000
+++ new/courier/module.esmtp/configure.in	2004-05-25 07:46:38.000000000 +0000
@@ -300,6 +300,11 @@
 eval "datadir=$datadir"
 eval "localstatedir=$localstatedir"
 
+AC_ARG_WITH(certsdir, [  --with-certsdir Directory where certs are created ],
+certsdir="$withval", certsdir=$datadir)
+
+AC_SUBST(certsdir)
+
 dnl
 dnl  Check what libraries are available
 dnl
diff -Nur old/courier/module.esmtp/esmtpd.cnf.in new/courier/module.esmtp/esmtpd.cnf.in
--- old/courier/module.esmtp/esmtpd.cnf.in	2001-08-18 22:18:12.000000000 +0000
+++ new/courier/module.esmtp/esmtpd.cnf.in	2004-05-30 22:38:12.000000000 +0000
@@ -1,5 +1,5 @@
 
-RANDFILE = @datadir@/esmtpd.rnd
+RANDFILE = @certsdir@/esmtpd.rand
 
 [ req ]
 default_bits = 1024
diff -Nur old/courier/module.esmtp/esmtpd-ssl.dist.in new/courier/module.esmtp/esmtpd-ssl.dist.in
--- old/courier/module.esmtp/esmtpd-ssl.dist.in	2004-04-24 19:56:19.000000000 +0000
+++ new/courier/module.esmtp/esmtpd-ssl.dist.in	2004-05-24 20:57:52.000000000 +0000
@@ -168,7 +168,7 @@
 # servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
 # treated as confidential, and must not be world-readable.
 #
-TLS_CERTFILE=@datadir@/esmtpd.pem
+TLS_CERTFILE=@certsdir@/esmtpd.pem
 
 ##NAME: TLS_TRUSTCERTS:0
 #
diff -Nur old/courier/module.esmtp/esmtpd-ssl.in new/courier/module.esmtp/esmtpd-ssl.in
--- old/courier/module.esmtp/esmtpd-ssl.in	2004-05-24 21:24:41.000000000 +0000
+++ new/courier/module.esmtp/esmtpd-ssl.in	2004-05-24 21:31:31.000000000 +0000
@@ -25,6 +25,10 @@
 
 case $1 in
 start)
+	# If we do not have a certificate, make one up.
+	if [ ! -f @certsdir@/esmtpd.pem ]; then
+	@sbindir@/mkesmtpdcert
+	fi
 	;;
 stop)
 	${sbindir}/couriertcpd -pid=$SSLPIDFILE -stop
diff -Nur old/courier/module.esmtp/mkesmtpdcert.in new/courier/module.esmtp/mkesmtpdcert.in
--- old/courier/module.esmtp/mkesmtpdcert.in	2000-09-18 17:24:01.000000000 +0000
+++ new/courier/module.esmtp/mkesmtpdcert.in	2004-05-25 07:31:21.000000000 +0000
@@ -11,25 +11,25 @@
 
 test -x @OPENSSL@ || exit 0
 
-if test -f @datadir@/esmtpd.pem
+if test -f @certsdir@/esmtpd.pem
 then
-	echo "@datadir@/esmtpd.pem already exists."
+	echo "@certsdir@/esmtpd.pem already exists."
 	exit 1
 fi
 
-cp /dev/null @datadir@/esmtpd.pem
-chmod 600 @datadir@/esmtpd.pem
-chown @mailuser@ @datadir@/esmtpd.pem
+cp /dev/null @certsdir@/esmtpd.pem
+chmod 600 @certsdir@/esmtpd.pem
+chown @mailuser@ @certsdir@/esmtpd.pem
 
 cleanup() {
-	rm -f @datadir@/esmtpd.rand
-	rm -f @datadir@/esmtpd.pem
+	rm -f @certsdir@/esmtpd.rand
+	rm -f @certsdir@/esmtpd.pem
 	exit 1
 }
 
-dd if=@RANDOMV@ of=@datadir@/esmtpd.rand count=1 2>/dev/null
+dd if=@RANDOMV@ of=@certsdir@/esmtpd.rand count=1 2>/dev/null
 @OPENSSL@ req -new -x509 -days 365 -nodes \
-	-config @sysconfdir@/esmtpd.cnf -out @datadir@/esmtpd.pem -keyout @datadir@/esmtpd.pem || cleanup
-@OPENSSL@ gendh -rand @datadir@/esmtpd.rand 512 >>@datadir@/esmtpd.pem || cleanup
-@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/esmtpd.pem || cleanup
-rm -f @datadir@/esmtpd.rand
+	-config @sysconfdir@/esmtpd.cnf -out @certsdir@/esmtpd.pem -keyout @certsdir@/esmtpd.pem || cleanup
+@OPENSSL@ gendh -rand @certsdir@/esmtpd.rand 512 >>@certsdir@/esmtpd.pem || cleanup
+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/esmtpd.pem || cleanup
+rm -f @certsdir@/esmtpd.rand
diff -Nur old/courier/pop3d-ssl.in new/courier/pop3d-ssl.in
--- old/courier/pop3d-ssl.in	2004-05-24 21:25:31.000000000 +0000
+++ new/courier/pop3d-ssl.in	2004-05-24 21:33:05.000000000 +0000
@@ -29,6 +29,11 @@
 
 case $1 in
 start)
+	# If we do not have a certificate, make one up.
+	if [ ! -f @certsdir@/pop3d.pem ]; then
+	@sbindir@/mkpop3dcert
+	fi
+
 	LIBAUTHMODULES=""
 	for f in `echo $AUTHMODULES`
 	do
diff -Nur old/courier.sysvinit.in new/courier.sysvinit.in
--- old/courier.sysvinit.in	2004-05-02 14:24:06.000000000 +0000
+++ new/courier.sysvinit.in	2004-05-24 20:56:37.000000000 +0000
@@ -14,7 +14,7 @@
 sbindir="@sbindir@"
 bindir="@bindir@"
 libexecdir="@libexecdir@"
-datadir="@datadir@"
+certsdir="@certsdir@"
 
 if test ! -f ${sysconfdir}/esmtpd
 then
@@ -82,7 +82,7 @@
 	then
 # If we do not have a certificate, make one up.
 
-		if test ! -f ${datadir}/esmtpd.pem
+		if test ! -f ${certsdir}/esmtpd.pem
 		then
 			if test -x $COURIERTLS
 			then
@@ -149,7 +149,7 @@
 			then
 # If we do not have a certificate, make one up.
 
-				if test ! -f ${datadir}/pop3d.pem
+				if test ! -f ${certsdir}/pop3d.pem
 				then
 					echo -n " generating-POP3-SSL-certificate..."
 
@@ -179,7 +179,7 @@
 			then
 # If we do not have a certificate, make one up.
 
-				if test ! -f ${datadir}/imapd.pem
+				if test ! -f ${certsdir}/imapd.pem
 				then
 					echo -n " generating-IMAP-SSL-certificate..."
 
diff -Nur old/imap/configure.in new/imap/configure.in
--- old/imap/configure.in	2004-05-16 02:38:13.000000000 +0000
+++ new/imap/configure.in	2004-05-25 07:37:24.000000000 +0000
@@ -283,6 +283,11 @@
 eval "sysconfdir=$sysconfdir"
 eval "localstatedir=$localstatedir"
 
+AC_ARG_WITH(certsdir, [  --with-certsdir Directory where certs are created ],
+certsdir="$withval", certsdir=$datadir)
+
+AC_SUBST(certsdir)
+
 #
 # Check for PAM configuration flavor
 
diff -Nur old/imap/imapd.cnf.in new/imap/imapd.cnf.in
--- old/imap/imapd.cnf.in	2001-03-24 04:59:55.000000000 +0000
+++ new/imap/imapd.cnf.in	2004-05-30 22:37:03.000000000 +0000
@@ -1,5 +1,5 @@
 
-RANDFILE = @datadir@/imapd.rand
+RANDFILE = @certsdir@/imapd.rand
 
 [ req ]
 default_bits = 1024
diff -Nur old/imap/imapd-ssl.dist.in new/imap/imapd-ssl.dist.in
--- old/imap/imapd-ssl.dist.in	2004-01-25 05:40:03.000000000 +0000
+++ new/imap/imapd-ssl.dist.in	2004-05-24 20:57:29.000000000 +0000
@@ -146,7 +146,7 @@
 # servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
 # treated as confidential, and must not be world-readable.
 #
-TLS_CERTFILE=@datadir@/imapd.pem
+TLS_CERTFILE=@certsdir@/imapd.pem
 
 ##NAME: TLS_TRUSTCERTS:0
 #
diff -Nur old/imap/mkimapdcert.8.in new/imap/mkimapdcert.8.in
--- old/imap/mkimapdcert.8.in	2004-01-14 00:51:10.000000000 +0000
+++ new/imap/mkimapdcert.8.in	2004-05-25 07:32:16.000000000 +0000
@@ -18,7 +18,7 @@
 .PP
 IMAP over SSL requires a valid, signed, X.509 certificate.  The default
 location for the certificate file is
-\fI@datadir@/imapd.pem\fR\&.
+\fI@certsdir@/imapd.pem\fR\&.
 \fBmkimapdcert\fR generates a self-signed X.509 certificate,
 mainly for
 testing.
@@ -26,19 +26,19 @@
 recognized certificate authority, in order for mail clients to accept the
 certificate.
 .PP
-\fI@datadir@/imapd.pem\fR must be owned by the
+\fI@certsdir@/imapd.pem\fR must be owned by the
 @mailuser@ user and
 have no group or world permissions.
 The \fBmkimapdcert\fR command will
 enforce this.  To prevent an unfortunate accident,
 \fBmkimapdcert\fR
-will not work if \fB@datadir@/imapd.pem\fR already exists.
+will not work if \fB@certsdir@/imapd.pem\fR already exists.
 .PP
 \fBmkimapdcert\fR requires
 \fBOpenSSL\fR to be installed.
 .SH "FILES"
 .TP
-\fB@datadir@/imapd.pem\fR
+\fB@certsdir@/imapd.pem\fR
 X.509 certificate.
 .TP
 \fB@sysconfdir@/imapd.cnf\fR
diff -Nur old/imap/mkimapdcert.html.in new/imap/mkimapdcert.html.in
--- old/imap/mkimapdcert.html.in	2004-01-14 00:51:16.000000000 +0000
+++ new/imap/mkimapdcert.html.in	2004-05-25 07:32:37.000000000 +0000
@@ -57,7 +57,7 @@
 location for the certificate file is
 <TT
 CLASS="FILENAME"
->@datadir@/imapd.pem</TT
+>@certsdir@/imapd.pem</TT
 >.
 <B
 CLASS="COMMAND"
@@ -71,7 +71,7 @@
 ><P
 ><TT
 CLASS="FILENAME"
->@datadir@/imapd.pem</TT
+>@certsdir@/imapd.pem</TT
 > must be owned by the
 @mailuser@ user and
 have no group or world permissions.
@@ -86,7 +86,7 @@
 >
 will not work if <B
 CLASS="COMMAND"
->@datadir@/imapd.pem</B
+>@certsdir@/imapd.pem</B
 > already exists.</P
 ><P
 ><B
@@ -111,7 +111,7 @@
 CLASS="VARIABLELIST"
 ><DL
 ><DT
->@datadir@/imapd.pem</DT
+>@certsdir@/imapd.pem</DT
 ><DD
 ><P
 >X.509 certificate.</P
diff -Nur old/imap/mkimapdcert.in new/imap/mkimapdcert.in
--- old/imap/mkimapdcert.in	2001-08-26 16:16:42.000000000 +0000
+++ new/imap/mkimapdcert.in	2004-05-25 07:33:42.000000000 +0000
@@ -13,26 +13,26 @@
 
 prefix="@prefix@"
 
-if test -f @datadir@/imapd.pem
+if test -f @certsdir@/imapd.pem
 then
-	echo "@datadir@/imapd.pem already exists."
+	echo "@certsdir@/imapd.pem already exists."
 	exit 1
 fi
 
-cp /dev/null @datadir@/imapd.pem
-chmod 600 @datadir@/imapd.pem
-chown @mailuser@ @datadir@/imapd.pem
+cp /dev/null @certsdir@/imapd.pem
+chmod 600 @certsdir@/imapd.pem
+chown @mailuser@ @certsdir@/imapd.pem
 
 cleanup() {
-	rm -f @datadir@/imapd.pem
-	rm -f @datadir@/imapd.rand
+	rm -f @certsdir@/imapd.pem
+	rm -f @certsdir@/imapd.rand
 	exit 1
 }
 
-cd @datadir@
-dd if=@RANDOMV@ of=@datadir@/imapd.rand count=1 2>/dev/null
+cd @certsdir@
+dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null
 @OPENSSL@ req -new -x509 -days 365 -nodes \
-	-config @sysconfdir@/imapd.cnf -out @datadir@/imapd.pem -keyout @datadir@/imapd.pem || cleanup
-@OPENSSL@ gendh -rand @datadir@/imapd.rand 512 >>@datadir@/imapd.pem || cleanup
-@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/imapd.pem || cleanup
-rm -f @datadir@/imapd.rand
+	-config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem || cleanup
+@OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem || cleanup
+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem || cleanup
+rm -f @certsdir@/imapd.rand
diff -Nur old/imap/mkpop3dcert.8.in new/imap/mkpop3dcert.8.in
--- old/imap/mkpop3dcert.8.in	2004-01-14 00:51:13.000000000 +0000
+++ new/imap/mkpop3dcert.8.in	2004-05-25 07:34:07.000000000 +0000
@@ -18,7 +18,7 @@
 .PP
 POP3 over SSL requires a valid, signed, X.509 certificate.  The default
 location for the certificate file is
-\fI@datadir@/pop3d.pem\fR\&.
+\fI@certsdir@/pop3d.pem\fR\&.
 \fBmkpop3dcert\fR generates a self-signed X.509 certificate,
 mainly for
 testing.
@@ -26,19 +26,19 @@
 recognized certificate authority, in order for mail clients to accept the
 certificate.
 .PP
-\fI@datadir@/pop3d.pem\fR must be owned by the
+\fI@certsdir@/pop3d.pem\fR must be owned by the
 @mailuser@ user and
 have no group or world permissions.
 The \fBmkpop3dcert\fR command will
 enforce this.  To prevent an unfortunate accident,
 \fBmkpop3dcert\fR
-will not work if \fB@datadir@/pop3d.pem\fR already exists.
+will not work if \fB@certsdir@/pop3d.pem\fR already exists.
 .PP
 \fBmkpop3dcert\fR requires
 \fBOpenSSL\fR to be installed.
 .SH "FILES"
 .TP
-\fB@datadir@/pop3d.pem\fR
+\fB@certsdir@/pop3d.pem\fR
 X.509 certificate.
 .TP
 \fB@sysconfdir@/pop3d.cnf\fR
diff -Nur old/imap/mkpop3dcert.html.in new/imap/mkpop3dcert.html.in
--- old/imap/mkpop3dcert.html.in	2004-01-14 00:51:17.000000000 +0000
+++ new/imap/mkpop3dcert.html.in	2004-05-25 07:34:26.000000000 +0000
@@ -57,7 +57,7 @@
 location for the certificate file is
 <TT
 CLASS="FILENAME"
->@datadir@/pop3d.pem</TT
+>@certsdir@/pop3d.pem</TT
 >.
 <B
 CLASS="COMMAND"
@@ -71,7 +71,7 @@
 ><P
 ><TT
 CLASS="FILENAME"
->@datadir@/pop3d.pem</TT
+>@certsdir@/pop3d.pem</TT
 > must be owned by the
 @mailuser@ user and
 have no group or world permissions.
@@ -86,7 +86,7 @@
 >
 will not work if <B
 CLASS="COMMAND"
->@datadir@/pop3d.pem</B
+>@certsdir@/pop3d.pem</B
 > already exists.</P
 ><P
 ><B
@@ -111,7 +111,7 @@
 CLASS="VARIABLELIST"
 ><DL
 ><DT
->@datadir@/pop3d.pem</DT
+>@certsdir@/pop3d.pem</DT
 ><DD
 ><P
 >X.509 certificate.</P
diff -Nur old/imap/mkpop3dcert.in new/imap/mkpop3dcert.in
--- old/imap/mkpop3dcert.in	2000-10-06 17:50:37.000000000 +0000
+++ new/imap/mkpop3dcert.in	2004-05-25 07:35:23.000000000 +0000
@@ -13,25 +13,25 @@
 
 prefix="@prefix@"
 
-if test -f @datadir@/pop3d.pem
+if test -f @certsdir@/pop3d.pem
 then
-	echo "@datadir@/pop3d.pem already exists."
+	echo "@certsdir@/pop3d.pem already exists."
 	exit 1
 fi
 
-cp /dev/null @datadir@/pop3d.pem
-chmod 600 @datadir@/pop3d.pem
-chown @mailuser@ @datadir@/pop3d.pem
+cp /dev/null @certsdir@/pop3d.pem
+chmod 600 @certsdir@/pop3d.pem
+chown @mailuser@ @certsdir@/pop3d.pem
 
 cleanup() {
-	rm -f @datadir@/pop3d.pem
-	rm -f @datadir@/pop3d.rand
+	rm -f @certsdir@/pop3d.pem
+	rm -f @certsdir@/pop3d.rand
 	exit 1
 }
 
-dd if=@RANDOMV@ of=@datadir@/pop3d.rand count=1 2>/dev/null
+dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null
 @OPENSSL@ req -new -x509 -days 365 -nodes \
-	-config @sysconfdir@/pop3d.cnf -out @datadir@/pop3d.pem -keyout @datadir@/pop3d.pem || cleanup
-@OPENSSL@ gendh -rand @datadir@/pop3d.rand 512 >>@datadir@/pop3d.pem || cleanup
-@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/pop3d.pem || cleanup
-rm -f @datadir@/pop3d.rand
+	-config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem || cleanup
+@OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem || cleanup
+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem || cleanup
+rm -f @certsdir@/pop3d.rand
diff -Nur old/imap/pop3d.cnf.in new/imap/pop3d.cnf.in
--- old/imap/pop3d.cnf.in	2001-03-24 04:59:55.000000000 +0000
+++ new/imap/pop3d.cnf.in	2004-05-30 22:37:10.000000000 +0000
@@ -1,5 +1,5 @@
 
-RANDFILE = @datadir@/pop3d.rand
+RANDFILE = @certsdir@/pop3d.rand
 
 [ req ]
 default_bits = 1024
diff -Nur old/imap/pop3d-ssl.dist.in new/imap/pop3d-ssl.dist.in
--- old/imap/pop3d-ssl.dist.in	2004-01-25 05:40:04.000000000 +0000
+++ new/imap/pop3d-ssl.dist.in	2004-05-24 20:57:32.000000000 +0000
@@ -135,7 +135,7 @@
 # servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
 # treated as confidential, and must not be world-readable.
 #
-TLS_CERTFILE=@datadir@/pop3d.pem
+TLS_CERTFILE=@certsdir@/pop3d.pem
 
 ##NAME: TLS_TRUSTCERTS:0
 #
Commit	Line	Data
c2c7a750 AA	1	diff -Nur old/configure.in new/configure.in
c2c7a750 AA	2	--- old/configure.in 2004-05-16 02:40:19.000000000 +0000
69e1f9b1	3	+++ new/configure.in 2004-05-25 07:37:13.000000000 +0000
c2c7a750 AA	4	@@ -58,6 +58,11 @@
	5	eval "localstatedir=$localstatedir"
	6	eval "datadir=$datadir"
	7
	8	+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
69e1f9b1	9	+certsdir="$withval", certsdir=$datadir)
c2c7a750 AA	10	+
	11	+AC_SUBST(certsdir)
	12	+
	13	AC_ARG_WITH(userdb, [
	14	-- see INSTALL, or courier/doc/install.html for configuration options -- ], ,
	15	ac_configure_args="$ac_configure_args --with-userdb=${sysconfdir}/userdb")
	16	diff -Nur old/courier/configure.in new/courier/configure.in
	17	--- old/courier/configure.in 2004-05-02 14:59:42.000000000 +0000
69e1f9b1 AA	18	+++ new/courier/configure.in 2004-05-25 07:38:14.000000000 +0000
	19	@@ -575,6 +575,12 @@
	20
c2c7a750 AA	21	eval "exec_prefix=$exec_prefix"
c2c7a750 AA	22	eval "bindir=$bindir"
69e1f9b1 AA	23	+eval "datadir=$datadir"
69e1f9b1 AA	24	+
c2c7a750	25	+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
69e1f9b1	26	+certsdir="$withval", certsdir=$datadir)
c2c7a750 AA	27	+
c2c7a750 AA	28	+AC_SUBST(certsdir)
69e1f9b1	29
c2c7a750 AA	30	MAILDROP="$bindir/maildrop"
c2c7a750 AA	31	AC_SUBST(MAILDROP)
c2c7a750 AA	32	diff -Nur old/courier/imapd-ssl.rc.in new/courier/imapd-ssl.rc.in
	33	--- old/courier/imapd-ssl.rc.in 2004-05-24 21:25:19.000000000 +0000
	34	+++ new/courier/imapd-ssl.rc.in 2004-05-24 21:32:29.000000000 +0000
	35	@@ -28,6 +28,11 @@
	36
	37	case $1 in
	38	start)
	39	+ # If we do not have a certificate, make one up.
	40	+ if [ ! -f @certsdir@/imapd.pem ]; then
	41	+ @sbindir@/mkimapdcert
	42	+ fi
	43	+
	44	LIBAUTHMODULES=""
	45	for f in `echo $AUTHMODULES`
	46	do
	47	diff -Nur old/courier/module.esmtp/configure.in new/courier/module.esmtp/configure.in
	48	--- old/courier/module.esmtp/configure.in 2004-05-11 00:16:05.000000000 +0000
9cae2a57	49	+++ new/courier/module.esmtp/configure.in 2004-05-25 07:46:38.000000000 +0000
c2c7a750 AA	50	@@ -300,6 +300,11 @@
	51	eval "datadir=$datadir"
	52	eval "localstatedir=$localstatedir"
	53
	54	+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
b3795f4c	55	+certsdir="$withval", certsdir=$datadir)
c2c7a750 AA	56	+
	57	+AC_SUBST(certsdir)
	58	+
	59	dnl
	60	dnl Check what libraries are available
	61	dnl
9cae2a57 AA	62	diff -Nur old/courier/module.esmtp/esmtpd.cnf.in new/courier/module.esmtp/esmtpd.cnf.in
	63	--- old/courier/module.esmtp/esmtpd.cnf.in 2001-08-18 22:18:12.000000000 +0000
	64	+++ new/courier/module.esmtp/esmtpd.cnf.in 2004-05-30 22:38:12.000000000 +0000
	65	@@ -1,5 +1,5 @@
	66
	67	-RANDFILE = @datadir@/esmtpd.rnd
	68	+RANDFILE = @certsdir@/esmtpd.rand
	69
	70	[ req ]
	71	default_bits = 1024
c2c7a750 AA	72	diff -Nur old/courier/module.esmtp/esmtpd-ssl.dist.in new/courier/module.esmtp/esmtpd-ssl.dist.in
	73	--- old/courier/module.esmtp/esmtpd-ssl.dist.in 2004-04-24 19:56:19.000000000 +0000
	74	+++ new/courier/module.esmtp/esmtpd-ssl.dist.in 2004-05-24 20:57:52.000000000 +0000
	75	@@ -168,7 +168,7 @@
	76	# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
	77	# treated as confidential, and must not be world-readable.
	78	#
	79	-TLS_CERTFILE=@datadir@/esmtpd.pem
	80	+TLS_CERTFILE=@certsdir@/esmtpd.pem
	81
	82	##NAME: TLS_TRUSTCERTS:0
	83	#
	84	diff -Nur old/courier/module.esmtp/esmtpd-ssl.in new/courier/module.esmtp/esmtpd-ssl.in
	85	--- old/courier/module.esmtp/esmtpd-ssl.in 2004-05-24 21:24:41.000000000 +0000
	86	+++ new/courier/module.esmtp/esmtpd-ssl.in 2004-05-24 21:31:31.000000000 +0000
	87	@@ -25,6 +25,10 @@
	88
	89	case $1 in
	90	start)
	91	+ # If we do not have a certificate, make one up.
	92	+ if [ ! -f @certsdir@/esmtpd.pem ]; then
	93	+ @sbindir@/mkesmtpdcert
	94	+ fi
	95	;;
	96	stop)
	97	${sbindir}/couriertcpd -pid=$SSLPIDFILE -stop
69e1f9b1 AA	98	diff -Nur old/courier/module.esmtp/mkesmtpdcert.in new/courier/module.esmtp/mkesmtpdcert.in
	99	--- old/courier/module.esmtp/mkesmtpdcert.in 2000-09-18 17:24:01.000000000 +0000
	100	+++ new/courier/module.esmtp/mkesmtpdcert.in 2004-05-25 07:31:21.000000000 +0000
	101	@@ -11,25 +11,25 @@
	102
	103	test -x @OPENSSL@ \|\| exit 0
	104
	105	-if test -f @datadir@/esmtpd.pem
	106	+if test -f @certsdir@/esmtpd.pem
	107	then
	108	- echo "@datadir@/esmtpd.pem already exists."
	109	+ echo "@certsdir@/esmtpd.pem already exists."
	110	exit 1
	111	fi
	112
	113	-cp /dev/null @datadir@/esmtpd.pem
	114	-chmod 600 @datadir@/esmtpd.pem
	115	-chown @mailuser@ @datadir@/esmtpd.pem
	116	+cp /dev/null @certsdir@/esmtpd.pem
	117	+chmod 600 @certsdir@/esmtpd.pem
	118	+chown @mailuser@ @certsdir@/esmtpd.pem
	119
	120	cleanup() {
	121	- rm -f @datadir@/esmtpd.rand
	122	- rm -f @datadir@/esmtpd.pem
	123	+ rm -f @certsdir@/esmtpd.rand
	124	+ rm -f @certsdir@/esmtpd.pem
	125	exit 1
	126	}
	127
	128	-dd if=@RANDOMV@ of=@datadir@/esmtpd.rand count=1 2>/dev/null
	129	+dd if=@RANDOMV@ of=@certsdir@/esmtpd.rand count=1 2>/dev/null
	130	@OPENSSL@ req -new -x509 -days 365 -nodes \
	131	- -config @sysconfdir@/esmtpd.cnf -out @datadir@/esmtpd.pem -keyout @datadir@/esmtpd.pem \|\| cleanup
	132	-@OPENSSL@ gendh -rand @datadir@/esmtpd.rand 512 >>@datadir@/esmtpd.pem \|\| cleanup
	133	-@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/esmtpd.pem \|\| cleanup
	134	-rm -f @datadir@/esmtpd.rand
	135	+ -config @sysconfdir@/esmtpd.cnf -out @certsdir@/esmtpd.pem -keyout @certsdir@/esmtpd.pem \|\| cleanup
	136	+@OPENSSL@ gendh -rand @certsdir@/esmtpd.rand 512 >>@certsdir@/esmtpd.pem \|\| cleanup
	137	+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/esmtpd.pem \|\| cleanup
	138	+rm -f @certsdir@/esmtpd.rand
c2c7a750 AA	139	diff -Nur old/courier/pop3d-ssl.in new/courier/pop3d-ssl.in
	140	--- old/courier/pop3d-ssl.in 2004-05-24 21:25:31.000000000 +0000
	141	+++ new/courier/pop3d-ssl.in 2004-05-24 21:33:05.000000000 +0000
	142	@@ -29,6 +29,11 @@
	143
	144	case $1 in
	145	start)
	146	+ # If we do not have a certificate, make one up.
	147	+ if [ ! -f @certsdir@/pop3d.pem ]; then
	148	+ @sbindir@/mkpop3dcert
	149	+ fi
	150	+
	151	LIBAUTHMODULES=""
	152	for f in `echo $AUTHMODULES`
	153	do
	154	diff -Nur old/courier.sysvinit.in new/courier.sysvinit.in
	155	--- old/courier.sysvinit.in 2004-05-02 14:24:06.000000000 +0000
	156	+++ new/courier.sysvinit.in 2004-05-24 20:56:37.000000000 +0000
	157	@@ -14,7 +14,7 @@
	158	sbindir="@sbindir@"
	159	bindir="@bindir@"
	160	libexecdir="@libexecdir@"
	161	-datadir="@datadir@"
	162	+certsdir="@certsdir@"
	163
	164	if test ! -f ${sysconfdir}/esmtpd
	165	then
	166	@@ -82,7 +82,7 @@
	167	then
	168	# If we do not have a certificate, make one up.
	169
	170	- if test ! -f ${datadir}/esmtpd.pem
	171	+ if test ! -f ${certsdir}/esmtpd.pem
	172	then
	173	if test -x $COURIERTLS
	174	then
	175	@@ -149,7 +149,7 @@
	176	then
	177	# If we do not have a certificate, make one up.
	178
	179	- if test ! -f ${datadir}/pop3d.pem
	180	+ if test ! -f ${certsdir}/pop3d.pem
	181	then
	182	echo -n " generating-POP3-SSL-certificate..."
	183
	184	@@ -179,7 +179,7 @@
	185	then
	186	# If we do not have a certificate, make one up.
	187
	188	- if test ! -f ${datadir}/imapd.pem
	189	+ if test ! -f ${certsdir}/imapd.pem
	190	then
	191	echo -n " generating-IMAP-SSL-certificate..."
	192
	193	diff -Nur old/imap/configure.in new/imap/configure.in
	194	--- old/imap/configure.in 2004-05-16 02:38:13.000000000 +0000
69e1f9b1	195	+++ new/imap/configure.in 2004-05-25 07:37:24.000000000 +0000
c2c7a750 AA	196	@@ -283,6 +283,11 @@
	197	eval "sysconfdir=$sysconfdir"
	198	eval "localstatedir=$localstatedir"
	199
	200	+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
69e1f9b1	201	+certsdir="$withval", certsdir=$datadir)
c2c7a750 AA	202	+
	203	+AC_SUBST(certsdir)
	204	+
	205	#
	206	# Check for PAM configuration flavor
	207
9cae2a57 AA	208	diff -Nur old/imap/imapd.cnf.in new/imap/imapd.cnf.in
	209	--- old/imap/imapd.cnf.in 2001-03-24 04:59:55.000000000 +0000
	210	+++ new/imap/imapd.cnf.in 2004-05-30 22:37:03.000000000 +0000
	211	@@ -1,5 +1,5 @@
	212
	213	-RANDFILE = @datadir@/imapd.rand
	214	+RANDFILE = @certsdir@/imapd.rand
	215
	216	[ req ]
	217	default_bits = 1024
c2c7a750 AA	218	diff -Nur old/imap/imapd-ssl.dist.in new/imap/imapd-ssl.dist.in
	219	--- old/imap/imapd-ssl.dist.in 2004-01-25 05:40:03.000000000 +0000
	220	+++ new/imap/imapd-ssl.dist.in 2004-05-24 20:57:29.000000000 +0000
	221	@@ -146,7 +146,7 @@
	222	# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
	223	# treated as confidential, and must not be world-readable.
	224	#
	225	-TLS_CERTFILE=@datadir@/imapd.pem
	226	+TLS_CERTFILE=@certsdir@/imapd.pem
	227
	228	##NAME: TLS_TRUSTCERTS:0
	229	#
69e1f9b1 AA	230	diff -Nur old/imap/mkimapdcert.8.in new/imap/mkimapdcert.8.in
	231	--- old/imap/mkimapdcert.8.in 2004-01-14 00:51:10.000000000 +0000
	232	+++ new/imap/mkimapdcert.8.in 2004-05-25 07:32:16.000000000 +0000
	233	@@ -18,7 +18,7 @@
	234	.PP
	235	IMAP over SSL requires a valid, signed, X.509 certificate. The default
	236	location for the certificate file is
	237	-\fI@datadir@/imapd.pem\fR\&.
	238	+\fI@certsdir@/imapd.pem\fR\&.
	239	\fBmkimapdcert\fR generates a self-signed X.509 certificate,
	240	mainly for
	241	testing.
	242	@@ -26,19 +26,19 @@
	243	recognized certificate authority, in order for mail clients to accept the
	244	certificate.
	245	.PP
	246	-\fI@datadir@/imapd.pem\fR must be owned by the
	247	+\fI@certsdir@/imapd.pem\fR must be owned by the
	248	@mailuser@ user and
	249	have no group or world permissions.
	250	The \fBmkimapdcert\fR command will
	251	enforce this. To prevent an unfortunate accident,
	252	\fBmkimapdcert\fR
	253	-will not work if \fB@datadir@/imapd.pem\fR already exists.
	254	+will not work if \fB@certsdir@/imapd.pem\fR already exists.
	255	.PP
	256	\fBmkimapdcert\fR requires
	257	\fBOpenSSL\fR to be installed.
	258	.SH "FILES"
	259	.TP
	260	-\fB@datadir@/imapd.pem\fR
	261	+\fB@certsdir@/imapd.pem\fR
	262	X.509 certificate.
	263	.TP
	264	\fB@sysconfdir@/imapd.cnf\fR
	265	diff -Nur old/imap/mkimapdcert.html.in new/imap/mkimapdcert.html.in
	266	--- old/imap/mkimapdcert.html.in 2004-01-14 00:51:16.000000000 +0000
	267	+++ new/imap/mkimapdcert.html.in 2004-05-25 07:32:37.000000000 +0000
	268	@@ -57,7 +57,7 @@
	269	location for the certificate file is
	270	<TT
	271	CLASS="FILENAME"
	272	->@datadir@/imapd.pem</TT
	273	+>@certsdir@/imapd.pem</TT
	274	>.
	275	<B
	276	CLASS="COMMAND"
	277	@@ -71,7 +71,7 @@
	278	><P
	279	><TT
	280	CLASS="FILENAME"
	281	->@datadir@/imapd.pem</TT
	282	+>@certsdir@/imapd.pem</TT
	283	> must be owned by the
	284	@mailuser@ user and
	285	have no group or world permissions.
	286	@@ -86,7 +86,7 @@
	287	>
	288	will not work if <B
	289	CLASS="COMMAND"
	290	->@datadir@/imapd.pem</B
	291	+>@certsdir@/imapd.pem</B
	292	> already exists.</P
	293	><P
294	><B
295	@@ -111,7 +111,7 @@
296	CLASS="VARIABLELIST"
297	><DL
298	><DT
299	->@datadir@/imapd.pem</DT
300	+>@certsdir@/imapd.pem</DT
301	><DD
302	><P
303	>X.509 certificate.</P
304	diff -Nur old/imap/mkimapdcert.in new/imap/mkimapdcert.in
305	--- old/imap/mkimapdcert.in 2001-08-26 16:16:42.000000000 +0000
306	+++ new/imap/mkimapdcert.in 2004-05-25 07:33:42.000000000 +0000
307	@@ -13,26 +13,26 @@
308
309	prefix="@prefix@"
310
311	-if test -f @datadir@/imapd.pem
312	+if test -f @certsdir@/imapd.pem
313	then
314	- echo "@datadir@/imapd.pem already exists."
315	+ echo "@certsdir@/imapd.pem already exists."
316	exit 1
317	fi
318
319	-cp /dev/null @datadir@/imapd.pem
320	-chmod 600 @datadir@/imapd.pem
321	-chown @mailuser@ @datadir@/imapd.pem
322	+cp /dev/null @certsdir@/imapd.pem
323	+chmod 600 @certsdir@/imapd.pem
324	+chown @mailuser@ @certsdir@/imapd.pem
325
326	cleanup() {
327	- rm -f @datadir@/imapd.pem
328	- rm -f @datadir@/imapd.rand
329	+ rm -f @certsdir@/imapd.pem
330	+ rm -f @certsdir@/imapd.rand
331	exit 1
332	}
333
334	-cd @datadir@
335	-dd if=@RANDOMV@ of=@datadir@/imapd.rand count=1 2>/dev/null
336	+cd @certsdir@
337	+dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null
338	@OPENSSL@ req -new -x509 -days 365 -nodes \
339	- -config @sysconfdir@/imapd.cnf -out @datadir@/imapd.pem -keyout @datadir@/imapd.pem \|\| cleanup
340	-@OPENSSL@ gendh -rand @datadir@/imapd.rand 512 >>@datadir@/imapd.pem \|\| cleanup
341	-@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/imapd.pem \|\| cleanup
342	-rm -f @datadir@/imapd.rand
343	+ -config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem \|\| cleanup
344	+@OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem \|\| cleanup
345	+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem \|\| cleanup
346	+rm -f @certsdir@/imapd.rand
347	diff -Nur old/imap/mkpop3dcert.8.in new/imap/mkpop3dcert.8.in
348	--- old/imap/mkpop3dcert.8.in 2004-01-14 00:51:13.000000000 +0000
349	+++ new/imap/mkpop3dcert.8.in 2004-05-25 07:34:07.000000000 +0000
350	@@ -18,7 +18,7 @@
351	.PP
352	POP3 over SSL requires a valid, signed, X.509 certificate. The default
353	location for the certificate file is
354	-\fI@datadir@/pop3d.pem\fR\&.
355	+\fI@certsdir@/pop3d.pem\fR\&.
356	\fBmkpop3dcert\fR generates a self-signed X.509 certificate,
357	mainly for
358	testing.
359	@@ -26,19 +26,19 @@
360	recognized certificate authority, in order for mail clients to accept the
361	certificate.
362	.PP
363	-\fI@datadir@/pop3d.pem\fR must be owned by the
364	+\fI@certsdir@/pop3d.pem\fR must be owned by the
365	@mailuser@ user and
366	have no group or world permissions.
367	The \fBmkpop3dcert\fR command will
368	enforce this. To prevent an unfortunate accident,
369	\fBmkpop3dcert\fR
370	-will not work if \fB@datadir@/pop3d.pem\fR already exists.
371	+will not work if \fB@certsdir@/pop3d.pem\fR already exists.
372	.PP
373	\fBmkpop3dcert\fR requires
374	\fBOpenSSL\fR to be installed.
375	.SH "FILES"
376	.TP
377	-\fB@datadir@/pop3d.pem\fR
378	+\fB@certsdir@/pop3d.pem\fR
379	X.509 certificate.
380	.TP
381	\fB@sysconfdir@/pop3d.cnf\fR
382	diff -Nur old/imap/mkpop3dcert.html.in new/imap/mkpop3dcert.html.in
383	--- old/imap/mkpop3dcert.html.in 2004-01-14 00:51:17.000000000 +0000
384	+++ new/imap/mkpop3dcert.html.in 2004-05-25 07:34:26.000000000 +0000
385	@@ -57,7 +57,7 @@
386	location for the certificate file is
387	<TT
388	CLASS="FILENAME"
389	->@datadir@/pop3d.pem</TT
390	+>@certsdir@/pop3d.pem</TT
391	>.
392	<B
393	CLASS="COMMAND"
394	@@ -71,7 +71,7 @@
395	><P
396	><TT
397	CLASS="FILENAME"
398	->@datadir@/pop3d.pem</TT
399	+>@certsdir@/pop3d.pem</TT
400	> must be owned by the
401	@mailuser@ user and
402	have no group or world permissions.
403	@@ -86,7 +86,7 @@
404	>
405	will not work if <B
406	CLASS="COMMAND"
407	->@datadir@/pop3d.pem</B
408	+>@certsdir@/pop3d.pem</B
409	> already exists.</P
410	><P
411	><B
412	@@ -111,7 +111,7 @@
413	CLASS="VARIABLELIST"
414	><DL
415	><DT
416	->@datadir@/pop3d.pem</DT
417	+>@certsdir@/pop3d.pem</DT
418	><DD
419	><P
420	>X.509 certificate.</P
421	diff -Nur old/imap/mkpop3dcert.in new/imap/mkpop3dcert.in
422	--- old/imap/mkpop3dcert.in 2000-10-06 17:50:37.000000000 +0000
423	+++ new/imap/mkpop3dcert.in 2004-05-25 07:35:23.000000000 +0000
424	@@ -13,25 +13,25 @@
425
426	prefix="@prefix@"
427
428	-if test -f @datadir@/pop3d.pem
429	+if test -f @certsdir@/pop3d.pem
430	then
431	- echo "@datadir@/pop3d.pem already exists."
432	+ echo "@certsdir@/pop3d.pem already exists."
433	exit 1
434	fi
435
436	-cp /dev/null @datadir@/pop3d.pem
437	-chmod 600 @datadir@/pop3d.pem
438	-chown @mailuser@ @datadir@/pop3d.pem
439	+cp /dev/null @certsdir@/pop3d.pem
440	+chmod 600 @certsdir@/pop3d.pem
441	+chown @mailuser@ @certsdir@/pop3d.pem
442
443	cleanup() {
444	- rm -f @datadir@/pop3d.pem
445	- rm -f @datadir@/pop3d.rand
446	+ rm -f @certsdir@/pop3d.pem
447	+ rm -f @certsdir@/pop3d.rand
448	exit 1
449	}
450
451	-dd if=@RANDOMV@ of=@datadir@/pop3d.rand count=1 2>/dev/null
452	+dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null
453	@OPENSSL@ req -new -x509 -days 365 -nodes \
454	- -config @sysconfdir@/pop3d.cnf -out @datadir@/pop3d.pem -keyout @datadir@/pop3d.pem \|\| cleanup
455	-@OPENSSL@ gendh -rand @datadir@/pop3d.rand 512 >>@datadir@/pop3d.pem \|\| cleanup
456	-@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/pop3d.pem \|\| cleanup
457	-rm -f @datadir@/pop3d.rand
458	+ -config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem \|\| cleanup
459	+@OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem \|\| cleanup
460	+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem \|\| cleanup
461	+rm -f @certsdir@/pop3d.rand
9cae2a57 AA	462	diff -Nur old/imap/pop3d.cnf.in new/imap/pop3d.cnf.in
	463	--- old/imap/pop3d.cnf.in 2001-03-24 04:59:55.000000000 +0000
	464	+++ new/imap/pop3d.cnf.in 2004-05-30 22:37:10.000000000 +0000
	465	@@ -1,5 +1,5 @@
	466
	467	-RANDFILE = @datadir@/pop3d.rand
	468	+RANDFILE = @certsdir@/pop3d.rand
	469
	470	[ req ]
	471	default_bits = 1024
c2c7a750 AA	472	diff -Nur old/imap/pop3d-ssl.dist.in new/imap/pop3d-ssl.dist.in
	473	--- old/imap/pop3d-ssl.dist.in 2004-01-25 05:40:04.000000000 +0000
	474	+++ new/imap/pop3d-ssl.dist.in 2004-05-24 20:57:32.000000000 +0000
	475	@@ -135,7 +135,7 @@
	476	# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
	477	# treated as confidential, and must not be world-readable.
	478	#
	479	-TLS_CERTFILE=@datadir@/pop3d.pem
	480	+TLS_CERTFILE=@certsdir@/pop3d.pem
	481
	482	##NAME: TLS_TRUSTCERTS:0
	483	#