1 diff -Nur old/configure.in new/configure.in
2 --- old/configure.in 2004-05-16 02:40:19.000000000 +0000
3 +++ new/configure.in 2004-05-25 07:37:13.000000000 +0000
5 eval "localstatedir=$localstatedir"
6 eval "datadir=$datadir"
8 +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
9 +certsdir="$withval", certsdir=$datadir)
14 -- see INSTALL, or courier/doc/install.html for configuration options -- ], ,
15 ac_configure_args="$ac_configure_args --with-userdb=${sysconfdir}/userdb")
16 diff -Nur old/courier/configure.in new/courier/configure.in
17 --- old/courier/configure.in 2004-05-02 14:59:42.000000000 +0000
18 +++ new/courier/configure.in 2004-05-25 07:38:14.000000000 +0000
21 eval "exec_prefix=$exec_prefix"
23 +eval "datadir=$datadir"
25 +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
26 +certsdir="$withval", certsdir=$datadir)
30 MAILDROP="$bindir/maildrop"
32 diff -Nur old/courier/imapd-ssl.rc.in new/courier/imapd-ssl.rc.in
33 --- old/courier/imapd-ssl.rc.in 2004-05-24 21:25:19.000000000 +0000
34 +++ new/courier/imapd-ssl.rc.in 2004-05-24 21:32:29.000000000 +0000
39 + # If we do not have a certificate, make one up.
40 + if [ ! -f @certsdir@/imapd.pem ]; then
41 + @sbindir@/mkimapdcert
45 for f in `echo $AUTHMODULES`
47 diff -Nur old/courier/module.esmtp/configure.in new/courier/module.esmtp/configure.in
48 --- old/courier/module.esmtp/configure.in 2004-05-11 00:16:05.000000000 +0000
49 +++ new/courier/module.esmtp/configure.in 2004-05-25 07:46:38.000000000 +0000
51 eval "datadir=$datadir"
52 eval "localstatedir=$localstatedir"
54 +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
55 +certsdir="$withval", certsdir=$datadir)
60 dnl Check what libraries are available
62 diff -Nur old/courier/module.esmtp/esmtpd.cnf.in new/courier/module.esmtp/esmtpd.cnf.in
63 --- old/courier/module.esmtp/esmtpd.cnf.in 2001-08-18 22:18:12.000000000 +0000
64 +++ new/courier/module.esmtp/esmtpd.cnf.in 2004-05-30 22:45:59.000000000 +0000
67 -RANDFILE = @datadir@/esmtpd.rnd
68 +RANDFILE = @certsdir@/esmtpd.rand
72 diff -Nur old/courier/module.esmtp/esmtpd.dist.in new/courier/module.esmtp/esmtpd.dist.in
73 --- old/courier/module.esmtp/esmtpd.dist.in 2004-05-11 00:48:14.000000000 +0000
74 +++ new/courier/module.esmtp/esmtpd.dist.in 2004-07-11 18:09:20.000000000 +0000
76 # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
77 # treated as confidential, and must not be world-readable.
79 -TLS_CERTFILE=@datadir@/esmtpd.pem
80 +TLS_CERTFILE=@certsdir@/esmtpd.pem
82 ##NAME: TLS_CERTINFO:0
84 diff -Nur old/courier/module.esmtp/esmtpd-ssl.dist.in new/courier/module.esmtp/esmtpd-ssl.dist.in
85 --- old/courier/module.esmtp/esmtpd-ssl.dist.in 2004-04-24 19:56:19.000000000 +0000
86 +++ new/courier/module.esmtp/esmtpd-ssl.dist.in 2004-05-24 20:57:52.000000000 +0000
88 # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
89 # treated as confidential, and must not be world-readable.
91 -TLS_CERTFILE=@datadir@/esmtpd.pem
92 +TLS_CERTFILE=@certsdir@/esmtpd.pem
94 ##NAME: TLS_TRUSTCERTS:0
96 diff -Nur old/courier/module.esmtp/esmtpd-ssl.in new/courier/module.esmtp/esmtpd-ssl.in
97 --- old/courier/module.esmtp/esmtpd-ssl.in 2004-05-24 21:24:41.000000000 +0000
98 +++ new/courier/module.esmtp/esmtpd-ssl.in 2004-05-24 21:31:31.000000000 +0000
103 + # If we do not have a certificate, make one up.
104 + if [ ! -f @certsdir@/esmtpd.pem ]; then
105 + @sbindir@/mkesmtpdcert
109 ${sbindir}/couriertcpd -pid=$SSLPIDFILE -stop
110 diff -Nur old/courier/module.esmtp/mkesmtpdcert.in new/courier/module.esmtp/mkesmtpdcert.in
111 --- old/courier/module.esmtp/mkesmtpdcert.in 2000-09-18 17:24:01.000000000 +0000
112 +++ new/courier/module.esmtp/mkesmtpdcert.in 2004-05-25 07:31:21.000000000 +0000
115 test -x @OPENSSL@ || exit 0
117 -if test -f @datadir@/esmtpd.pem
118 +if test -f @certsdir@/esmtpd.pem
120 - echo "@datadir@/esmtpd.pem already exists."
121 + echo "@certsdir@/esmtpd.pem already exists."
125 -cp /dev/null @datadir@/esmtpd.pem
126 -chmod 600 @datadir@/esmtpd.pem
127 -chown @mailuser@ @datadir@/esmtpd.pem
128 +cp /dev/null @certsdir@/esmtpd.pem
129 +chmod 600 @certsdir@/esmtpd.pem
130 +chown @mailuser@ @certsdir@/esmtpd.pem
133 - rm -f @datadir@/esmtpd.rand
134 - rm -f @datadir@/esmtpd.pem
135 + rm -f @certsdir@/esmtpd.rand
136 + rm -f @certsdir@/esmtpd.pem
140 -dd if=@RANDOMV@ of=@datadir@/esmtpd.rand count=1 2>/dev/null
141 +dd if=@RANDOMV@ of=@certsdir@/esmtpd.rand count=1 2>/dev/null
142 @OPENSSL@ req -new -x509 -days 365 -nodes \
143 - -config @sysconfdir@/esmtpd.cnf -out @datadir@/esmtpd.pem -keyout @datadir@/esmtpd.pem || cleanup
144 -@OPENSSL@ gendh -rand @datadir@/esmtpd.rand 512 >>@datadir@/esmtpd.pem || cleanup
145 -@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/esmtpd.pem || cleanup
146 -rm -f @datadir@/esmtpd.rand
147 + -config @sysconfdir@/esmtpd.cnf -out @certsdir@/esmtpd.pem -keyout @certsdir@/esmtpd.pem || cleanup
148 +@OPENSSL@ gendh -rand @certsdir@/esmtpd.rand 512 >>@certsdir@/esmtpd.pem || cleanup
149 +@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/esmtpd.pem || cleanup
150 +rm -f @certsdir@/esmtpd.rand
151 diff -Nur old/courier/pop3d-ssl.in new/courier/pop3d-ssl.in
152 --- old/courier/pop3d-ssl.in 2004-05-24 21:25:31.000000000 +0000
153 +++ new/courier/pop3d-ssl.in 2004-05-24 21:33:05.000000000 +0000
158 + # If we do not have a certificate, make one up.
159 + if [ ! -f @certsdir@/pop3d.pem ]; then
160 + @sbindir@/mkpop3dcert
164 for f in `echo $AUTHMODULES`
166 diff -Nur old/courier.sysvinit.in new/courier.sysvinit.in
167 --- old/courier.sysvinit.in 2004-05-02 14:24:06.000000000 +0000
168 +++ new/courier.sysvinit.in 2004-05-24 20:56:37.000000000 +0000
172 libexecdir="@libexecdir@"
174 +certsdir="@certsdir@"
176 if test ! -f ${sysconfdir}/esmtpd
180 # If we do not have a certificate, make one up.
182 - if test ! -f ${datadir}/esmtpd.pem
183 + if test ! -f ${certsdir}/esmtpd.pem
185 if test -x $COURIERTLS
189 # If we do not have a certificate, make one up.
191 - if test ! -f ${datadir}/pop3d.pem
192 + if test ! -f ${certsdir}/pop3d.pem
194 echo -n " generating-POP3-SSL-certificate..."
198 # If we do not have a certificate, make one up.
200 - if test ! -f ${datadir}/imapd.pem
201 + if test ! -f ${certsdir}/imapd.pem
203 echo -n " generating-IMAP-SSL-certificate..."
205 diff -Nur old/imap/configure.in new/imap/configure.in
206 --- old/imap/configure.in 2004-05-16 02:38:13.000000000 +0000
207 +++ new/imap/configure.in 2004-05-25 07:37:24.000000000 +0000
209 eval "sysconfdir=$sysconfdir"
210 eval "localstatedir=$localstatedir"
212 +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
213 +certsdir="$withval", certsdir=$datadir)
218 # Check for PAM configuration flavor
220 diff -Nur old/imap/imapd.cnf.in new/imap/imapd.cnf.in
221 --- old/imap/imapd.cnf.in 2001-03-24 04:59:55.000000000 +0000
222 +++ new/imap/imapd.cnf.in 2004-05-30 22:37:03.000000000 +0000
225 -RANDFILE = @datadir@/imapd.rand
226 +RANDFILE = @certsdir@/imapd.rand
230 diff -Nur old/imap/imapd-ssl.dist.in new/imap/imapd-ssl.dist.in
231 --- old/imap/imapd-ssl.dist.in 2004-01-25 05:40:03.000000000 +0000
232 +++ new/imap/imapd-ssl.dist.in 2004-05-24 20:57:29.000000000 +0000
234 # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
235 # treated as confidential, and must not be world-readable.
237 -TLS_CERTFILE=@datadir@/imapd.pem
238 +TLS_CERTFILE=@certsdir@/imapd.pem
240 ##NAME: TLS_TRUSTCERTS:0
242 diff -Nur old/imap/mkimapdcert.8.in new/imap/mkimapdcert.8.in
243 --- old/imap/mkimapdcert.8.in 2004-01-14 00:51:10.000000000 +0000
244 +++ new/imap/mkimapdcert.8.in 2004-05-25 07:32:16.000000000 +0000
247 IMAP over SSL requires a valid, signed, X.509 certificate. The default
248 location for the certificate file is
249 -\fI@datadir@/imapd.pem\fR\&.
250 +\fI@certsdir@/imapd.pem\fR\&.
251 \fBmkimapdcert\fR generates a self-signed X.509 certificate,
255 recognized certificate authority, in order for mail clients to accept the
258 -\fI@datadir@/imapd.pem\fR must be owned by the
259 +\fI@certsdir@/imapd.pem\fR must be owned by the
261 have no group or world permissions.
262 The \fBmkimapdcert\fR command will
263 enforce this. To prevent an unfortunate accident,
265 -will not work if \fB@datadir@/imapd.pem\fR already exists.
266 +will not work if \fB@certsdir@/imapd.pem\fR already exists.
268 \fBmkimapdcert\fR requires
269 \fBOpenSSL\fR to be installed.
272 -\fB@datadir@/imapd.pem\fR
273 +\fB@certsdir@/imapd.pem\fR
276 \fB@sysconfdir@/imapd.cnf\fR
277 diff -Nur old/imap/mkimapdcert.html.in new/imap/mkimapdcert.html.in
278 --- old/imap/mkimapdcert.html.in 2004-01-14 00:51:16.000000000 +0000
279 +++ new/imap/mkimapdcert.html.in 2004-05-25 07:32:37.000000000 +0000
281 location for the certificate file is
284 ->@datadir@/imapd.pem</TT
285 +>@certsdir@/imapd.pem</TT
293 ->@datadir@/imapd.pem</TT
294 +>@certsdir@/imapd.pem</TT
295 > must be owned by the
297 have no group or world permissions.
302 ->@datadir@/imapd.pem</B
303 +>@certsdir@/imapd.pem</B
311 ->@datadir@/imapd.pem</DT
312 +>@certsdir@/imapd.pem</DT
315 >X.509 certificate.</P
316 diff -Nur old/imap/mkimapdcert.in new/imap/mkimapdcert.in
317 --- old/imap/mkimapdcert.in 2001-08-26 16:16:42.000000000 +0000
318 +++ new/imap/mkimapdcert.in 2004-05-25 07:33:42.000000000 +0000
323 -if test -f @datadir@/imapd.pem
324 +if test -f @certsdir@/imapd.pem
326 - echo "@datadir@/imapd.pem already exists."
327 + echo "@certsdir@/imapd.pem already exists."
331 -cp /dev/null @datadir@/imapd.pem
332 -chmod 600 @datadir@/imapd.pem
333 -chown @mailuser@ @datadir@/imapd.pem
334 +cp /dev/null @certsdir@/imapd.pem
335 +chmod 600 @certsdir@/imapd.pem
336 +chown @mailuser@ @certsdir@/imapd.pem
339 - rm -f @datadir@/imapd.pem
340 - rm -f @datadir@/imapd.rand
341 + rm -f @certsdir@/imapd.pem
342 + rm -f @certsdir@/imapd.rand
347 -dd if=@RANDOMV@ of=@datadir@/imapd.rand count=1 2>/dev/null
349 +dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null
350 @OPENSSL@ req -new -x509 -days 365 -nodes \
351 - -config @sysconfdir@/imapd.cnf -out @datadir@/imapd.pem -keyout @datadir@/imapd.pem || cleanup
352 -@OPENSSL@ gendh -rand @datadir@/imapd.rand 512 >>@datadir@/imapd.pem || cleanup
353 -@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/imapd.pem || cleanup
354 -rm -f @datadir@/imapd.rand
355 + -config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem || cleanup
356 +@OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem || cleanup
357 +@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem || cleanup
358 +rm -f @certsdir@/imapd.rand
359 diff -Nur old/imap/mkpop3dcert.8.in new/imap/mkpop3dcert.8.in
360 --- old/imap/mkpop3dcert.8.in 2004-01-14 00:51:13.000000000 +0000
361 +++ new/imap/mkpop3dcert.8.in 2004-05-25 07:34:07.000000000 +0000
364 POP3 over SSL requires a valid, signed, X.509 certificate. The default
365 location for the certificate file is
366 -\fI@datadir@/pop3d.pem\fR\&.
367 +\fI@certsdir@/pop3d.pem\fR\&.
368 \fBmkpop3dcert\fR generates a self-signed X.509 certificate,
372 recognized certificate authority, in order for mail clients to accept the
375 -\fI@datadir@/pop3d.pem\fR must be owned by the
376 +\fI@certsdir@/pop3d.pem\fR must be owned by the
378 have no group or world permissions.
379 The \fBmkpop3dcert\fR command will
380 enforce this. To prevent an unfortunate accident,
382 -will not work if \fB@datadir@/pop3d.pem\fR already exists.
383 +will not work if \fB@certsdir@/pop3d.pem\fR already exists.
385 \fBmkpop3dcert\fR requires
386 \fBOpenSSL\fR to be installed.
389 -\fB@datadir@/pop3d.pem\fR
390 +\fB@certsdir@/pop3d.pem\fR
393 \fB@sysconfdir@/pop3d.cnf\fR
394 diff -Nur old/imap/mkpop3dcert.html.in new/imap/mkpop3dcert.html.in
395 --- old/imap/mkpop3dcert.html.in 2004-01-14 00:51:17.000000000 +0000
396 +++ new/imap/mkpop3dcert.html.in 2004-05-25 07:34:26.000000000 +0000
398 location for the certificate file is
401 ->@datadir@/pop3d.pem</TT
402 +>@certsdir@/pop3d.pem</TT
410 ->@datadir@/pop3d.pem</TT
411 +>@certsdir@/pop3d.pem</TT
412 > must be owned by the
414 have no group or world permissions.
419 ->@datadir@/pop3d.pem</B
420 +>@certsdir@/pop3d.pem</B
428 ->@datadir@/pop3d.pem</DT
429 +>@certsdir@/pop3d.pem</DT
432 >X.509 certificate.</P
433 diff -Nur old/imap/mkpop3dcert.in new/imap/mkpop3dcert.in
434 --- old/imap/mkpop3dcert.in 2000-10-06 17:50:37.000000000 +0000
435 +++ new/imap/mkpop3dcert.in 2004-05-25 07:35:23.000000000 +0000
440 -if test -f @datadir@/pop3d.pem
441 +if test -f @certsdir@/pop3d.pem
443 - echo "@datadir@/pop3d.pem already exists."
444 + echo "@certsdir@/pop3d.pem already exists."
448 -cp /dev/null @datadir@/pop3d.pem
449 -chmod 600 @datadir@/pop3d.pem
450 -chown @mailuser@ @datadir@/pop3d.pem
451 +cp /dev/null @certsdir@/pop3d.pem
452 +chmod 600 @certsdir@/pop3d.pem
453 +chown @mailuser@ @certsdir@/pop3d.pem
456 - rm -f @datadir@/pop3d.pem
457 - rm -f @datadir@/pop3d.rand
458 + rm -f @certsdir@/pop3d.pem
459 + rm -f @certsdir@/pop3d.rand
463 -dd if=@RANDOMV@ of=@datadir@/pop3d.rand count=1 2>/dev/null
464 +dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null
465 @OPENSSL@ req -new -x509 -days 365 -nodes \
466 - -config @sysconfdir@/pop3d.cnf -out @datadir@/pop3d.pem -keyout @datadir@/pop3d.pem || cleanup
467 -@OPENSSL@ gendh -rand @datadir@/pop3d.rand 512 >>@datadir@/pop3d.pem || cleanup
468 -@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/pop3d.pem || cleanup
469 -rm -f @datadir@/pop3d.rand
470 + -config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem || cleanup
471 +@OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem || cleanup
472 +@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem || cleanup
473 +rm -f @certsdir@/pop3d.rand
474 diff -Nur old/imap/pop3d.cnf.in new/imap/pop3d.cnf.in
475 --- old/imap/pop3d.cnf.in 2001-03-24 04:59:55.000000000 +0000
476 +++ new/imap/pop3d.cnf.in 2004-05-30 22:37:10.000000000 +0000
479 -RANDFILE = @datadir@/pop3d.rand
480 +RANDFILE = @certsdir@/pop3d.rand
484 diff -Nur old/imap/pop3d-ssl.dist.in new/imap/pop3d-ssl.dist.in
485 --- old/imap/pop3d-ssl.dist.in 2004-01-25 05:40:04.000000000 +0000
486 +++ new/imap/pop3d-ssl.dist.in 2004-05-24 20:57:32.000000000 +0000
488 # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
489 # treated as confidential, and must not be world-readable.
491 -TLS_CERTFILE=@datadir@/pop3d.pem
492 +TLS_CERTFILE=@certsdir@/pop3d.pem
494 ##NAME: TLS_TRUSTCERTS:0