[packages/courier-imap.git] / courier-imap-certsdir.patch

diff -urN courier-imap-4.3.0.orig/configure.in courier-imap-4.3.0/configure.in
--- courier-imap-4.3.0.orig/configure.in	2007-11-24 04:20:18.000000000 +0100
+++ courier-imap-4.3.0/configure.in	2008-01-19 19:53:07.090124292 +0100
@@ -222,6 +222,11 @@
 
 # Neither does it use the change password feature
 
+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
+certsdir="$withval", certsdir=$datadir)
+
+AC_SUBST(certsdir)
+
 AC_ARG_WITH(authchangepwdir, [], ,
 	ac_configure_args="$ac_configure_args --with-authchangepwdir=/var/tmp/dev/null")
 
diff -urN courier-imap-4.3.0.orig/imap/configure.in courier-imap-4.3.0/imap/configure.in
--- courier-imap-4.3.0.orig/imap/configure.in	2007-11-24 04:20:18.000000000 +0100
+++ courier-imap-4.3.0/imap/configure.in	2008-01-19 19:53:07.090124292 +0100
@@ -52,6 +52,11 @@
 eval "exec_prefix=$exec_prefix"
 eval "bindir=$bindir"
 
+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
+certsdir="$withval", certsdir=$datadir)
+
+AC_SUBST(certsdir)
+
 AC_ARG_WITH(mailer,
 [  --with-mailer=prog  Your mail submission program],
    SENDMAIL="$withval",
diff -urN courier-imap-4.3.0.orig/imap/imapd.cnf.openssl.in courier-imap-4.3.0/imap/imapd.cnf.openssl.in
--- courier-imap-4.3.0.orig/imap/imapd.cnf.openssl.in	2007-11-04 21:49:58.000000000 +0100
+++ courier-imap-4.3.0/imap/imapd.cnf.openssl.in	2008-01-19 19:53:07.090124292 +0100
@@ -1,5 +1,5 @@
 
-RANDFILE = @mydatadir@/imapd.rand
+RANDFILE = @certsdir@/imapd.rand
 
 [ req ]
 default_bits = 1024
diff -urN courier-imap-4.3.0.orig/imap/imapd-ssl.dist.in courier-imap-4.3.0/imap/imapd-ssl.dist.in
--- courier-imap-4.3.0.orig/imap/imapd-ssl.dist.in	2007-11-22 15:23:05.000000000 +0100
+++ courier-imap-4.3.0/imap/imapd-ssl.dist.in	2008-01-19 19:53:22.977590279 +0100
@@ -254,7 +254,7 @@
 #
 # This is an experimental feature.
 
-TLS_CERTFILE=@mydatadir@/imapd.pem
+TLS_CERTFILE=@certsdir@/imapd.pem
 
 ##NAME: TLS_TRUSTCERTS:0
 #
diff -urN courier-imap-4.3.0.orig/imap/mkimapdcert.8.in courier-imap-4.3.0/imap/mkimapdcert.8.in
--- courier-imap-4.3.0.orig/imap/mkimapdcert.8.in	2007-04-22 17:33:32.000000000 +0200
+++ courier-imap-4.3.0/imap/mkimapdcert.8.in	2008-01-19 19:53:58.669385973 +0100
@@ -21,18 +21,18 @@
 .SH "DESCRIPTION"
 .PP
 IMAP over SSL requires a valid, signed, X.509 certificate. The default location for the certificate file is
-\fI@datadir@/imapd.pem\fR.
+\fI@certsdir@/imapd.pem\fR.
 \fBmkimapdcert\fR
 generates a self\-signed X.509 certificate, mainly for testing. For production use the X.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the certificate.
 .PP
 
-\fI@datadir@/imapd.pem\fR
+\fI@certsdir@/imapd.pem\fR
 must be owned by the @mailuser@ user and have no group or world permissions. The
 \fBmkimapdcert\fR
 command will enforce this. To prevent an unfortunate accident,
 \fBmkimapdcert\fR
 will not work if
-\fB@datadir@/imapd.pem\fR
+\fB@certsdir@/imapd.pem\fR
 already exists.
 .PP
 
@@ -42,7 +42,7 @@
 to be installed.
 .SH "FILES"
 .PP
-@datadir@/imapd.pem
+@certsdir@/imapd.pem
 .RS 4
 X.509 certificate.
 .RE
diff -urN courier-imap-4.3.0.orig/imap/mkimapdcert.html.in courier-imap-4.3.0/imap/mkimapdcert.html.in
--- courier-imap-4.3.0.orig/imap/mkimapdcert.html.in	2007-04-22 17:33:32.000000000 +0200
+++ courier-imap-4.3.0/imap/mkimapdcert.html.in	2008-01-19 19:54:30.834337552 +0100
@@ -7,22 +7,22 @@
 --></head><body><div class="refentry" lang="en" xml:lang="en"><a id="mkimapdcert" shape="rect"> </a><div class="titlepage"/><div class="refnamediv"><h2>Name</h2><p>mkimapdcert — create a test SSL certificate for IMAP over SSL</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">@sbindir@/mkimapdcert</code> </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id281688" shape="rect"> </a><h2>DESCRIPTION</h2><p>
 IMAP over SSL requires a valid, signed, X.509 certificate.  The default
 location for the certificate file is
-<code class="filename">@datadir@/imapd.pem</code>.
+<code class="filename">@certsdir@/imapd.pem</code>.
 <span><strong class="command">mkimapdcert</strong></span> generates a self-signed X.509 certificate,
 mainly for
 testing.
 For production use the X.509 certificate must be signed by a
 recognized certificate authority, in order for mail clients to accept the
 certificate.</p><p>
-<code class="filename">@datadir@/imapd.pem</code> must be owned by the
+<code class="filename">@certsdir@/imapd.pem</code> must be owned by the
 @mailuser@ user and
 have no group or world permissions.
 The <span><strong class="command">mkimapdcert</strong></span> command will
 enforce this.  To prevent an unfortunate accident,
 <span><strong class="command">mkimapdcert</strong></span>
-will not work if <span><strong class="command">@datadir@/imapd.pem</strong></span> already exists.</p><p>
+will not work if <span><strong class="command">@certsdir@/imapd.pem</strong></span> already exists.</p><p>
 <span><strong class="command">mkimapdcert</strong></span> requires
-<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@datadir@/imapd.pem</span></dt><dd>
+<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@certsdir@/imapd.pem</span></dt><dd>
 X.509 certificate.
 </dd><dt><span class="term">@sysconfdir@/imapd.cnf</span></dt><dd>
 Parameters used by OpenSSL to
diff -urN courier-imap-4.3.0.orig/imap/mkimapdcert.in courier-imap-4.3.0/imap/mkimapdcert.in
--- courier-imap-4.3.0.orig/imap/mkimapdcert.in	2007-11-04 21:50:15.000000000 +0100
+++ courier-imap-4.3.0/imap/mkimapdcert.in	2008-01-19 19:58:50.290723918 +0100
@@ -18,41 +18,41 @@
 
 prefix="@prefix@"
 
-if test -f @mydatadir@/imapd.pem
+if test -f @certsdir@/imapd.pem
 then
-	echo "@mydatadir@/imapd.pem already exists."
+	echo "@certsdir@/imapd.pem already exists."
 	exit 1
 fi
 
 umask 077
 
 cleanup() {
-	rm -f @mydatadir@/imapd.pem
-	rm -f @mydatadir@/imapd.rand
-	rm -f @mydatadir@/imapd.key
-	rm -f @mydatadir@/imapd.cert
+	rm -f @certsdir@/imapd.pem
+	rm -f @certsdir@/imapd.rand
+	rm -f @certsdir@/imapd.key
+	rm -f @certsdir@/imapd.cert
 	exit 1
 }
 
-cd @mydatadir@
+cd @certsdir@
 
 if test "@ssllib@" = "openssl"
 then
-	cp /dev/null @mydatadir@/imapd.pem
-	chmod 600 @mydatadir@/imapd.pem
-	chown @mailuser@ @mydatadir@/imapd.pem
+	cp /dev/null @certsdir@/imapd.pem
+	chmod 600 @certsdir@/imapd.pem
+	chown @mailuser@ @certsdir@/imapd.pem
 
-	dd if=@RANDOMV@ of=@mydatadir@/imapd.rand count=1 2>/dev/null
+	dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null
 	@OPENSSL@ req -new -x509 -days 365 -nodes \
-		  -config @sysconfdir@/imapd.cnf -out @mydatadir@/imapd.pem -keyout @mydatadir@/imapd.pem || cleanup
-	@OPENSSL@ gendh -rand @mydatadir@/imapd.rand 512 >>@mydatadir@/imapd.pem || cleanup
-	@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/imapd.pem || cleanup
-	rm -f @mydatadir@/imapd.rand
+		  -config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem || cleanup
+	@OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem || cleanup
+	@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem || cleanup
+	rm -f @certsdir@/imapd.rand
 else
-	cp /dev/null @mydatadir@/imapd.key
-	chmod 600 @mydatadir@/imapd.key
-	cp /dev/null @mydatadir@/imapd.cert
-	chmod 600 @mydatadir@/imapd.cert
+	cp /dev/null @certsdir@/imapd.key
+	chmod 600 @certsdir@/imapd.key
+	cp /dev/null @certsdir@/imapd.cert
+	chmod 600 @certsdir@/imapd.cert
 
 	@CERTTOOL@ --generate-privkey --outfile imapd.key
 	@CERTTOOL@ --generate-self-signed --load-privkey imapd.key --outfile imapd.cert --template @sysconfdir@/imapd.cnf
diff -urN courier-imap-4.3.0.orig/imap/mkpop3dcert.8.in courier-imap-4.3.0/imap/mkpop3dcert.8.in
--- courier-imap-4.3.0.orig/imap/mkpop3dcert.8.in	2007-04-22 17:33:36.000000000 +0200
+++ courier-imap-4.3.0/imap/mkpop3dcert.8.in	2008-01-19 19:55:01.929235273 +0100
@@ -21,18 +21,18 @@
 .SH "DESCRIPTION"
 .PP
 POP3 over SSL requires a valid, signed, X.509 certificate. The default location for the certificate file is
-\fI@datadir@/pop3d.pem\fR.
+\fI@certsdir@/pop3d.pem\fR.
 \fBmkpop3dcert\fR
 generates a self\-signed X.509 certificate, mainly for testing. For production use the X.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the certificate.
 .PP
 
-\fI@datadir@/pop3d.pem\fR
+\fI@certsdir@/pop3d.pem\fR
 must be owned by the @mailuser@ user and have no group or world permissions. The
 \fBmkpop3dcert\fR
 command will enforce this. To prevent an unfortunate accident,
 \fBmkpop3dcert\fR
 will not work if
-\fB@datadir@/pop3d.pem\fR
+\fB@certsdir@/pop3d.pem\fR
 already exists.
 .PP
 
@@ -42,7 +42,7 @@
 to be installed.
 .SH "FILES"
 .PP
-@datadir@/pop3d.pem
+@certsdir@/pop3d.pem
 .RS 4
 X.509 certificate.
 .RE
diff -urN courier-imap-4.3.0.orig/imap/mkpop3dcert.html.in courier-imap-4.3.0/imap/mkpop3dcert.html.in
--- courier-imap-4.3.0.orig/imap/mkpop3dcert.html.in	2007-04-22 17:33:35.000000000 +0200
+++ courier-imap-4.3.0/imap/mkpop3dcert.html.in	2008-01-19 19:55:15.619924063 +0100
@@ -7,22 +7,22 @@
 --></head><body><div class="refentry" lang="en" xml:lang="en"><a id="mkpop3dcert" shape="rect"> </a><div class="titlepage"/><div class="refnamediv"><h2>Name</h2><p>mkpop3dcert — create a test SSL certificate for POP3 over SSL</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">@sbindir@/mkpop3dcert</code> </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id281688" shape="rect"> </a><h2>DESCRIPTION</h2><p>
 POP3 over SSL requires a valid, signed, X.509 certificate.  The default
 location for the certificate file is
-<code class="filename">@datadir@/pop3d.pem</code>.
+<code class="filename">@certsdir@/pop3d.pem</code>.
 <span><strong class="command">mkpop3dcert</strong></span> generates a self-signed X.509 certificate,
 mainly for
 testing.
 For production use the X.509 certificate must be signed by a
 recognized certificate authority, in order for mail clients to accept the
 certificate.</p><p>
-<code class="filename">@datadir@/pop3d.pem</code> must be owned by the
+<code class="filename">@certsdir@/pop3d.pem</code> must be owned by the
 @mailuser@ user and
 have no group or world permissions.
 The <span><strong class="command">mkpop3dcert</strong></span> command will
 enforce this.  To prevent an unfortunate accident,
 <span><strong class="command">mkpop3dcert</strong></span>
-will not work if <span><strong class="command">@datadir@/pop3d.pem</strong></span> already exists.</p><p>
+will not work if <span><strong class="command">@certsdir@/pop3d.pem</strong></span> already exists.</p><p>
 <span><strong class="command">mkpop3dcert</strong></span> requires
-<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@datadir@/pop3d.pem</span></dt><dd>
+<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@certsdir@/pop3d.pem</span></dt><dd>
 X.509 certificate.
 </dd><dt><span class="term">@sysconfdir@/pop3d.cnf</span></dt><dd>
 Parameters used by OpenSSL to
diff -urN courier-imap-4.3.0.orig/imap/mkpop3dcert.in courier-imap-4.3.0/imap/mkpop3dcert.in
--- courier-imap-4.3.0.orig/imap/mkpop3dcert.in	2007-11-04 21:50:15.000000000 +0100
+++ courier-imap-4.3.0/imap/mkpop3dcert.in	2008-01-19 19:59:17.935447993 +0100
@@ -18,41 +18,41 @@
 
 prefix="@prefix@"
 
-if test -f @mydatadir@/pop3d.pem
+if test -f @certsdir@/pop3d.pem
 then
-	echo "@mydatadir@/pop3d.pem already exists."
+	echo "@certsdir@/pop3d.pem already exists."
 	exit 1
 fi
 
 umask 077
 
 cleanup() {
-	rm -f @mydatadir@/pop3d.pem
-	rm -f @mydatadir@/pop3d.rand
-	rm -f @mydatadir@/pop3d.key
-	rm -f @mydatadir@/pop3d.cert
+	rm -f @certsdir@/pop3d.pem
+	rm -f @certsdir@/pop3d.rand
+	rm -f @certsdir@/pop3d.key
+	rm -f @certsdir@/pop3d.cert
 	exit 1
 }
 
-cd @mydatadir@
+cd @certsdir@
 
 if test "@ssllib@" = "openssl"
 then
-	cp /dev/null @mydatadir@/pop3d.pem
-	chmod 600 @mydatadir@/pop3d.pem
-	chown @mailuser@ @mydatadir@/pop3d.pem
+	cp /dev/null @certsdir@/pop3d.pem
+	chmod 600 @certsdir@/pop3d.pem
+	chown @mailuser@ @certsdir@/pop3d.pem
 
-	dd if=@RANDOMV@ of=@mydatadir@/pop3d.rand count=1 2>/dev/null
+	dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null
 	@OPENSSL@ req -new -x509 -days 365 -nodes \
-		  -config @sysconfdir@/pop3d.cnf -out @mydatadir@/pop3d.pem -keyout @mydatadir@/pop3d.pem || cleanup
-	@OPENSSL@ gendh -rand @mydatadir@/pop3d.rand 512 >>@mydatadir@/pop3d.pem || cleanup
-	@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/pop3d.pem || cleanup
-	rm -f @mydatadir@/pop3d.rand
+		  -config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem || cleanup
+	@OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem || cleanup
+	@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem || cleanup
+	rm -f @certsdir@/pop3d.rand
 else
-	cp /dev/null @mydatadir@/pop3d.key
-	chmod 600 @mydatadir@/pop3d.key
-	cp /dev/null @mydatadir@/pop3d.cert
-	chmod 600 @mydatadir@/pop3d.cert
+	cp /dev/null @certsdir@/pop3d.key
+	chmod 600 @certsdir@/pop3d.key
+	cp /dev/null @certsdir@/pop3d.cert
+	chmod 600 @certsdir@/pop3d.cert
 
 	@CERTTOOL@ --generate-privkey --outfile pop3d.key
 	@CERTTOOL@ --generate-self-signed --load-privkey pop3d.key --outfile pop3d.cert --template @sysconfdir@/pop3d.cnf
diff -urN courier-imap-4.3.0.orig/imap/pop3d.cnf.openssl.in courier-imap-4.3.0/imap/pop3d.cnf.openssl.in
--- courier-imap-4.3.0.orig/imap/pop3d.cnf.openssl.in	2007-11-04 21:49:58.000000000 +0100
+++ courier-imap-4.3.0/imap/pop3d.cnf.openssl.in	2008-01-19 19:53:07.103458296 +0100
@@ -1,5 +1,5 @@
 
-RANDFILE = @mydatadir@/pop3d.rand
+RANDFILE = @certsdir@/pop3d.rand
 
 [ req ]
 default_bits = 1024
diff -urN courier-imap-4.3.0.orig/imap/pop3d-ssl.dist.in courier-imap-4.3.0/imap/pop3d-ssl.dist.in
--- courier-imap-4.3.0.orig/imap/pop3d-ssl.dist.in	2007-11-22 15:23:06.000000000 +0100
+++ courier-imap-4.3.0/imap/pop3d-ssl.dist.in	2008-01-19 19:55:43.177977173 +0100
@@ -241,7 +241,7 @@
 #
 # This is an experimental feature.
 
-TLS_CERTFILE=@mydatadir@/pop3d.pem
+TLS_CERTFILE=@certsdir@/pop3d.pem
 
 ##NAME: TLS_TRUSTCERTS:0
 #
Commit	Line	Data
	1	diff -urN courier-imap-4.3.0.orig/configure.in courier-imap-4.3.0/configure.in
	2	--- courier-imap-4.3.0.orig/configure.in 2007-11-24 04:20:18.000000000 +0100
	3	+++ courier-imap-4.3.0/configure.in 2008-01-19 19:53:07.090124292 +0100
	4	@@ -222,6 +222,11 @@
	5
	6	# Neither does it use the change password feature
	7
	8	+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
	9	+certsdir="$withval", certsdir=$datadir)
	10	+
	11	+AC_SUBST(certsdir)
	12	+
	13	AC_ARG_WITH(authchangepwdir, [], ,
	14	ac_configure_args="$ac_configure_args --with-authchangepwdir=/var/tmp/dev/null")
	15
	16	diff -urN courier-imap-4.3.0.orig/imap/configure.in courier-imap-4.3.0/imap/configure.in
	17	--- courier-imap-4.3.0.orig/imap/configure.in 2007-11-24 04:20:18.000000000 +0100
	18	+++ courier-imap-4.3.0/imap/configure.in 2008-01-19 19:53:07.090124292 +0100
	19	@@ -52,6 +52,11 @@
	20	eval "exec_prefix=$exec_prefix"
	21	eval "bindir=$bindir"
	22
	23	+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
	24	+certsdir="$withval", certsdir=$datadir)
	25	+
	26	+AC_SUBST(certsdir)
	27	+
	28	AC_ARG_WITH(mailer,
	29	[ --with-mailer=prog Your mail submission program],
	30	SENDMAIL="$withval",
	31	diff -urN courier-imap-4.3.0.orig/imap/imapd.cnf.openssl.in courier-imap-4.3.0/imap/imapd.cnf.openssl.in
	32	--- courier-imap-4.3.0.orig/imap/imapd.cnf.openssl.in 2007-11-04 21:49:58.000000000 +0100
	33	+++ courier-imap-4.3.0/imap/imapd.cnf.openssl.in 2008-01-19 19:53:07.090124292 +0100
	34	@@ -1,5 +1,5 @@
	35
	36	-RANDFILE = @mydatadir@/imapd.rand
	37	+RANDFILE = @certsdir@/imapd.rand
	38
	39	[ req ]
	40	default_bits = 1024
	41	diff -urN courier-imap-4.3.0.orig/imap/imapd-ssl.dist.in courier-imap-4.3.0/imap/imapd-ssl.dist.in
	42	--- courier-imap-4.3.0.orig/imap/imapd-ssl.dist.in 2007-11-22 15:23:05.000000000 +0100
	43	+++ courier-imap-4.3.0/imap/imapd-ssl.dist.in 2008-01-19 19:53:22.977590279 +0100
	44	@@ -254,7 +254,7 @@
	45	#
	46	# This is an experimental feature.
	47
	48	-TLS_CERTFILE=@mydatadir@/imapd.pem
	49	+TLS_CERTFILE=@certsdir@/imapd.pem
	50
	51	##NAME: TLS_TRUSTCERTS:0
	52	#
	53	diff -urN courier-imap-4.3.0.orig/imap/mkimapdcert.8.in courier-imap-4.3.0/imap/mkimapdcert.8.in
	54	--- courier-imap-4.3.0.orig/imap/mkimapdcert.8.in 2007-04-22 17:33:32.000000000 +0200
	55	+++ courier-imap-4.3.0/imap/mkimapdcert.8.in 2008-01-19 19:53:58.669385973 +0100
	56	@@ -21,18 +21,18 @@
	57	.SH "DESCRIPTION"
	58	.PP
	59	IMAP over SSL requires a valid, signed, X.509 certificate. The default location for the certificate file is
	60	-\fI@datadir@/imapd.pem\fR.
	61	+\fI@certsdir@/imapd.pem\fR.
	62	\fBmkimapdcert\fR
	63	generates a self\-signed X.509 certificate, mainly for testing. For production use the X.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the certificate.
	64	.PP
	65
	66	-\fI@datadir@/imapd.pem\fR
	67	+\fI@certsdir@/imapd.pem\fR
	68	must be owned by the @mailuser@ user and have no group or world permissions. The
	69	\fBmkimapdcert\fR
	70	command will enforce this. To prevent an unfortunate accident,
	71	\fBmkimapdcert\fR
	72	will not work if
	73	-\fB@datadir@/imapd.pem\fR
	74	+\fB@certsdir@/imapd.pem\fR
	75	already exists.
	76	.PP
	77
	78	@@ -42,7 +42,7 @@
	79	to be installed.
	80	.SH "FILES"
	81	.PP
	82	-@datadir@/imapd.pem
	83	+@certsdir@/imapd.pem
	84	.RS 4
	85	X.509 certificate.
	86	.RE
	87	diff -urN courier-imap-4.3.0.orig/imap/mkimapdcert.html.in courier-imap-4.3.0/imap/mkimapdcert.html.in
	88	--- courier-imap-4.3.0.orig/imap/mkimapdcert.html.in 2007-04-22 17:33:32.000000000 +0200
	89	+++ courier-imap-4.3.0/imap/mkimapdcert.html.in 2008-01-19 19:54:30.834337552 +0100
	90	@@ -7,22 +7,22 @@
	91	--></head><body><div class="refentry" lang="en" xml:lang="en"><a id="mkimapdcert" shape="rect"> </a><div class="titlepage"/><div class="refnamediv"><h2>Name</h2><p>mkimapdcert — create a test SSL certificate for IMAP over SSL</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">@sbindir@/mkimapdcert</code> </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id281688" shape="rect"> </a><h2>DESCRIPTION</h2><p>
	92	IMAP over SSL requires a valid, signed, X.509 certificate. The default
	93	location for the certificate file is
	94	-<code class="filename">@datadir@/imapd.pem</code>.
	95	+<code class="filename">@certsdir@/imapd.pem</code>.
	96	<span><strong class="command">mkimapdcert</strong></span> generates a self-signed X.509 certificate,
	97	mainly for
	98	testing.
	99	For production use the X.509 certificate must be signed by a
	100	recognized certificate authority, in order for mail clients to accept the
	101	certificate.</p><p>
	102	-<code class="filename">@datadir@/imapd.pem</code> must be owned by the
	103	+<code class="filename">@certsdir@/imapd.pem</code> must be owned by the
	104	@mailuser@ user and
	105	have no group or world permissions.
	106	The <span><strong class="command">mkimapdcert</strong></span> command will
	107	enforce this. To prevent an unfortunate accident,
	108	<span><strong class="command">mkimapdcert</strong></span>
	109	-will not work if <span><strong class="command">@datadir@/imapd.pem</strong></span> already exists.</p><p>
	110	+will not work if <span><strong class="command">@certsdir@/imapd.pem</strong></span> already exists.</p><p>
	111	<span><strong class="command">mkimapdcert</strong></span> requires
	112	-<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@datadir@/imapd.pem</span></dt><dd>
	113	+<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@certsdir@/imapd.pem</span></dt><dd>
	114	X.509 certificate.
	115	</dd><dt><span class="term">@sysconfdir@/imapd.cnf</span></dt><dd>
	116	Parameters used by OpenSSL to
	117	diff -urN courier-imap-4.3.0.orig/imap/mkimapdcert.in courier-imap-4.3.0/imap/mkimapdcert.in
	118	--- courier-imap-4.3.0.orig/imap/mkimapdcert.in 2007-11-04 21:50:15.000000000 +0100
	119	+++ courier-imap-4.3.0/imap/mkimapdcert.in 2008-01-19 19:58:50.290723918 +0100
	120	@@ -18,41 +18,41 @@
	121
	122	prefix="@prefix@"
	123
	124	-if test -f @mydatadir@/imapd.pem
	125	+if test -f @certsdir@/imapd.pem
	126	then
	127	- echo "@mydatadir@/imapd.pem already exists."
	128	+ echo "@certsdir@/imapd.pem already exists."
	129	exit 1
	130	fi
	131
	132	umask 077
	133
	134	cleanup() {
	135	- rm -f @mydatadir@/imapd.pem
	136	- rm -f @mydatadir@/imapd.rand
	137	- rm -f @mydatadir@/imapd.key
	138	- rm -f @mydatadir@/imapd.cert
	139	+ rm -f @certsdir@/imapd.pem
	140	+ rm -f @certsdir@/imapd.rand
	141	+ rm -f @certsdir@/imapd.key
	142	+ rm -f @certsdir@/imapd.cert
	143	exit 1
	144	}
	145
	146	-cd @mydatadir@
	147	+cd @certsdir@
	148
	149	if test "@ssllib@" = "openssl"
	150	then
	151	- cp /dev/null @mydatadir@/imapd.pem
	152	- chmod 600 @mydatadir@/imapd.pem
	153	- chown @mailuser@ @mydatadir@/imapd.pem
	154	+ cp /dev/null @certsdir@/imapd.pem
	155	+ chmod 600 @certsdir@/imapd.pem
	156	+ chown @mailuser@ @certsdir@/imapd.pem
	157
	158	- dd if=@RANDOMV@ of=@mydatadir@/imapd.rand count=1 2>/dev/null
	159	+ dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null
	160	@OPENSSL@ req -new -x509 -days 365 -nodes \
	161	- -config @sysconfdir@/imapd.cnf -out @mydatadir@/imapd.pem -keyout @mydatadir@/imapd.pem \|\| cleanup
	162	- @OPENSSL@ gendh -rand @mydatadir@/imapd.rand 512 >>@mydatadir@/imapd.pem \|\| cleanup
	163	- @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/imapd.pem \|\| cleanup
	164	- rm -f @mydatadir@/imapd.rand
	165	+ -config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem \|\| cleanup
	166	+ @OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem \|\| cleanup
	167	+ @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem \|\| cleanup
	168	+ rm -f @certsdir@/imapd.rand
	169	else
	170	- cp /dev/null @mydatadir@/imapd.key
	171	- chmod 600 @mydatadir@/imapd.key
	172	- cp /dev/null @mydatadir@/imapd.cert
	173	- chmod 600 @mydatadir@/imapd.cert
	174	+ cp /dev/null @certsdir@/imapd.key
	175	+ chmod 600 @certsdir@/imapd.key
	176	+ cp /dev/null @certsdir@/imapd.cert
	177	+ chmod 600 @certsdir@/imapd.cert
	178
	179	@CERTTOOL@ --generate-privkey --outfile imapd.key
	180	@CERTTOOL@ --generate-self-signed --load-privkey imapd.key --outfile imapd.cert --template @sysconfdir@/imapd.cnf
	181	diff -urN courier-imap-4.3.0.orig/imap/mkpop3dcert.8.in courier-imap-4.3.0/imap/mkpop3dcert.8.in
	182	--- courier-imap-4.3.0.orig/imap/mkpop3dcert.8.in 2007-04-22 17:33:36.000000000 +0200
	183	+++ courier-imap-4.3.0/imap/mkpop3dcert.8.in 2008-01-19 19:55:01.929235273 +0100
	184	@@ -21,18 +21,18 @@
	185	.SH "DESCRIPTION"
	186	.PP
	187	POP3 over SSL requires a valid, signed, X.509 certificate. The default location for the certificate file is
	188	-\fI@datadir@/pop3d.pem\fR.
	189	+\fI@certsdir@/pop3d.pem\fR.
	190	\fBmkpop3dcert\fR
	191	generates a self\-signed X.509 certificate, mainly for testing. For production use the X.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the certificate.
	192	.PP
	193
	194	-\fI@datadir@/pop3d.pem\fR
	195	+\fI@certsdir@/pop3d.pem\fR
	196	must be owned by the @mailuser@ user and have no group or world permissions. The
	197	\fBmkpop3dcert\fR
	198	command will enforce this. To prevent an unfortunate accident,
	199	\fBmkpop3dcert\fR
	200	will not work if
	201	-\fB@datadir@/pop3d.pem\fR
	202	+\fB@certsdir@/pop3d.pem\fR
	203	already exists.
	204	.PP
	205
	206	@@ -42,7 +42,7 @@
	207	to be installed.
	208	.SH "FILES"
	209	.PP
	210	-@datadir@/pop3d.pem
	211	+@certsdir@/pop3d.pem
	212	.RS 4
	213	X.509 certificate.
	214	.RE
	215	diff -urN courier-imap-4.3.0.orig/imap/mkpop3dcert.html.in courier-imap-4.3.0/imap/mkpop3dcert.html.in
	216	--- courier-imap-4.3.0.orig/imap/mkpop3dcert.html.in 2007-04-22 17:33:35.000000000 +0200
	217	+++ courier-imap-4.3.0/imap/mkpop3dcert.html.in 2008-01-19 19:55:15.619924063 +0100
	218	@@ -7,22 +7,22 @@
	219	--></head><body><div class="refentry" lang="en" xml:lang="en"><a id="mkpop3dcert" shape="rect"> </a><div class="titlepage"/><div class="refnamediv"><h2>Name</h2><p>mkpop3dcert — create a test SSL certificate for POP3 over SSL</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">@sbindir@/mkpop3dcert</code> </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id281688" shape="rect"> </a><h2>DESCRIPTION</h2><p>
	220	POP3 over SSL requires a valid, signed, X.509 certificate. The default
	221	location for the certificate file is
	222	-<code class="filename">@datadir@/pop3d.pem</code>.
	223	+<code class="filename">@certsdir@/pop3d.pem</code>.
	224	<span><strong class="command">mkpop3dcert</strong></span> generates a self-signed X.509 certificate,
	225	mainly for
	226	testing.
	227	For production use the X.509 certificate must be signed by a
	228	recognized certificate authority, in order for mail clients to accept the
	229	certificate.</p><p>
	230	-<code class="filename">@datadir@/pop3d.pem</code> must be owned by the
	231	+<code class="filename">@certsdir@/pop3d.pem</code> must be owned by the
	232	@mailuser@ user and
	233	have no group or world permissions.
	234	The <span><strong class="command">mkpop3dcert</strong></span> command will
	235	enforce this. To prevent an unfortunate accident,
	236	<span><strong class="command">mkpop3dcert</strong></span>
	237	-will not work if <span><strong class="command">@datadir@/pop3d.pem</strong></span> already exists.</p><p>
	238	+will not work if <span><strong class="command">@certsdir@/pop3d.pem</strong></span> already exists.</p><p>
	239	<span><strong class="command">mkpop3dcert</strong></span> requires
	240	-<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@datadir@/pop3d.pem</span></dt><dd>
	241	+<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@certsdir@/pop3d.pem</span></dt><dd>
	242	X.509 certificate.
	243	</dd><dt><span class="term">@sysconfdir@/pop3d.cnf</span></dt><dd>
	244	Parameters used by OpenSSL to
	245	diff -urN courier-imap-4.3.0.orig/imap/mkpop3dcert.in courier-imap-4.3.0/imap/mkpop3dcert.in
	246	--- courier-imap-4.3.0.orig/imap/mkpop3dcert.in 2007-11-04 21:50:15.000000000 +0100
	247	+++ courier-imap-4.3.0/imap/mkpop3dcert.in 2008-01-19 19:59:17.935447993 +0100
	248	@@ -18,41 +18,41 @@
	249
	250	prefix="@prefix@"
	251
	252	-if test -f @mydatadir@/pop3d.pem
	253	+if test -f @certsdir@/pop3d.pem
	254	then
	255	- echo "@mydatadir@/pop3d.pem already exists."
	256	+ echo "@certsdir@/pop3d.pem already exists."
	257	exit 1
	258	fi
	259
	260	umask 077
	261
	262	cleanup() {
	263	- rm -f @mydatadir@/pop3d.pem
	264	- rm -f @mydatadir@/pop3d.rand
	265	- rm -f @mydatadir@/pop3d.key
	266	- rm -f @mydatadir@/pop3d.cert
	267	+ rm -f @certsdir@/pop3d.pem
	268	+ rm -f @certsdir@/pop3d.rand
	269	+ rm -f @certsdir@/pop3d.key
	270	+ rm -f @certsdir@/pop3d.cert
	271	exit 1
	272	}
	273
	274	-cd @mydatadir@
	275	+cd @certsdir@
	276
	277	if test "@ssllib@" = "openssl"
	278	then
	279	- cp /dev/null @mydatadir@/pop3d.pem
	280	- chmod 600 @mydatadir@/pop3d.pem
	281	- chown @mailuser@ @mydatadir@/pop3d.pem
	282	+ cp /dev/null @certsdir@/pop3d.pem
	283	+ chmod 600 @certsdir@/pop3d.pem
	284	+ chown @mailuser@ @certsdir@/pop3d.pem
	285
	286	- dd if=@RANDOMV@ of=@mydatadir@/pop3d.rand count=1 2>/dev/null
	287	+ dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null
	288	@OPENSSL@ req -new -x509 -days 365 -nodes \
	289	- -config @sysconfdir@/pop3d.cnf -out @mydatadir@/pop3d.pem -keyout @mydatadir@/pop3d.pem \|\| cleanup
	290	- @OPENSSL@ gendh -rand @mydatadir@/pop3d.rand 512 >>@mydatadir@/pop3d.pem \|\| cleanup
	291	- @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/pop3d.pem \|\| cleanup
	292	- rm -f @mydatadir@/pop3d.rand
	293	+ -config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem \|\| cleanup
	294	+ @OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem \|\| cleanup
	295	+ @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem \|\| cleanup
	296	+ rm -f @certsdir@/pop3d.rand
	297	else
	298	- cp /dev/null @mydatadir@/pop3d.key
	299	- chmod 600 @mydatadir@/pop3d.key
	300	- cp /dev/null @mydatadir@/pop3d.cert
	301	- chmod 600 @mydatadir@/pop3d.cert
	302	+ cp /dev/null @certsdir@/pop3d.key
	303	+ chmod 600 @certsdir@/pop3d.key
	304	+ cp /dev/null @certsdir@/pop3d.cert
	305	+ chmod 600 @certsdir@/pop3d.cert
	306
	307	@CERTTOOL@ --generate-privkey --outfile pop3d.key
	308	@CERTTOOL@ --generate-self-signed --load-privkey pop3d.key --outfile pop3d.cert --template @sysconfdir@/pop3d.cnf
	309	diff -urN courier-imap-4.3.0.orig/imap/pop3d.cnf.openssl.in courier-imap-4.3.0/imap/pop3d.cnf.openssl.in
	310	--- courier-imap-4.3.0.orig/imap/pop3d.cnf.openssl.in 2007-11-04 21:49:58.000000000 +0100
	311	+++ courier-imap-4.3.0/imap/pop3d.cnf.openssl.in 2008-01-19 19:53:07.103458296 +0100
	312	@@ -1,5 +1,5 @@
	313
	314	-RANDFILE = @mydatadir@/pop3d.rand
	315	+RANDFILE = @certsdir@/pop3d.rand
	316
	317	[ req ]
	318	default_bits = 1024
	319	diff -urN courier-imap-4.3.0.orig/imap/pop3d-ssl.dist.in courier-imap-4.3.0/imap/pop3d-ssl.dist.in
	320	--- courier-imap-4.3.0.orig/imap/pop3d-ssl.dist.in 2007-11-22 15:23:06.000000000 +0100
	321	+++ courier-imap-4.3.0/imap/pop3d-ssl.dist.in 2008-01-19 19:55:43.177977173 +0100
	322	@@ -241,7 +241,7 @@
	323	#
	324	# This is an experimental feature.
	325
	326	-TLS_CERTFILE=@mydatadir@/pop3d.pem
	327	+TLS_CERTFILE=@certsdir@/pop3d.pem
	328
	329	##NAME: TLS_TRUSTCERTS:0
	330	#