diff -urN courier-imap-4.3.0.orig/configure.in courier-imap-4.3.0/configure.in
--- courier-imap-4.3.0.orig/configure.in 2007-11-24 04:20:18.000000000 +0100
+++ courier-imap-4.3.0/configure.in 2008-01-19 19:53:07.090124292 +0100
@@ -222,6 +222,11 @@
# Neither does it use the change password feature
+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
+certsdir="$withval", certsdir=$datadir)
+
+AC_SUBST(certsdir)
+
AC_ARG_WITH(authchangepwdir, [], ,
ac_configure_args="$ac_configure_args --with-authchangepwdir=/var/tmp/dev/null")
diff -urN courier-imap-4.3.0.orig/imap/configure.in courier-imap-4.3.0/imap/configure.in
--- courier-imap-4.3.0.orig/imap/configure.in 2007-11-24 04:20:18.000000000 +0100
+++ courier-imap-4.3.0/imap/configure.in 2008-01-19 19:53:07.090124292 +0100
@@ -52,6 +52,11 @@
eval "exec_prefix=$exec_prefix"
eval "bindir=$bindir"
+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
+certsdir="$withval", certsdir=$datadir)
+
+AC_SUBST(certsdir)
+
AC_ARG_WITH(mailer,
[ --with-mailer=prog Your mail submission program],
SENDMAIL="$withval",
diff -urN courier-imap-4.3.0.orig/imap/imapd.cnf.openssl.in courier-imap-4.3.0/imap/imapd.cnf.openssl.in
--- courier-imap-4.3.0.orig/imap/imapd.cnf.openssl.in 2007-11-04 21:49:58.000000000 +0100
+++ courier-imap-4.3.0/imap/imapd.cnf.openssl.in 2008-01-19 19:53:07.090124292 +0100
@@ -1,5 +1,5 @@
-RANDFILE = @mydatadir@/imapd.rand
+RANDFILE = @certsdir@/imapd.rand
[ req ]
default_bits = 1024
diff -urN courier-imap-4.3.0.orig/imap/imapd-ssl.dist.in courier-imap-4.3.0/imap/imapd-ssl.dist.in
--- courier-imap-4.3.0.orig/imap/imapd-ssl.dist.in 2007-11-22 15:23:05.000000000 +0100
+++ courier-imap-4.3.0/imap/imapd-ssl.dist.in 2008-01-19 19:53:22.977590279 +0100
@@ -254,7 +254,7 @@
#
# This is an experimental feature.
-TLS_CERTFILE=@mydatadir@/imapd.pem
+TLS_CERTFILE=@certsdir@/imapd.pem
##NAME: TLS_TRUSTCERTS:0
#
diff -urN courier-imap-4.3.0.orig/imap/mkimapdcert.8.in courier-imap-4.3.0/imap/mkimapdcert.8.in
--- courier-imap-4.3.0.orig/imap/mkimapdcert.8.in 2007-04-22 17:33:32.000000000 +0200
+++ courier-imap-4.3.0/imap/mkimapdcert.8.in 2008-01-19 19:53:58.669385973 +0100
@@ -21,18 +21,18 @@
.SH "DESCRIPTION"
.PP
IMAP over SSL requires a valid, signed, X.509 certificate. The default location for the certificate file is
-\fI@datadir@/imapd.pem\fR.
+\fI@certsdir@/imapd.pem\fR.
\fBmkimapdcert\fR
generates a self\-signed X.509 certificate, mainly for testing. For production use the X.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the certificate.
.PP
-\fI@datadir@/imapd.pem\fR
+\fI@certsdir@/imapd.pem\fR
must be owned by the @mailuser@ user and have no group or world permissions. The
\fBmkimapdcert\fR
command will enforce this. To prevent an unfortunate accident,
\fBmkimapdcert\fR
will not work if
-\fB@datadir@/imapd.pem\fR
+\fB@certsdir@/imapd.pem\fR
already exists.
.PP
@@ -42,7 +42,7 @@
to be installed.
.SH "FILES"
.PP
-@datadir@/imapd.pem
+@certsdir@/imapd.pem
.RS 4
X.509 certificate.
.RE
diff -urN courier-imap-4.3.0.orig/imap/mkimapdcert.html.in courier-imap-4.3.0/imap/mkimapdcert.html.in
--- courier-imap-4.3.0.orig/imap/mkimapdcert.html.in 2007-04-22 17:33:32.000000000 +0200
+++ courier-imap-4.3.0/imap/mkimapdcert.html.in 2008-01-19 19:54:30.834337552 +0100
@@ -7,22 +7,22 @@
-->
Name
mkimapdcert — create a test SSL certificate for IMAP over SSL
DESCRIPTION
IMAP over SSL requires a valid, signed, X.509 certificate. The default
location for the certificate file is
-@datadir@/imapd.pem
.
+@certsdir@/imapd.pem
.
mkimapdcert generates a self-signed X.509 certificate,
mainly for
testing.
For production use the X.509 certificate must be signed by a
recognized certificate authority, in order for mail clients to accept the
certificate.
-@datadir@/imapd.pem
must be owned by the
+@certsdir@/imapd.pem
must be owned by the
@mailuser@ user and
have no group or world permissions.
The mkimapdcert command will
enforce this. To prevent an unfortunate accident,
mkimapdcert
-will not work if @datadir@/imapd.pem already exists.
+will not work if @certsdir@/imapd.pem already exists.
mkimapdcert requires
-OpenSSL to be installed.
FILES
- @datadir@/imapd.pem
-
+OpenSSL to be installed.
FILES
- @certsdir@/imapd.pem
-
X.509 certificate.
- @sysconfdir@/imapd.cnf
-
Parameters used by OpenSSL to
diff -urN courier-imap-4.3.0.orig/imap/mkimapdcert.in courier-imap-4.3.0/imap/mkimapdcert.in
--- courier-imap-4.3.0.orig/imap/mkimapdcert.in 2007-11-04 21:50:15.000000000 +0100
+++ courier-imap-4.3.0/imap/mkimapdcert.in 2008-01-19 19:58:50.290723918 +0100
@@ -18,41 +18,41 @@
prefix="@prefix@"
-if test -f @mydatadir@/imapd.pem
+if test -f @certsdir@/imapd.pem
then
- echo "@mydatadir@/imapd.pem already exists."
+ echo "@certsdir@/imapd.pem already exists."
exit 1
fi
umask 077
cleanup() {
- rm -f @mydatadir@/imapd.pem
- rm -f @mydatadir@/imapd.rand
- rm -f @mydatadir@/imapd.key
- rm -f @mydatadir@/imapd.cert
+ rm -f @certsdir@/imapd.pem
+ rm -f @certsdir@/imapd.rand
+ rm -f @certsdir@/imapd.key
+ rm -f @certsdir@/imapd.cert
exit 1
}
-cd @mydatadir@
+cd @certsdir@
if test "@ssllib@" = "openssl"
then
- cp /dev/null @mydatadir@/imapd.pem
- chmod 600 @mydatadir@/imapd.pem
- chown @mailuser@ @mydatadir@/imapd.pem
+ cp /dev/null @certsdir@/imapd.pem
+ chmod 600 @certsdir@/imapd.pem
+ chown @mailuser@ @certsdir@/imapd.pem
- dd if=@RANDOMV@ of=@mydatadir@/imapd.rand count=1 2>/dev/null
+ dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null
@OPENSSL@ req -new -x509 -days 365 -nodes \
- -config @sysconfdir@/imapd.cnf -out @mydatadir@/imapd.pem -keyout @mydatadir@/imapd.pem || cleanup
- @OPENSSL@ gendh -rand @mydatadir@/imapd.rand 512 >>@mydatadir@/imapd.pem || cleanup
- @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/imapd.pem || cleanup
- rm -f @mydatadir@/imapd.rand
+ -config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem || cleanup
+ @OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem || cleanup
+ @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem || cleanup
+ rm -f @certsdir@/imapd.rand
else
- cp /dev/null @mydatadir@/imapd.key
- chmod 600 @mydatadir@/imapd.key
- cp /dev/null @mydatadir@/imapd.cert
- chmod 600 @mydatadir@/imapd.cert
+ cp /dev/null @certsdir@/imapd.key
+ chmod 600 @certsdir@/imapd.key
+ cp /dev/null @certsdir@/imapd.cert
+ chmod 600 @certsdir@/imapd.cert
@CERTTOOL@ --generate-privkey --outfile imapd.key
@CERTTOOL@ --generate-self-signed --load-privkey imapd.key --outfile imapd.cert --template @sysconfdir@/imapd.cnf
diff -urN courier-imap-4.3.0.orig/imap/mkpop3dcert.8.in courier-imap-4.3.0/imap/mkpop3dcert.8.in
--- courier-imap-4.3.0.orig/imap/mkpop3dcert.8.in 2007-04-22 17:33:36.000000000 +0200
+++ courier-imap-4.3.0/imap/mkpop3dcert.8.in 2008-01-19 19:55:01.929235273 +0100
@@ -21,18 +21,18 @@
.SH "DESCRIPTION"
.PP
POP3 over SSL requires a valid, signed, X.509 certificate. The default location for the certificate file is
-\fI@datadir@/pop3d.pem\fR.
+\fI@certsdir@/pop3d.pem\fR.
\fBmkpop3dcert\fR
generates a self\-signed X.509 certificate, mainly for testing. For production use the X.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the certificate.
.PP
-\fI@datadir@/pop3d.pem\fR
+\fI@certsdir@/pop3d.pem\fR
must be owned by the @mailuser@ user and have no group or world permissions. The
\fBmkpop3dcert\fR
command will enforce this. To prevent an unfortunate accident,
\fBmkpop3dcert\fR
will not work if
-\fB@datadir@/pop3d.pem\fR
+\fB@certsdir@/pop3d.pem\fR
already exists.
.PP
@@ -42,7 +42,7 @@
to be installed.
.SH "FILES"
.PP
-@datadir@/pop3d.pem
+@certsdir@/pop3d.pem
.RS 4
X.509 certificate.
.RE
diff -urN courier-imap-4.3.0.orig/imap/mkpop3dcert.html.in courier-imap-4.3.0/imap/mkpop3dcert.html.in
--- courier-imap-4.3.0.orig/imap/mkpop3dcert.html.in 2007-04-22 17:33:35.000000000 +0200
+++ courier-imap-4.3.0/imap/mkpop3dcert.html.in 2008-01-19 19:55:15.619924063 +0100
@@ -7,22 +7,22 @@
-->
Name
mkpop3dcert — create a test SSL certificate for POP3 over SSL
DESCRIPTION
POP3 over SSL requires a valid, signed, X.509 certificate. The default
location for the certificate file is
-@datadir@/pop3d.pem
.
+@certsdir@/pop3d.pem
.
mkpop3dcert generates a self-signed X.509 certificate,
mainly for
testing.
For production use the X.509 certificate must be signed by a
recognized certificate authority, in order for mail clients to accept the
certificate.
-@datadir@/pop3d.pem
must be owned by the
+@certsdir@/pop3d.pem
must be owned by the
@mailuser@ user and
have no group or world permissions.
The mkpop3dcert command will
enforce this. To prevent an unfortunate accident,
mkpop3dcert
-will not work if @datadir@/pop3d.pem already exists.
+will not work if @certsdir@/pop3d.pem already exists.
mkpop3dcert requires
-OpenSSL to be installed.
FILES
- @datadir@/pop3d.pem
-
+OpenSSL to be installed.
FILES
- @certsdir@/pop3d.pem
-
X.509 certificate.
- @sysconfdir@/pop3d.cnf
-
Parameters used by OpenSSL to
diff -urN courier-imap-4.3.0.orig/imap/mkpop3dcert.in courier-imap-4.3.0/imap/mkpop3dcert.in
--- courier-imap-4.3.0.orig/imap/mkpop3dcert.in 2007-11-04 21:50:15.000000000 +0100
+++ courier-imap-4.3.0/imap/mkpop3dcert.in 2008-01-19 19:59:17.935447993 +0100
@@ -18,41 +18,41 @@
prefix="@prefix@"
-if test -f @mydatadir@/pop3d.pem
+if test -f @certsdir@/pop3d.pem
then
- echo "@mydatadir@/pop3d.pem already exists."
+ echo "@certsdir@/pop3d.pem already exists."
exit 1
fi
umask 077
cleanup() {
- rm -f @mydatadir@/pop3d.pem
- rm -f @mydatadir@/pop3d.rand
- rm -f @mydatadir@/pop3d.key
- rm -f @mydatadir@/pop3d.cert
+ rm -f @certsdir@/pop3d.pem
+ rm -f @certsdir@/pop3d.rand
+ rm -f @certsdir@/pop3d.key
+ rm -f @certsdir@/pop3d.cert
exit 1
}
-cd @mydatadir@
+cd @certsdir@
if test "@ssllib@" = "openssl"
then
- cp /dev/null @mydatadir@/pop3d.pem
- chmod 600 @mydatadir@/pop3d.pem
- chown @mailuser@ @mydatadir@/pop3d.pem
+ cp /dev/null @certsdir@/pop3d.pem
+ chmod 600 @certsdir@/pop3d.pem
+ chown @mailuser@ @certsdir@/pop3d.pem
- dd if=@RANDOMV@ of=@mydatadir@/pop3d.rand count=1 2>/dev/null
+ dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null
@OPENSSL@ req -new -x509 -days 365 -nodes \
- -config @sysconfdir@/pop3d.cnf -out @mydatadir@/pop3d.pem -keyout @mydatadir@/pop3d.pem || cleanup
- @OPENSSL@ gendh -rand @mydatadir@/pop3d.rand 512 >>@mydatadir@/pop3d.pem || cleanup
- @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/pop3d.pem || cleanup
- rm -f @mydatadir@/pop3d.rand
+ -config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem || cleanup
+ @OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem || cleanup
+ @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem || cleanup
+ rm -f @certsdir@/pop3d.rand
else
- cp /dev/null @mydatadir@/pop3d.key
- chmod 600 @mydatadir@/pop3d.key
- cp /dev/null @mydatadir@/pop3d.cert
- chmod 600 @mydatadir@/pop3d.cert
+ cp /dev/null @certsdir@/pop3d.key
+ chmod 600 @certsdir@/pop3d.key
+ cp /dev/null @certsdir@/pop3d.cert
+ chmod 600 @certsdir@/pop3d.cert
@CERTTOOL@ --generate-privkey --outfile pop3d.key
@CERTTOOL@ --generate-self-signed --load-privkey pop3d.key --outfile pop3d.cert --template @sysconfdir@/pop3d.cnf
diff -urN courier-imap-4.3.0.orig/imap/pop3d.cnf.openssl.in courier-imap-4.3.0/imap/pop3d.cnf.openssl.in
--- courier-imap-4.3.0.orig/imap/pop3d.cnf.openssl.in 2007-11-04 21:49:58.000000000 +0100
+++ courier-imap-4.3.0/imap/pop3d.cnf.openssl.in 2008-01-19 19:53:07.103458296 +0100
@@ -1,5 +1,5 @@
-RANDFILE = @mydatadir@/pop3d.rand
+RANDFILE = @certsdir@/pop3d.rand
[ req ]
default_bits = 1024
diff -urN courier-imap-4.3.0.orig/imap/pop3d-ssl.dist.in courier-imap-4.3.0/imap/pop3d-ssl.dist.in
--- courier-imap-4.3.0.orig/imap/pop3d-ssl.dist.in 2007-11-22 15:23:06.000000000 +0100
+++ courier-imap-4.3.0/imap/pop3d-ssl.dist.in 2008-01-19 19:55:43.177977173 +0100
@@ -241,7 +241,7 @@
#
# This is an experimental feature.
-TLS_CERTFILE=@mydatadir@/pop3d.pem
+TLS_CERTFILE=@certsdir@/pop3d.pem
##NAME: TLS_TRUSTCERTS:0
#