1 diff -urN courier-0.58.0.orig/configure.in courier-0.58.0/configure.in
2 --- courier-0.58.0.orig/configure.in 2007-11-24 04:25:52.000000000 +0100
3 +++ courier-0.58.0/configure.in 2008-01-19 23:37:26.428337743 +0100
5 eval "localstatedir=$localstatedir"
6 eval "datadir=$datadir"
8 +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
9 +certsdir="$withval", certsdir=$datadir)
13 AC_ARG_WITH(makedatprog, [], ,
14 ac_configure_args="$ac_configure_args --with-makedatprog=${libexecdir}/courier/makedatprog")
16 diff -urN courier-0.58.0.orig/courier/configure.in courier-0.58.0/courier/configure.in
17 --- courier-0.58.0.orig/courier/configure.in 2007-11-24 04:25:52.000000000 +0100
18 +++ courier-0.58.0/courier/configure.in 2008-01-19 23:38:38.745253650 +0100
20 eval "datarootdir=$datarootdir"
22 eval "localstatedir=$localstatedir"
23 +eval "datadir=$datadir"
25 +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
26 +certsdir="$withval", certsdir=$datadir)
30 MAILDROP="$bindir/maildrop"
32 diff -urN courier-0.58.0.orig/courier/imapd-ssl.rc.in courier-0.58.0/courier/imapd-ssl.rc.in
33 --- courier-0.58.0.orig/courier/imapd-ssl.rc.in 2008-01-19 23:30:56.000000000 +0100
34 +++ courier-0.58.0/courier/imapd-ssl.rc.in 2008-01-19 23:37:26.428337743 +0100
39 + # If we do not have a certificate, make one up.
40 + if [ ! -f @certsdir@/imapd.pem ]; then
41 + @sbindir@/mkimapdcert
45 @ULIMIT@ $IMAP_ULIMITD
46 @SETENV@ -i @SHELL@ -c " set -a ;
47 diff -urN courier-0.58.0.orig/courier/module.esmtp/configure.in courier-0.58.0/courier/module.esmtp/configure.in
48 --- courier-0.58.0.orig/courier/module.esmtp/configure.in 2007-11-04 22:17:03.000000000 +0100
49 +++ courier-0.58.0/courier/module.esmtp/configure.in 2008-01-19 23:37:26.428337743 +0100
51 AC_SUBST(mydatadir) # Quell automake warning
54 +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
55 +certsdir="$withval", certsdir=$datadir)
60 dnl Check what libraries are available
62 diff -urN courier-0.58.0.orig/courier/module.esmtp/esmtpd.cnf.openssl.in courier-0.58.0/courier/module.esmtp/esmtpd.cnf.openssl.in
63 --- courier-0.58.0.orig/courier/module.esmtp/esmtpd.cnf.openssl.in 2007-07-01 17:36:34.000000000 +0200
64 +++ courier-0.58.0/courier/module.esmtp/esmtpd.cnf.openssl.in 2008-01-19 23:39:34.911369481 +0100
67 -RANDFILE = @mydatadir@/esmtpd.rnd
68 +RANDFILE = @certsdir@/esmtpd.rnd
72 diff -urN courier-0.58.0.orig/courier/module.esmtp/esmtpd.dist.in courier-0.58.0/courier/module.esmtp/esmtpd.dist.in
73 --- courier-0.58.0.orig/courier/module.esmtp/esmtpd.dist.in 2007-11-04 22:17:03.000000000 +0100
74 +++ courier-0.58.0/courier/module.esmtp/esmtpd.dist.in 2008-01-19 23:39:44.028487817 +0100
77 # This is an experimental feature.
79 -TLS_CERTFILE=@mydatadir@/esmtpd.pem
80 +TLS_CERTFILE=@certsdir@/esmtpd.pem
82 ##NAME: TLS_CERTINFO:0
84 diff -urN courier-0.58.0.orig/courier/module.esmtp/esmtpd-ssl.dist.in courier-0.58.0/courier/module.esmtp/esmtpd-ssl.dist.in
85 --- courier-0.58.0.orig/courier/module.esmtp/esmtpd-ssl.dist.in 2007-11-04 22:17:03.000000000 +0100
86 +++ courier-0.58.0/courier/module.esmtp/esmtpd-ssl.dist.in 2008-01-19 23:39:22.684097067 +0100
89 # This is an experimental feature.
91 -TLS_CERTFILE=@mydatadir@/esmtpd.pem
92 +TLS_CERTFILE=@certsdir@/esmtpd.pem
94 ##NAME: TLS_TRUSTCERTS:0
96 diff -urN courier-0.58.0.orig/courier/module.esmtp/esmtpd-ssl.in courier-0.58.0/courier/module.esmtp/esmtpd-ssl.in
97 --- courier-0.58.0.orig/courier/module.esmtp/esmtpd-ssl.in 2008-01-19 23:30:56.000000000 +0100
98 +++ courier-0.58.0/courier/module.esmtp/esmtpd-ssl.in 2008-01-19 23:37:26.431671242 +0100
103 + # If we do not have a certificate, make one up.
104 + if [ ! -f @certsdir@/esmtpd.pem ]; then
105 + @sbindir@/mkesmtpdcert
109 ${sbindir}/couriertcpd -pid=$SSLPIDFILE -stop
110 diff -urN courier-0.58.0.orig/courier/module.esmtp/mkesmtpdcert.in courier-0.58.0/courier/module.esmtp/mkesmtpdcert.in
111 --- courier-0.58.0.orig/courier/module.esmtp/mkesmtpdcert.in 2007-11-04 22:17:03.000000000 +0100
112 +++ courier-0.58.0/courier/module.esmtp/mkesmtpdcert.in 2008-01-19 23:40:14.373324466 +0100
114 test -x @CERTTOOL@ || exit 0
117 -if test -f @mydatadir@/esmtpd.pem
118 +if test -f @certsdir@/esmtpd.pem
120 - echo "@mydatadir@/esmtpd.pem already exists."
121 + echo "@certsdir@/esmtpd.pem already exists."
126 - rm -f @mydatadir@/esmtpd.rand
127 - rm -f @mydatadir@/esmtpd.pem
128 - rm -f @mydatadir@/esmtpd.key
129 - rm -f @mydatadir@/esmtpd.cert
130 + rm -f @certsdir@/esmtpd.rand
131 + rm -f @certsdir@/esmtpd.pem
132 + rm -f @certsdir@/esmtpd.key
133 + rm -f @certsdir@/esmtpd.cert
140 if test "@ssllib@" = "openssl"
142 - cp /dev/null @mydatadir@/esmtpd.pem
143 - chmod 600 @mydatadir@/esmtpd.pem
144 - chown @mailuser@ @mydatadir@/esmtpd.pem
145 - dd if=@RANDOMV@ of=@mydatadir@/esmtpd.rand count=1 2>/dev/null
146 + cp /dev/null @certsdir@/esmtpd.pem
147 + chmod 600 @certsdir@/esmtpd.pem
148 + chown @mailuser@ @certsdir@/esmtpd.pem
149 + dd if=@RANDOMV@ of=@certsdir@/esmtpd.rand count=1 2>/dev/null
150 @OPENSSL@ req -new -x509 -days 365 -nodes \
151 - -config @sysconfdir@/esmtpd.cnf -out @mydatadir@/esmtpd.pem -keyout @mydatadir@/esmtpd.pem || cleanup
152 - @OPENSSL@ gendh -rand @mydatadir@/esmtpd.rand 512 >>@mydatadir@/esmtpd.pem || cleanup
153 - @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/esmtpd.pem || cleanup
154 - rm -f @mydatadir@/esmtpd.rand
155 + -config @sysconfdir@/esmtpd.cnf -out @certsdir@/esmtpd.pem -keyout @certsdir@/esmtpd.pem || cleanup
156 + @OPENSSL@ gendh -rand @certsdir@/esmtpd.rand 512 >>@certsdir@/esmtpd.pem || cleanup
157 + @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/esmtpd.pem || cleanup
158 + rm -f @certsdir@/esmtpd.rand
160 - cp /dev/null @mydatadir@/esmtpd.key
161 - chmod 600 @mydatadir@/esmtpd.key
162 - cp /dev/null @mydatadir@/esmtpd.cert
163 - chmod 600 @mydatadir@/esmtpd.cert
164 + cp /dev/null @certsdir@/esmtpd.key
165 + chmod 600 @certsdir@/esmtpd.key
166 + cp /dev/null @certsdir@/esmtpd.cert
167 + chmod 600 @certsdir@/esmtpd.cert
169 @CERTTOOL@ --generate-privkey --outfile esmtpd.key
170 @CERTTOOL@ --generate-self-signed --load-privkey esmtpd.key --outfile esmtpd.cert --template @sysconfdir@/esmtpd.cnf
171 diff -urN courier-0.58.0.orig/courier/pop3d-ssl.in courier-0.58.0/courier/pop3d-ssl.in
172 --- courier-0.58.0.orig/courier/pop3d-ssl.in 2008-01-19 23:30:56.000000000 +0100
173 +++ courier-0.58.0/courier/pop3d-ssl.in 2008-01-19 23:37:26.431671242 +0100
178 + # If we do not have a certificate, make one up.
179 + if [ ! -f @certsdir@/pop3d.pem ]; then
180 + @sbindir@/mkpop3dcert
183 exec @SETENV@ -i PATH="$PATH" SHELL="$SHELL" \
184 @SHELL@ -c " set -a ; \
186 diff -urN courier-0.58.0.orig/courier.sysvinit.in courier-0.58.0/courier.sysvinit.in
187 --- courier-0.58.0.orig/courier.sysvinit.in 2008-01-19 23:30:56.000000000 +0100
188 +++ courier-0.58.0/courier.sysvinit.in 2008-01-19 23:37:26.431671242 +0100
192 libexecdir="@libexecdir@"
194 +certsdir="@certsdir@"
196 if test ! -f ${sysconfdir}/esmtpd
200 # If we do not have a certificate, make one up.
202 - if test ! -f ${datadir}/esmtpd.pem
203 + if test ! -f ${certsdir}/esmtpd.pem
205 if test -x $COURIERTLS
209 # If we do not have a certificate, make one up.
211 - if test ! -f ${datadir}/pop3d.pem
212 + if test ! -f ${certsdir}/pop3d.pem
214 echo -n " generating-POP3-SSL-certificate..."
218 # If we do not have a certificate, make one up.
220 - if test ! -f ${datadir}/imapd.pem
221 + if test ! -f ${certsdir}/imapd.pem
223 echo -n " generating-IMAP-SSL-certificate..."
225 diff -urN courier-0.58.0.orig/imap/configure.in courier-0.58.0/imap/configure.in
226 --- courier-0.58.0.orig/imap/configure.in 2007-11-24 04:23:13.000000000 +0100
227 +++ courier-0.58.0/imap/configure.in 2008-01-19 23:37:26.435004741 +0100
230 AC_SUBST(mydatadir) # Avoid useless autoconf warning
232 +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
233 +certsdir="$withval", certsdir=$datadir)
238 # Check for PAM configuration flavor
240 diff -urN courier-0.58.0.orig/imap/imapd.cnf.openssl.in courier-0.58.0/imap/imapd.cnf.openssl.in
241 --- courier-0.58.0.orig/imap/imapd.cnf.openssl.in 2007-11-04 21:49:58.000000000 +0100
242 +++ courier-0.58.0/imap/imapd.cnf.openssl.in 2008-01-19 23:40:41.287991189 +0100
245 -RANDFILE = @mydatadir@/imapd.rand
246 +RANDFILE = @certsdir@/imapd.rand
250 diff -urN courier-0.58.0.orig/imap/imapd-ssl.dist.in courier-0.58.0/imap/imapd-ssl.dist.in
251 --- courier-0.58.0.orig/imap/imapd-ssl.dist.in 2008-01-19 23:30:56.000000000 +0100
252 +++ courier-0.58.0/imap/imapd-ssl.dist.in 2008-01-19 23:40:36.037731086 +0100
255 # This is an experimental feature.
257 -TLS_CERTFILE=@mydatadir@/imapd.pem
258 +TLS_CERTFILE=@certsdir@/imapd.pem
260 ##NAME: TLS_TRUSTCERTS:0
262 diff -urN courier-0.58.0.orig/imap/mkimapdcert.8.in courier-0.58.0/imap/mkimapdcert.8.in
263 --- courier-0.58.0.orig/imap/mkimapdcert.8.in 2007-04-22 20:19:43.000000000 +0200
264 +++ courier-0.58.0/imap/mkimapdcert.8.in 2008-01-19 23:41:04.485807114 +0100
268 IMAP over SSL requires a valid, signed, X.509 certificate. The default location for the certificate file is
269 -\fI@datadir@/imapd.pem\fR.
270 +\fI@certsdir@/imapd.pem\fR.
272 generates a self\-signed X.509 certificate, mainly for testing. For production use the X.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the certificate.
275 -\fI@datadir@/imapd.pem\fR
276 +\fI@certsdir@/imapd.pem\fR
277 must be owned by the @mailuser@ user and have no group or world permissions. The
279 command will enforce this. To prevent an unfortunate accident,
282 -\fB@datadir@/imapd.pem\fR
283 +\fB@certsdir@/imapd.pem\fR
292 +@certsdir@/imapd.pem
296 diff -urN courier-0.58.0.orig/imap/mkimapdcert.html.in courier-0.58.0/imap/mkimapdcert.html.in
297 --- courier-0.58.0.orig/imap/mkimapdcert.html.in 2007-04-22 20:19:42.000000000 +0200
298 +++ courier-0.58.0/imap/mkimapdcert.html.in 2008-01-19 23:41:31.457143328 +0100
300 --></head><body><div class="refentry" lang="en" xml:lang="en"><a id="mkimapdcert" shape="rect"> </a><div class="titlepage"/><div class="refnamediv"><h2>Name</h2><p>mkimapdcert — create a test SSL certificate for IMAP over SSL</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">@sbindir@/mkimapdcert</code> </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id281688" shape="rect"> </a><h2>DESCRIPTION</h2><p>
301 IMAP over SSL requires a valid, signed, X.509 certificate. The default
302 location for the certificate file is
303 -<code class="filename">@datadir@/imapd.pem</code>.
304 +<code class="filename">@certsdir@/imapd.pem</code>.
305 <span><strong class="command">mkimapdcert</strong></span> generates a self-signed X.509 certificate,
308 For production use the X.509 certificate must be signed by a
309 recognized certificate authority, in order for mail clients to accept the
311 -<code class="filename">@datadir@/imapd.pem</code> must be owned by the
312 +<code class="filename">@certsdir@/imapd.pem</code> must be owned by the
314 have no group or world permissions.
315 The <span><strong class="command">mkimapdcert</strong></span> command will
316 enforce this. To prevent an unfortunate accident,
317 <span><strong class="command">mkimapdcert</strong></span>
318 -will not work if <span><strong class="command">@datadir@/imapd.pem</strong></span> already exists.</p><p>
319 +will not work if <span><strong class="command">@certsdir@/imapd.pem</strong></span> already exists.</p><p>
320 <span><strong class="command">mkimapdcert</strong></span> requires
321 -<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@datadir@/imapd.pem</span></dt><dd>
322 +<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@certsdir@/imapd.pem</span></dt><dd>
324 </dd><dt><span class="term">@sysconfdir@/imapd.cnf</span></dt><dd>
325 Parameters used by OpenSSL to
326 diff -urN courier-0.58.0.orig/imap/mkimapdcert.in courier-0.58.0/imap/mkimapdcert.in
327 --- courier-0.58.0.orig/imap/mkimapdcert.in 2007-11-04 21:53:05.000000000 +0100
328 +++ courier-0.58.0/imap/mkimapdcert.in 2008-01-19 23:42:07.038906129 +0100
333 -if test -f @mydatadir@/imapd.pem
334 +if test -f @certsdir@/imapd.pem
336 - echo "@mydatadir@/imapd.pem already exists."
337 + echo "@certsdir@/imapd.pem already exists."
344 - rm -f @mydatadir@/imapd.pem
345 - rm -f @mydatadir@/imapd.rand
346 - rm -f @mydatadir@/imapd.key
347 - rm -f @mydatadir@/imapd.cert
348 + rm -f @certsdir@/imapd.pem
349 + rm -f @certsdir@/imapd.rand
350 + rm -f @certsdir@/imapd.key
351 + rm -f @certsdir@/imapd.cert
358 if test "@ssllib@" = "openssl"
360 - cp /dev/null @mydatadir@/imapd.pem
361 - chmod 600 @mydatadir@/imapd.pem
362 - chown @mailuser@ @mydatadir@/imapd.pem
363 + cp /dev/null @certsdir@/imapd.pem
364 + chmod 600 @certsdir@/imapd.pem
365 + chown @mailuser@ @certsdir@/imapd.pem
367 - dd if=@RANDOMV@ of=@mydatadir@/imapd.rand count=1 2>/dev/null
368 + dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null
369 @OPENSSL@ req -new -x509 -days 365 -nodes \
370 - -config @sysconfdir@/imapd.cnf -out @mydatadir@/imapd.pem -keyout @mydatadir@/imapd.pem || cleanup
371 - @OPENSSL@ gendh -rand @mydatadir@/imapd.rand 512 >>@mydatadir@/imapd.pem || cleanup
372 - @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/imapd.pem || cleanup
373 - rm -f @mydatadir@/imapd.rand
374 + -config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem || cleanup
375 + @OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem || cleanup
376 + @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem || cleanup
377 + rm -f @certsdir@/imapd.rand
379 - cp /dev/null @mydatadir@/imapd.key
380 - chmod 600 @mydatadir@/imapd.key
381 - cp /dev/null @mydatadir@/imapd.cert
382 - chmod 600 @mydatadir@/imapd.cert
383 + cp /dev/null @certsdir@/imapd.key
384 + chmod 600 @certsdir@/imapd.key
385 + cp /dev/null @certsdir@/imapd.cert
386 + chmod 600 @certsdir@/imapd.cert
388 @CERTTOOL@ --generate-privkey --outfile imapd.key
389 @CERTTOOL@ --generate-self-signed --load-privkey imapd.key --outfile imapd.cert --template @sysconfdir@/imapd.cnf
390 diff -urN courier-0.58.0.orig/imap/mkpop3dcert.8.in courier-0.58.0/imap/mkpop3dcert.8.in
391 --- courier-0.58.0.orig/imap/mkpop3dcert.8.in 2007-04-22 20:19:45.000000000 +0200
392 +++ courier-0.58.0/imap/mkpop3dcert.8.in 2008-01-19 23:42:20.199558142 +0100
396 POP3 over SSL requires a valid, signed, X.509 certificate. The default location for the certificate file is
397 -\fI@datadir@/pop3d.pem\fR.
398 +\fI@certsdir@/pop3d.pem\fR.
400 generates a self\-signed X.509 certificate, mainly for testing. For production use the X.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the certificate.
403 -\fI@datadir@/pop3d.pem\fR
404 +\fI@certsdir@/pop3d.pem\fR
405 must be owned by the @mailuser@ user and have no group or world permissions. The
407 command will enforce this. To prevent an unfortunate accident,
410 -\fB@datadir@/pop3d.pem\fR
411 +\fB@certsdir@/pop3d.pem\fR
420 +@certsdir@/pop3d.pem
424 diff -urN courier-0.58.0.orig/imap/mkpop3dcert.html.in courier-0.58.0/imap/mkpop3dcert.html.in
425 --- courier-0.58.0.orig/imap/mkpop3dcert.html.in 2007-04-22 20:19:45.000000000 +0200
426 +++ courier-0.58.0/imap/mkpop3dcert.html.in 2008-01-19 23:42:28.846653207 +0100
428 --></head><body><div class="refentry" lang="en" xml:lang="en"><a id="mkpop3dcert" shape="rect"> </a><div class="titlepage"/><div class="refnamediv"><h2>Name</h2><p>mkpop3dcert — create a test SSL certificate for POP3 over SSL</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">@sbindir@/mkpop3dcert</code> </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id281688" shape="rect"> </a><h2>DESCRIPTION</h2><p>
429 POP3 over SSL requires a valid, signed, X.509 certificate. The default
430 location for the certificate file is
431 -<code class="filename">@datadir@/pop3d.pem</code>.
432 +<code class="filename">@certsdir@/pop3d.pem</code>.
433 <span><strong class="command">mkpop3dcert</strong></span> generates a self-signed X.509 certificate,
436 For production use the X.509 certificate must be signed by a
437 recognized certificate authority, in order for mail clients to accept the
439 -<code class="filename">@datadir@/pop3d.pem</code> must be owned by the
440 +<code class="filename">@certsdir@/pop3d.pem</code> must be owned by the
442 have no group or world permissions.
443 The <span><strong class="command">mkpop3dcert</strong></span> command will
444 enforce this. To prevent an unfortunate accident,
445 <span><strong class="command">mkpop3dcert</strong></span>
446 -will not work if <span><strong class="command">@datadir@/pop3d.pem</strong></span> already exists.</p><p>
447 +will not work if <span><strong class="command">@certsdir@/pop3d.pem</strong></span> already exists.</p><p>
448 <span><strong class="command">mkpop3dcert</strong></span> requires
449 -<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@datadir@/pop3d.pem</span></dt><dd>
450 +<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@certsdir@/pop3d.pem</span></dt><dd>
452 </dd><dt><span class="term">@sysconfdir@/pop3d.cnf</span></dt><dd>
453 Parameters used by OpenSSL to
454 diff -urN courier-0.58.0.orig/imap/mkpop3dcert.in courier-0.58.0/imap/mkpop3dcert.in
455 --- courier-0.58.0.orig/imap/mkpop3dcert.in 2007-11-04 21:53:05.000000000 +0100
456 +++ courier-0.58.0/imap/mkpop3dcert.in 2008-01-19 23:42:50.974416143 +0100
461 -if test -f @mydatadir@/pop3d.pem
462 +if test -f @certsdir@/pop3d.pem
464 - echo "@mydatadir@/pop3d.pem already exists."
465 + echo "@certsdir@/pop3d.pem already exists."
472 - rm -f @mydatadir@/pop3d.pem
473 - rm -f @mydatadir@/pop3d.rand
474 - rm -f @mydatadir@/pop3d.key
475 - rm -f @mydatadir@/pop3d.cert
476 + rm -f @certsdir@/pop3d.pem
477 + rm -f @certsdir@/pop3d.rand
478 + rm -f @certsdir@/pop3d.key
479 + rm -f @certsdir@/pop3d.cert
486 if test "@ssllib@" = "openssl"
488 - cp /dev/null @mydatadir@/pop3d.pem
489 - chmod 600 @mydatadir@/pop3d.pem
490 - chown @mailuser@ @mydatadir@/pop3d.pem
491 + cp /dev/null @certsdir@/pop3d.pem
492 + chmod 600 @certsdir@/pop3d.pem
493 + chown @mailuser@ @certsdir@/pop3d.pem
495 - dd if=@RANDOMV@ of=@mydatadir@/pop3d.rand count=1 2>/dev/null
496 + dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null
497 @OPENSSL@ req -new -x509 -days 365 -nodes \
498 - -config @sysconfdir@/pop3d.cnf -out @mydatadir@/pop3d.pem -keyout @mydatadir@/pop3d.pem || cleanup
499 - @OPENSSL@ gendh -rand @mydatadir@/pop3d.rand 512 >>@mydatadir@/pop3d.pem || cleanup
500 - @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/pop3d.pem || cleanup
501 - rm -f @mydatadir@/pop3d.rand
502 + -config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem || cleanup
503 + @OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem || cleanup
504 + @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem || cleanup
505 + rm -f @certsdir@/pop3d.rand
507 - cp /dev/null @mydatadir@/pop3d.key
508 - chmod 600 @mydatadir@/pop3d.key
509 - cp /dev/null @mydatadir@/pop3d.cert
510 - chmod 600 @mydatadir@/pop3d.cert
511 + cp /dev/null @certsdir@/pop3d.key
512 + chmod 600 @certsdir@/pop3d.key
513 + cp /dev/null @certsdir@/pop3d.cert
514 + chmod 600 @certsdir@/pop3d.cert
516 @CERTTOOL@ --generate-privkey --outfile pop3d.key
517 @CERTTOOL@ --generate-self-signed --load-privkey pop3d.key --outfile pop3d.cert --template @sysconfdir@/pop3d.cnf
518 diff -urN courier-0.58.0.orig/imap/pop3d.cnf.openssl.in courier-0.58.0/imap/pop3d.cnf.openssl.in
519 --- courier-0.58.0.orig/imap/pop3d.cnf.openssl.in 2007-11-04 21:49:58.000000000 +0100
520 +++ courier-0.58.0/imap/pop3d.cnf.openssl.in 2008-01-19 23:43:08.841968023 +0100
523 -RANDFILE = @mydatadir@/pop3d.rand
524 +RANDFILE = @certsdir@/pop3d.rand
528 diff -urN courier-0.58.0.orig/imap/pop3d-ssl.dist.in courier-0.58.0/imap/pop3d-ssl.dist.in
529 --- courier-0.58.0.orig/imap/pop3d-ssl.dist.in 2008-01-19 23:30:56.000000000 +0100
530 +++ courier-0.58.0/imap/pop3d-ssl.dist.in 2008-01-19 23:43:02.304977494 +0100
533 # This is an experimental feature.
535 -TLS_CERTFILE=@mydatadir@/pop3d.pem
536 +TLS_CERTFILE=@certsdir@/pop3d.pem
538 ##NAME: TLS_TRUSTCERTS:0