1 diff -urN courier-imap-4.3.0.orig/configure.in courier-imap-4.3.0/configure.in
2 --- courier-imap-4.3.0.orig/configure.in 2007-11-24 04:20:18.000000000 +0100
3 +++ courier-imap-4.3.0/configure.in 2008-01-19 19:53:07.090124292 +0100
6 # Neither does it use the change password feature
8 +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
9 +certsdir="$withval", certsdir=$datadir)
13 AC_ARG_WITH(authchangepwdir, [], ,
14 ac_configure_args="$ac_configure_args --with-authchangepwdir=/var/tmp/dev/null")
16 diff -urN courier-imap-4.3.0.orig/imap/configure.in courier-imap-4.3.0/imap/configure.in
17 --- courier-imap-4.3.0.orig/imap/configure.in 2007-11-24 04:20:18.000000000 +0100
18 +++ courier-imap-4.3.0/imap/configure.in 2008-01-19 19:53:07.090124292 +0100
20 eval "exec_prefix=$exec_prefix"
23 +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
24 +certsdir="$withval", certsdir=$datadir)
29 [ --with-mailer=prog Your mail submission program],
31 diff -urN courier-imap-4.3.0.orig/imap/imapd.cnf.openssl.in courier-imap-4.3.0/imap/imapd.cnf.openssl.in
32 --- courier-imap-4.3.0.orig/imap/imapd.cnf.openssl.in 2007-11-04 21:49:58.000000000 +0100
33 +++ courier-imap-4.3.0/imap/imapd.cnf.openssl.in 2008-01-19 19:53:07.090124292 +0100
36 -RANDFILE = @mydatadir@/imapd.rand
37 +RANDFILE = @certsdir@/imapd.rand
41 diff -urN courier-imap-4.3.0.orig/imap/imapd-ssl.dist.in courier-imap-4.3.0/imap/imapd-ssl.dist.in
42 --- courier-imap-4.3.0.orig/imap/imapd-ssl.dist.in 2007-11-22 15:23:05.000000000 +0100
43 +++ courier-imap-4.3.0/imap/imapd-ssl.dist.in 2008-01-19 19:53:22.977590279 +0100
46 # This is an experimental feature.
48 -TLS_CERTFILE=@mydatadir@/imapd.pem
49 +TLS_CERTFILE=@certsdir@/imapd.pem
51 ##NAME: TLS_TRUSTCERTS:0
53 diff -urN courier-imap-4.3.0.orig/imap/mkimapdcert.8.in courier-imap-4.3.0/imap/mkimapdcert.8.in
54 --- courier-imap-4.3.0.orig/imap/mkimapdcert.8.in 2007-04-22 17:33:32.000000000 +0200
55 +++ courier-imap-4.3.0/imap/mkimapdcert.8.in 2008-01-19 19:53:58.669385973 +0100
59 IMAP over SSL requires a valid, signed, X.509 certificate. The default location for the certificate file is
60 -\fI@datadir@/imapd.pem\fR.
61 +\fI@certsdir@/imapd.pem\fR.
63 generates a self\-signed X.509 certificate, mainly for testing. For production use the X.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the certificate.
66 -\fI@datadir@/imapd.pem\fR
67 +\fI@certsdir@/imapd.pem\fR
68 must be owned by the @mailuser@ user and have no group or world permissions. The
70 command will enforce this. To prevent an unfortunate accident,
73 -\fB@datadir@/imapd.pem\fR
74 +\fB@certsdir@/imapd.pem\fR
87 diff -urN courier-imap-4.3.0.orig/imap/mkimapdcert.html.in courier-imap-4.3.0/imap/mkimapdcert.html.in
88 --- courier-imap-4.3.0.orig/imap/mkimapdcert.html.in 2007-04-22 17:33:32.000000000 +0200
89 +++ courier-imap-4.3.0/imap/mkimapdcert.html.in 2008-01-19 19:54:30.834337552 +0100
91 --></head><body><div class="refentry" lang="en" xml:lang="en"><a id="mkimapdcert" shape="rect"> </a><div class="titlepage"/><div class="refnamediv"><h2>Name</h2><p>mkimapdcert — create a test SSL certificate for IMAP over SSL</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">@sbindir@/mkimapdcert</code> </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id281688" shape="rect"> </a><h2>DESCRIPTION</h2><p>
92 IMAP over SSL requires a valid, signed, X.509 certificate. The default
93 location for the certificate file is
94 -<code class="filename">@datadir@/imapd.pem</code>.
95 +<code class="filename">@certsdir@/imapd.pem</code>.
96 <span><strong class="command">mkimapdcert</strong></span> generates a self-signed X.509 certificate,
99 For production use the X.509 certificate must be signed by a
100 recognized certificate authority, in order for mail clients to accept the
102 -<code class="filename">@datadir@/imapd.pem</code> must be owned by the
103 +<code class="filename">@certsdir@/imapd.pem</code> must be owned by the
105 have no group or world permissions.
106 The <span><strong class="command">mkimapdcert</strong></span> command will
107 enforce this. To prevent an unfortunate accident,
108 <span><strong class="command">mkimapdcert</strong></span>
109 -will not work if <span><strong class="command">@datadir@/imapd.pem</strong></span> already exists.</p><p>
110 +will not work if <span><strong class="command">@certsdir@/imapd.pem</strong></span> already exists.</p><p>
111 <span><strong class="command">mkimapdcert</strong></span> requires
112 -<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@datadir@/imapd.pem</span></dt><dd>
113 +<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@certsdir@/imapd.pem</span></dt><dd>
115 </dd><dt><span class="term">@sysconfdir@/imapd.cnf</span></dt><dd>
116 Parameters used by OpenSSL to
117 diff -urN courier-imap-4.3.0.orig/imap/mkimapdcert.in courier-imap-4.3.0/imap/mkimapdcert.in
118 --- courier-imap-4.3.0.orig/imap/mkimapdcert.in 2007-11-04 21:50:15.000000000 +0100
119 +++ courier-imap-4.3.0/imap/mkimapdcert.in 2008-01-19 19:58:50.290723918 +0100
124 -if test -f @mydatadir@/imapd.pem
125 +if test -f @certsdir@/imapd.pem
127 - echo "@mydatadir@/imapd.pem already exists."
128 + echo "@certsdir@/imapd.pem already exists."
135 - rm -f @mydatadir@/imapd.pem
136 - rm -f @mydatadir@/imapd.rand
137 - rm -f @mydatadir@/imapd.key
138 - rm -f @mydatadir@/imapd.cert
139 + rm -f @certsdir@/imapd.pem
140 + rm -f @certsdir@/imapd.rand
141 + rm -f @certsdir@/imapd.key
142 + rm -f @certsdir@/imapd.cert
149 if test "@ssllib@" = "openssl"
151 - cp /dev/null @mydatadir@/imapd.pem
152 - chmod 600 @mydatadir@/imapd.pem
153 - chown @mailuser@ @mydatadir@/imapd.pem
154 + cp /dev/null @certsdir@/imapd.pem
155 + chmod 600 @certsdir@/imapd.pem
156 + chown @mailuser@ @certsdir@/imapd.pem
158 - dd if=@RANDOMV@ of=@mydatadir@/imapd.rand count=1 2>/dev/null
159 + dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null
160 @OPENSSL@ req -new -x509 -days 365 -nodes \
161 - -config @sysconfdir@/imapd.cnf -out @mydatadir@/imapd.pem -keyout @mydatadir@/imapd.pem || cleanup
162 - @OPENSSL@ gendh -rand @mydatadir@/imapd.rand 512 >>@mydatadir@/imapd.pem || cleanup
163 - @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/imapd.pem || cleanup
164 - rm -f @mydatadir@/imapd.rand
165 + -config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem || cleanup
166 + @OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem || cleanup
167 + @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem || cleanup
168 + rm -f @certsdir@/imapd.rand
170 - cp /dev/null @mydatadir@/imapd.key
171 - chmod 600 @mydatadir@/imapd.key
172 - cp /dev/null @mydatadir@/imapd.cert
173 - chmod 600 @mydatadir@/imapd.cert
174 + cp /dev/null @certsdir@/imapd.key
175 + chmod 600 @certsdir@/imapd.key
176 + cp /dev/null @certsdir@/imapd.cert
177 + chmod 600 @certsdir@/imapd.cert
179 @CERTTOOL@ --generate-privkey --outfile imapd.key
180 @CERTTOOL@ --generate-self-signed --load-privkey imapd.key --outfile imapd.cert --template @sysconfdir@/imapd.cnf
181 diff -urN courier-imap-4.3.0.orig/imap/mkpop3dcert.8.in courier-imap-4.3.0/imap/mkpop3dcert.8.in
182 --- courier-imap-4.3.0.orig/imap/mkpop3dcert.8.in 2007-04-22 17:33:36.000000000 +0200
183 +++ courier-imap-4.3.0/imap/mkpop3dcert.8.in 2008-01-19 19:55:01.929235273 +0100
187 POP3 over SSL requires a valid, signed, X.509 certificate. The default location for the certificate file is
188 -\fI@datadir@/pop3d.pem\fR.
189 +\fI@certsdir@/pop3d.pem\fR.
191 generates a self\-signed X.509 certificate, mainly for testing. For production use the X.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the certificate.
194 -\fI@datadir@/pop3d.pem\fR
195 +\fI@certsdir@/pop3d.pem\fR
196 must be owned by the @mailuser@ user and have no group or world permissions. The
198 command will enforce this. To prevent an unfortunate accident,
201 -\fB@datadir@/pop3d.pem\fR
202 +\fB@certsdir@/pop3d.pem\fR
211 +@certsdir@/pop3d.pem
215 diff -urN courier-imap-4.3.0.orig/imap/mkpop3dcert.html.in courier-imap-4.3.0/imap/mkpop3dcert.html.in
216 --- courier-imap-4.3.0.orig/imap/mkpop3dcert.html.in 2007-04-22 17:33:35.000000000 +0200
217 +++ courier-imap-4.3.0/imap/mkpop3dcert.html.in 2008-01-19 19:55:15.619924063 +0100
219 --></head><body><div class="refentry" lang="en" xml:lang="en"><a id="mkpop3dcert" shape="rect"> </a><div class="titlepage"/><div class="refnamediv"><h2>Name</h2><p>mkpop3dcert — create a test SSL certificate for POP3 over SSL</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">@sbindir@/mkpop3dcert</code> </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id281688" shape="rect"> </a><h2>DESCRIPTION</h2><p>
220 POP3 over SSL requires a valid, signed, X.509 certificate. The default
221 location for the certificate file is
222 -<code class="filename">@datadir@/pop3d.pem</code>.
223 +<code class="filename">@certsdir@/pop3d.pem</code>.
224 <span><strong class="command">mkpop3dcert</strong></span> generates a self-signed X.509 certificate,
227 For production use the X.509 certificate must be signed by a
228 recognized certificate authority, in order for mail clients to accept the
230 -<code class="filename">@datadir@/pop3d.pem</code> must be owned by the
231 +<code class="filename">@certsdir@/pop3d.pem</code> must be owned by the
233 have no group or world permissions.
234 The <span><strong class="command">mkpop3dcert</strong></span> command will
235 enforce this. To prevent an unfortunate accident,
236 <span><strong class="command">mkpop3dcert</strong></span>
237 -will not work if <span><strong class="command">@datadir@/pop3d.pem</strong></span> already exists.</p><p>
238 +will not work if <span><strong class="command">@certsdir@/pop3d.pem</strong></span> already exists.</p><p>
239 <span><strong class="command">mkpop3dcert</strong></span> requires
240 -<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@datadir@/pop3d.pem</span></dt><dd>
241 +<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@certsdir@/pop3d.pem</span></dt><dd>
243 </dd><dt><span class="term">@sysconfdir@/pop3d.cnf</span></dt><dd>
244 Parameters used by OpenSSL to
245 diff -urN courier-imap-4.3.0.orig/imap/mkpop3dcert.in courier-imap-4.3.0/imap/mkpop3dcert.in
246 --- courier-imap-4.3.0.orig/imap/mkpop3dcert.in 2007-11-04 21:50:15.000000000 +0100
247 +++ courier-imap-4.3.0/imap/mkpop3dcert.in 2008-01-19 19:59:17.935447993 +0100
252 -if test -f @mydatadir@/pop3d.pem
253 +if test -f @certsdir@/pop3d.pem
255 - echo "@mydatadir@/pop3d.pem already exists."
256 + echo "@certsdir@/pop3d.pem already exists."
263 - rm -f @mydatadir@/pop3d.pem
264 - rm -f @mydatadir@/pop3d.rand
265 - rm -f @mydatadir@/pop3d.key
266 - rm -f @mydatadir@/pop3d.cert
267 + rm -f @certsdir@/pop3d.pem
268 + rm -f @certsdir@/pop3d.rand
269 + rm -f @certsdir@/pop3d.key
270 + rm -f @certsdir@/pop3d.cert
277 if test "@ssllib@" = "openssl"
279 - cp /dev/null @mydatadir@/pop3d.pem
280 - chmod 600 @mydatadir@/pop3d.pem
281 - chown @mailuser@ @mydatadir@/pop3d.pem
282 + cp /dev/null @certsdir@/pop3d.pem
283 + chmod 600 @certsdir@/pop3d.pem
284 + chown @mailuser@ @certsdir@/pop3d.pem
286 - dd if=@RANDOMV@ of=@mydatadir@/pop3d.rand count=1 2>/dev/null
287 + dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null
288 @OPENSSL@ req -new -x509 -days 365 -nodes \
289 - -config @sysconfdir@/pop3d.cnf -out @mydatadir@/pop3d.pem -keyout @mydatadir@/pop3d.pem || cleanup
290 - @OPENSSL@ gendh -rand @mydatadir@/pop3d.rand 512 >>@mydatadir@/pop3d.pem || cleanup
291 - @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/pop3d.pem || cleanup
292 - rm -f @mydatadir@/pop3d.rand
293 + -config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem || cleanup
294 + @OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem || cleanup
295 + @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem || cleanup
296 + rm -f @certsdir@/pop3d.rand
298 - cp /dev/null @mydatadir@/pop3d.key
299 - chmod 600 @mydatadir@/pop3d.key
300 - cp /dev/null @mydatadir@/pop3d.cert
301 - chmod 600 @mydatadir@/pop3d.cert
302 + cp /dev/null @certsdir@/pop3d.key
303 + chmod 600 @certsdir@/pop3d.key
304 + cp /dev/null @certsdir@/pop3d.cert
305 + chmod 600 @certsdir@/pop3d.cert
307 @CERTTOOL@ --generate-privkey --outfile pop3d.key
308 @CERTTOOL@ --generate-self-signed --load-privkey pop3d.key --outfile pop3d.cert --template @sysconfdir@/pop3d.cnf
309 diff -urN courier-imap-4.3.0.orig/imap/pop3d.cnf.openssl.in courier-imap-4.3.0/imap/pop3d.cnf.openssl.in
310 --- courier-imap-4.3.0.orig/imap/pop3d.cnf.openssl.in 2007-11-04 21:49:58.000000000 +0100
311 +++ courier-imap-4.3.0/imap/pop3d.cnf.openssl.in 2008-01-19 19:53:07.103458296 +0100
314 -RANDFILE = @mydatadir@/pop3d.rand
315 +RANDFILE = @certsdir@/pop3d.rand
319 diff -urN courier-imap-4.3.0.orig/imap/pop3d-ssl.dist.in courier-imap-4.3.0/imap/pop3d-ssl.dist.in
320 --- courier-imap-4.3.0.orig/imap/pop3d-ssl.dist.in 2007-11-22 15:23:06.000000000 +0100
321 +++ courier-imap-4.3.0/imap/pop3d-ssl.dist.in 2008-01-19 19:55:43.177977173 +0100
324 # This is an experimental feature.
326 -TLS_CERTFILE=@mydatadir@/pop3d.pem
327 +TLS_CERTFILE=@certsdir@/pop3d.pem
329 ##NAME: TLS_TRUSTCERTS:0