[packages/courier-imap.git] / courier-imap-certsdir.patch

diff -Nur old/configure.in new/configure.in
--- old/configure.in	2004-06-12 01:38:04.000000000 +0000
+++ new/configure.in	2004-07-08 16:53:13.000000000 +0000
@@ -97,6 +97,11 @@
 eval "exec_prefix=$exec_prefix"
 eval "libexecdir=$libexecdir"
 
+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
+certsdir="$withval", certsdir=$datadir)
+
+AC_SUBST(certsdir)
+
 AC_ARG_WITH(authchangepwdir, [], ,
 	ac_configure_args="$ac_configure_args --with-authchangepwdir=$libexecdir/authlib")
 
diff -Nur old/imap/configure.in new/imap/configure.in
--- old/imap/configure.in	2004-06-12 01:38:04.000000000 +0000
+++ new/imap/configure.in	2004-07-08 16:53:44.000000000 +0000
@@ -35,6 +35,11 @@
 eval "exec_prefix=$exec_prefix"
 eval "bindir=$bindir"
 
+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
+certsdir="$withval", certsdir=$datadir)
+
+AC_SUBST(certsdir)
+
 AC_ARG_WITH(mailer,
 [  --with-mailer=prog  Your mail submission program],
    SENDMAIL="$withval",
diff -Nur old/imap/imapd.cnf.in new/imap/imapd.cnf.in
--- old/imap/imapd.cnf.in	2001-03-24 04:59:55.000000000 +0000
+++ new/imap/imapd.cnf.in	2004-07-08 16:54:18.000000000 +0000
@@ -1,5 +1,5 @@
 
-RANDFILE = @datadir@/imapd.rand
+RANDFILE = @certsdir@/imapd.rand
 
 [ req ]
 default_bits = 1024
diff -Nur old/imap/imapd-ssl.dist.in new/imap/imapd-ssl.dist.in
--- old/imap/imapd-ssl.dist.in	2004-01-24 20:09:26.000000000 +0000
+++ new/imap/imapd-ssl.dist.in	2004-07-08 16:54:04.000000000 +0000
@@ -146,7 +146,7 @@
 # servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
 # treated as confidential, and must not be world-readable.
 #
-TLS_CERTFILE=@datadir@/imapd.pem
+TLS_CERTFILE=@certsdir@/imapd.pem
 
 ##NAME: TLS_TRUSTCERTS:0
 #
diff -Nur old/imap/mkimapdcert.8.in new/imap/mkimapdcert.8.in
--- old/imap/mkimapdcert.8.in	2004-02-08 04:12:08.000000000 +0000
+++ new/imap/mkimapdcert.8.in	2004-07-08 17:01:04.000000000 +0000
@@ -18,7 +18,7 @@
 .PP
 IMAP over SSL requires a valid, signed, X.509 certificate.  The default
 location for the certificate file is
-\fI@datadir@/imapd.pem\fR\&.
+\fI@certsdir@/imapd.pem\fR\&.
 \fBmkimapdcert\fR generates a self-signed X.509 certificate,
 mainly for
 testing.
@@ -26,19 +26,19 @@
 recognized certificate authority, in order for mail clients to accept the
 certificate.
 .PP
-\fI@datadir@/imapd.pem\fR must be owned by the
+\fI@certsdir@/imapd.pem\fR must be owned by the
 @mailuser@ user and
 have no group or world permissions.
 The \fBmkimapdcert\fR command will
 enforce this.  To prevent an unfortunate accident,
 \fBmkimapdcert\fR
-will not work if \fB@datadir@/imapd.pem\fR already exists.
+will not work if \fB@certsdir@/imapd.pem\fR already exists.
 .PP
 \fBmkimapdcert\fR requires
 \fBOpenSSL\fR to be installed.
 .SH "FILES"
 .TP
-\fB@datadir@/imapd.pem\fR
+\fB@certsdir@/imapd.pem\fR
 X.509 certificate.
 .TP
 \fB@sysconfdir@/imapd.cnf\fR
diff -Nur old/imap/mkimapdcert.html.in new/imap/mkimapdcert.html.in
--- old/imap/mkimapdcert.html.in	2004-02-08 04:12:12.000000000 +0000
+++ new/imap/mkimapdcert.html.in	2004-07-08 17:00:45.000000000 +0000
@@ -57,7 +57,7 @@
 location for the certificate file is
 <TT
 CLASS="FILENAME"
->@datadir@/imapd.pem</TT
+>@certsdir@/imapd.pem</TT
 >.
 <B
 CLASS="COMMAND"
@@ -71,7 +71,7 @@
 ><P
 ><TT
 CLASS="FILENAME"
->@datadir@/imapd.pem</TT
+>@certsdir@/imapd.pem</TT
 > must be owned by the
 @mailuser@ user and
 have no group or world permissions.
@@ -86,7 +86,7 @@
 >
 will not work if <B
 CLASS="COMMAND"
->@datadir@/imapd.pem</B
+>@certsdir@/imapd.pem</B
 > already exists.</P
 ><P
 ><B
@@ -111,7 +111,7 @@
 CLASS="VARIABLELIST"
 ><DL
 ><DT
->@datadir@/imapd.pem</DT
+>@certsdir@/imapd.pem</DT
 ><DD
 ><P
 >X.509 certificate.</P
diff -Nur old/imap/mkimapdcert.in new/imap/mkimapdcert.in
--- old/imap/mkimapdcert.in	2001-08-26 15:49:50.000000000 +0000
+++ new/imap/mkimapdcert.in	2004-07-10 12:23:46.000000000 +0000
@@ -13,26 +13,26 @@
 
 prefix="@prefix@"
 
-if test -f @datadir@/imapd.pem
+if test -f @certsdir@/imapd.pem
 then
-	echo "@datadir@/imapd.pem already exists."
+	echo "@certsdir@/imapd.pem already exists."
 	exit 1
 fi
 
-cp /dev/null @datadir@/imapd.pem
-chmod 600 @datadir@/imapd.pem
-chown @mailuser@ @datadir@/imapd.pem
+cp /dev/null @certsdir@/imapd.pem
+chmod 600 @certsdir@/imapd.pem
+chown @mailuser@ @certsdir@/imapd.pem
 
 cleanup() {
-	rm -f @datadir@/imapd.pem
-	rm -f @datadir@/imapd.rand
+	rm -f @certsdir@/imapd.pem
+	rm -f @certsdir@/imapd.rand
 	exit 1
 }
 
-cd @datadir@
-dd if=@RANDOMV@ of=@datadir@/imapd.rand count=1 2>/dev/null
+cd @certsdir@
+dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null
 @OPENSSL@ req -new -x509 -days 365 -nodes \
-	-config @sysconfdir@/imapd.cnf -out @datadir@/imapd.pem -keyout @datadir@/imapd.pem || cleanup
-@OPENSSL@ gendh -rand @datadir@/imapd.rand 512 >>@datadir@/imapd.pem || cleanup
-@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/imapd.pem || cleanup
-rm -f @datadir@/imapd.rand
+	-config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem || cleanup
+@OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem || cleanup
+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem || cleanup
+rm -f @certsdir@/imapd.rand
diff -Nur old/imap/mkpop3dcert.8.in new/imap/mkpop3dcert.8.in
--- old/imap/mkpop3dcert.8.in	2004-02-08 04:12:10.000000000 +0000
+++ new/imap/mkpop3dcert.8.in	2004-07-08 17:00:01.000000000 +0000
@@ -18,7 +18,7 @@
 .PP
 POP3 over SSL requires a valid, signed, X.509 certificate.  The default
 location for the certificate file is
-\fI@datadir@/pop3d.pem\fR\&.
+\fI@certsdir@/pop3d.pem\fR\&.
 \fBmkpop3dcert\fR generates a self-signed X.509 certificate,
 mainly for
 testing.
@@ -26,19 +26,19 @@
 recognized certificate authority, in order for mail clients to accept the
 certificate.
 .PP
-\fI@datadir@/pop3d.pem\fR must be owned by the
+\fI@certsdir@/pop3d.pem\fR must be owned by the
 @mailuser@ user and
 have no group or world permissions.
 The \fBmkpop3dcert\fR command will
 enforce this.  To prevent an unfortunate accident,
 \fBmkpop3dcert\fR
-will not work if \fB@datadir@/pop3d.pem\fR already exists.
+will not work if \fB@certsdir@/pop3d.pem\fR already exists.
 .PP
 \fBmkpop3dcert\fR requires
 \fBOpenSSL\fR to be installed.
 .SH "FILES"
 .TP
-\fB@datadir@/pop3d.pem\fR
+\fB@certsdir@/pop3d.pem\fR
 X.509 certificate.
 .TP
 \fB@sysconfdir@/pop3d.cnf\fR
diff -Nur old/imap/mkpop3dcert.html.in new/imap/mkpop3dcert.html.in
--- old/imap/mkpop3dcert.html.in	2004-02-08 04:12:11.000000000 +0000
+++ new/imap/mkpop3dcert.html.in	2004-07-08 16:59:29.000000000 +0000
@@ -57,7 +57,7 @@
 location for the certificate file is
 <TT
 CLASS="FILENAME"
->@datadir@/pop3d.pem</TT
+>@certsdir@/pop3d.pem</TT
 >.
 <B
 CLASS="COMMAND"
@@ -71,7 +71,7 @@
 ><P
 ><TT
 CLASS="FILENAME"
->@datadir@/pop3d.pem</TT
+>@certsdir@/pop3d.pem</TT
 > must be owned by the
 @mailuser@ user and
 have no group or world permissions.
@@ -86,7 +86,7 @@
 >
 will not work if <B
 CLASS="COMMAND"
->@datadir@/pop3d.pem</B
+>@certsdir@/pop3d.pem</B
 > already exists.</P
 ><P
 ><B
@@ -111,7 +111,7 @@
 CLASS="VARIABLELIST"
 ><DL
 ><DT
->@datadir@/pop3d.pem</DT
+>@certsdir@/pop3d.pem</DT
 ><DD
 ><P
 >X.509 certificate.</P
diff -Nur old/imap/mkpop3dcert.in new/imap/mkpop3dcert.in
--- old/imap/mkpop3dcert.in	2000-10-06 17:50:37.000000000 +0000
+++ new/imap/mkpop3dcert.in	2004-07-08 16:56:21.000000000 +0000
@@ -13,25 +13,25 @@
 
 prefix="@prefix@"
 
-if test -f @datadir@/pop3d.pem
+if test -f @certsdir@/pop3d.pem
 then
-	echo "@datadir@/pop3d.pem already exists."
+	echo "@certsdir@/pop3d.pem already exists."
 	exit 1
 fi
 
-cp /dev/null @datadir@/pop3d.pem
-chmod 600 @datadir@/pop3d.pem
-chown @mailuser@ @datadir@/pop3d.pem
+cp /dev/null @certsdir@/pop3d.pem
+chmod 600 @certsdir@/pop3d.pem
+chown @mailuser@ @certsdir@/pop3d.pem
 
 cleanup() {
-	rm -f @datadir@/pop3d.pem
-	rm -f @datadir@/pop3d.rand
+	rm -f @certsdir@/pop3d.pem
+	rm -f @certsdir@/pop3d.rand
 	exit 1
 }
 
-dd if=@RANDOMV@ of=@datadir@/pop3d.rand count=1 2>/dev/null
+dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null
 @OPENSSL@ req -new -x509 -days 365 -nodes \
-	-config @sysconfdir@/pop3d.cnf -out @datadir@/pop3d.pem -keyout @datadir@/pop3d.pem || cleanup
-@OPENSSL@ gendh -rand @datadir@/pop3d.rand 512 >>@datadir@/pop3d.pem || cleanup
-@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/pop3d.pem || cleanup
-rm -f @datadir@/pop3d.rand
+	-config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem || cleanup
+@OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem || cleanup
+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem || cleanup
+rm -f @certsdir@/pop3d.rand
diff -Nur old/imap/pop3d.cnf.in new/imap/pop3d.cnf.in
--- old/imap/pop3d.cnf.in	2001-03-24 04:59:55.000000000 +0000
+++ new/imap/pop3d.cnf.in	2004-07-08 16:54:38.000000000 +0000
@@ -1,5 +1,5 @@
 
-RANDFILE = @datadir@/pop3d.rand
+RANDFILE = @certsdir@/pop3d.rand
 
 [ req ]
 default_bits = 1024
diff -Nur old/imap/pop3d-ssl.dist.in new/imap/pop3d-ssl.dist.in
--- old/imap/pop3d-ssl.dist.in	2004-01-24 20:09:31.000000000 +0000
+++ new/imap/pop3d-ssl.dist.in	2004-07-08 16:54:31.000000000 +0000
@@ -135,7 +135,7 @@
 # servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
 # treated as confidential, and must not be world-readable.
 #
-TLS_CERTFILE=@datadir@/pop3d.pem
+TLS_CERTFILE=@certsdir@/pop3d.pem
 
 ##NAME: TLS_TRUSTCERTS:0
 #
Commit	Line	Data
383f8032 AA	1	diff -Nur old/configure.in new/configure.in
	2	--- old/configure.in 2004-06-12 01:38:04.000000000 +0000
	3	+++ new/configure.in 2004-07-08 16:53:13.000000000 +0000
	4	@@ -97,6 +97,11 @@
	5	eval "exec_prefix=$exec_prefix"
	6	eval "libexecdir=$libexecdir"
	7
	8	+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
	9	+certsdir="$withval", certsdir=$datadir)
	10	+
	11	+AC_SUBST(certsdir)
	12	+
	13	AC_ARG_WITH(authchangepwdir, [], ,
	14	ac_configure_args="$ac_configure_args --with-authchangepwdir=$libexecdir/authlib")
	15
	16	diff -Nur old/imap/configure.in new/imap/configure.in
	17	--- old/imap/configure.in 2004-06-12 01:38:04.000000000 +0000
	18	+++ new/imap/configure.in 2004-07-08 16:53:44.000000000 +0000
	19	@@ -35,6 +35,11 @@
	20	eval "exec_prefix=$exec_prefix"
	21	eval "bindir=$bindir"
	22
	23	+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
	24	+certsdir="$withval", certsdir=$datadir)
	25	+
	26	+AC_SUBST(certsdir)
	27	+
	28	AC_ARG_WITH(mailer,
	29	[ --with-mailer=prog Your mail submission program],
	30	SENDMAIL="$withval",
	31	diff -Nur old/imap/imapd.cnf.in new/imap/imapd.cnf.in
	32	--- old/imap/imapd.cnf.in 2001-03-24 04:59:55.000000000 +0000
	33	+++ new/imap/imapd.cnf.in 2004-07-08 16:54:18.000000000 +0000
	34	@@ -1,5 +1,5 @@
	35
	36	-RANDFILE = @datadir@/imapd.rand
	37	+RANDFILE = @certsdir@/imapd.rand
	38
	39	[ req ]
	40	default_bits = 1024
	41	diff -Nur old/imap/imapd-ssl.dist.in new/imap/imapd-ssl.dist.in
	42	--- old/imap/imapd-ssl.dist.in 2004-01-24 20:09:26.000000000 +0000
	43	+++ new/imap/imapd-ssl.dist.in 2004-07-08 16:54:04.000000000 +0000
	44	@@ -146,7 +146,7 @@
	45	# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
	46	# treated as confidential, and must not be world-readable.
	47	#
	48	-TLS_CERTFILE=@datadir@/imapd.pem
	49	+TLS_CERTFILE=@certsdir@/imapd.pem
	50
	51	##NAME: TLS_TRUSTCERTS:0
	52	#
	53	diff -Nur old/imap/mkimapdcert.8.in new/imap/mkimapdcert.8.in
	54	--- old/imap/mkimapdcert.8.in 2004-02-08 04:12:08.000000000 +0000
	55	+++ new/imap/mkimapdcert.8.in 2004-07-08 17:01:04.000000000 +0000
	56	@@ -18,7 +18,7 @@
	57	.PP
	58	IMAP over SSL requires a valid, signed, X.509 certificate. The default
	59	location for the certificate file is
	60	-\fI@datadir@/imapd.pem\fR\&.
	61	+\fI@certsdir@/imapd.pem\fR\&.
	62	\fBmkimapdcert\fR generates a self-signed X.509 certificate,
	63	mainly for
	64	testing.
65	@@ -26,19 +26,19 @@
66	recognized certificate authority, in order for mail clients to accept the
67	certificate.
68	.PP
69	-\fI@datadir@/imapd.pem\fR must be owned by the
70	+\fI@certsdir@/imapd.pem\fR must be owned by the
71	@mailuser@ user and
72	have no group or world permissions.
73	The \fBmkimapdcert\fR command will
74	enforce this. To prevent an unfortunate accident,
75	\fBmkimapdcert\fR
76	-will not work if \fB@datadir@/imapd.pem\fR already exists.
77	+will not work if \fB@certsdir@/imapd.pem\fR already exists.
78	.PP
79	\fBmkimapdcert\fR requires
80	\fBOpenSSL\fR to be installed.
81	.SH "FILES"
82	.TP
83	-\fB@datadir@/imapd.pem\fR
84	+\fB@certsdir@/imapd.pem\fR
85	X.509 certificate.
86	.TP
87	\fB@sysconfdir@/imapd.cnf\fR
88	diff -Nur old/imap/mkimapdcert.html.in new/imap/mkimapdcert.html.in
89	--- old/imap/mkimapdcert.html.in 2004-02-08 04:12:12.000000000 +0000
90	+++ new/imap/mkimapdcert.html.in 2004-07-08 17:00:45.000000000 +0000
91	@@ -57,7 +57,7 @@
92	location for the certificate file is
93	<TT
94	CLASS="FILENAME"
95	->@datadir@/imapd.pem</TT
96	+>@certsdir@/imapd.pem</TT
97	>.
98	<B
99	CLASS="COMMAND"
100	@@ -71,7 +71,7 @@
101	><P
102	><TT
103	CLASS="FILENAME"
104	->@datadir@/imapd.pem</TT
105	+>@certsdir@/imapd.pem</TT
106	> must be owned by the
107	@mailuser@ user and
108	have no group or world permissions.
109	@@ -86,7 +86,7 @@
110	>
111	will not work if <B
112	CLASS="COMMAND"
113	->@datadir@/imapd.pem</B
114	+>@certsdir@/imapd.pem</B
115	> already exists.</P
116	><P
117	><B
118	@@ -111,7 +111,7 @@
119	CLASS="VARIABLELIST"
120	><DL
121	><DT
122	->@datadir@/imapd.pem</DT
123	+>@certsdir@/imapd.pem</DT
124	><DD
125	><P
126	>X.509 certificate.</P
127	diff -Nur old/imap/mkimapdcert.in new/imap/mkimapdcert.in
128	--- old/imap/mkimapdcert.in 2001-08-26 15:49:50.000000000 +0000
348acce3 AA	129	+++ new/imap/mkimapdcert.in 2004-07-10 12:23:46.000000000 +0000
348acce3 AA	130	@@ -13,26 +13,26 @@
383f8032 AA	131
	132	prefix="@prefix@"
	133
	134	-if test -f @datadir@/imapd.pem
	135	+if test -f @certsdir@/imapd.pem
	136	then
	137	- echo "@datadir@/imapd.pem already exists."
	138	+ echo "@certsdir@/imapd.pem already exists."
	139	exit 1
	140	fi
	141
	142	-cp /dev/null @datadir@/imapd.pem
	143	-chmod 600 @datadir@/imapd.pem
	144	-chown @mailuser@ @datadir@/imapd.pem
	145	+cp /dev/null @certsdir@/imapd.pem
	146	+chmod 600 @certsdir@/imapd.pem
	147	+chown @mailuser@ @certsdir@/imapd.pem
	148
	149	cleanup() {
	150	- rm -f @datadir@/imapd.pem
348acce3	151	- rm -f @datadir@/imapd.rand
383f8032	152	+ rm -f @certsdir@/imapd.pem
348acce3	153	+ rm -f @certsdir@/imapd.rand
383f8032 AA	154	exit 1
383f8032 AA	155	}
348acce3 AA	156
	157	-cd @datadir@
	158	-dd if=@RANDOMV@ of=@datadir@/imapd.rand count=1 2>/dev/null
	159	+cd @certsdir@
	160	+dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null
383f8032 AA	161	@OPENSSL@ req -new -x509 -days 365 -nodes \
	162	- -config @sysconfdir@/imapd.cnf -out @datadir@/imapd.pem -keyout @datadir@/imapd.pem \|\| cleanup
	163	-@OPENSSL@ gendh -rand @datadir@/imapd.rand 512 >>@datadir@/imapd.pem \|\| cleanup
	164	-@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/imapd.pem \|\| cleanup
348acce3 AA	165	-rm -f @datadir@/imapd.rand
	166	+ -config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem \|\| cleanup
	167	+@OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem \|\| cleanup
383f8032	168	+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem \|\| cleanup
348acce3	169	+rm -f @certsdir@/imapd.rand
383f8032 AA	170	diff -Nur old/imap/mkpop3dcert.8.in new/imap/mkpop3dcert.8.in
	171	--- old/imap/mkpop3dcert.8.in 2004-02-08 04:12:10.000000000 +0000
	172	+++ new/imap/mkpop3dcert.8.in 2004-07-08 17:00:01.000000000 +0000
	173	@@ -18,7 +18,7 @@
	174	.PP
	175	POP3 over SSL requires a valid, signed, X.509 certificate. The default
	176	location for the certificate file is
	177	-\fI@datadir@/pop3d.pem\fR\&.
	178	+\fI@certsdir@/pop3d.pem\fR\&.
	179	\fBmkpop3dcert\fR generates a self-signed X.509 certificate,
	180	mainly for
	181	testing.
	182	@@ -26,19 +26,19 @@
	183	recognized certificate authority, in order for mail clients to accept the
	184	certificate.
	185	.PP
	186	-\fI@datadir@/pop3d.pem\fR must be owned by the
	187	+\fI@certsdir@/pop3d.pem\fR must be owned by the
	188	@mailuser@ user and
	189	have no group or world permissions.
	190	The \fBmkpop3dcert\fR command will
	191	enforce this. To prevent an unfortunate accident,
	192	\fBmkpop3dcert\fR
	193	-will not work if \fB@datadir@/pop3d.pem\fR already exists.
	194	+will not work if \fB@certsdir@/pop3d.pem\fR already exists.
	195	.PP
	196	\fBmkpop3dcert\fR requires
	197	\fBOpenSSL\fR to be installed.
	198	.SH "FILES"
	199	.TP
	200	-\fB@datadir@/pop3d.pem\fR
	201	+\fB@certsdir@/pop3d.pem\fR
	202	X.509 certificate.
	203	.TP
	204	\fB@sysconfdir@/pop3d.cnf\fR
	205	diff -Nur old/imap/mkpop3dcert.html.in new/imap/mkpop3dcert.html.in
	206	--- old/imap/mkpop3dcert.html.in 2004-02-08 04:12:11.000000000 +0000
	207	+++ new/imap/mkpop3dcert.html.in 2004-07-08 16:59:29.000000000 +0000
	208	@@ -57,7 +57,7 @@
	209	location for the certificate file is
	210	<TT
	211	CLASS="FILENAME"
	212	->@datadir@/pop3d.pem</TT
	213	+>@certsdir@/pop3d.pem</TT
	214	>.
	215	<B
	216	CLASS="COMMAND"
	217	@@ -71,7 +71,7 @@
	218	><P
	219	><TT
	220	CLASS="FILENAME"
	221	->@datadir@/pop3d.pem</TT
	222	+>@certsdir@/pop3d.pem</TT
	223	> must be owned by the
	224	@mailuser@ user and
	225	have no group or world permissions.
	226	@@ -86,7 +86,7 @@
	227	>
	228	will not work if <B
	229	CLASS="COMMAND"
	230	->@datadir@/pop3d.pem</B
	231	+>@certsdir@/pop3d.pem</B
	232	> already exists.</P
	233	><P
234	><B
235	@@ -111,7 +111,7 @@
236	CLASS="VARIABLELIST"
237	><DL
238	><DT
239	->@datadir@/pop3d.pem</DT
240	+>@certsdir@/pop3d.pem</DT
241	><DD
242	><P
243	>X.509 certificate.</P
244	diff -Nur old/imap/mkpop3dcert.in new/imap/mkpop3dcert.in
245	--- old/imap/mkpop3dcert.in 2000-10-06 17:50:37.000000000 +0000
246	+++ new/imap/mkpop3dcert.in 2004-07-08 16:56:21.000000000 +0000
247	@@ -13,25 +13,25 @@
248
249	prefix="@prefix@"
250
251	-if test -f @datadir@/pop3d.pem
252	+if test -f @certsdir@/pop3d.pem
253	then
254	- echo "@datadir@/pop3d.pem already exists."
255	+ echo "@certsdir@/pop3d.pem already exists."
256	exit 1
257	fi
258
259	-cp /dev/null @datadir@/pop3d.pem
260	-chmod 600 @datadir@/pop3d.pem
261	-chown @mailuser@ @datadir@/pop3d.pem
262	+cp /dev/null @certsdir@/pop3d.pem
263	+chmod 600 @certsdir@/pop3d.pem
264	+chown @mailuser@ @certsdir@/pop3d.pem
265
266	cleanup() {
267	- rm -f @datadir@/pop3d.pem
268	- rm -f @datadir@/pop3d.rand
269	+ rm -f @certsdir@/pop3d.pem
270	+ rm -f @certsdir@/pop3d.rand
271	exit 1
272	}
273
274	-dd if=@RANDOMV@ of=@datadir@/pop3d.rand count=1 2>/dev/null
275	+dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null
276	@OPENSSL@ req -new -x509 -days 365 -nodes \
277	- -config @sysconfdir@/pop3d.cnf -out @datadir@/pop3d.pem -keyout @datadir@/pop3d.pem \|\| cleanup
278	-@OPENSSL@ gendh -rand @datadir@/pop3d.rand 512 >>@datadir@/pop3d.pem \|\| cleanup
279	-@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/pop3d.pem \|\| cleanup
280	-rm -f @datadir@/pop3d.rand
281	+ -config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem \|\| cleanup
282	+@OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem \|\| cleanup
283	+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem \|\| cleanup
284	+rm -f @certsdir@/pop3d.rand
285	diff -Nur old/imap/pop3d.cnf.in new/imap/pop3d.cnf.in
286	--- old/imap/pop3d.cnf.in 2001-03-24 04:59:55.000000000 +0000
287	+++ new/imap/pop3d.cnf.in 2004-07-08 16:54:38.000000000 +0000
288	@@ -1,5 +1,5 @@
289
290	-RANDFILE = @datadir@/pop3d.rand
291	+RANDFILE = @certsdir@/pop3d.rand
292
293	[ req ]
294	default_bits = 1024
295	diff -Nur old/imap/pop3d-ssl.dist.in new/imap/pop3d-ssl.dist.in
296	--- old/imap/pop3d-ssl.dist.in 2004-01-24 20:09:31.000000000 +0000
297	+++ new/imap/pop3d-ssl.dist.in 2004-07-08 16:54:31.000000000 +0000
298	@@ -135,7 +135,7 @@
299	# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
300	# treated as confidential, and must not be world-readable.
301	#
302	-TLS_CERTFILE=@datadir@/pop3d.pem
303	+TLS_CERTFILE=@certsdir@/pop3d.pem
304
305	##NAME: TLS_TRUSTCERTS:0
306	#