1 diff -Nur old/configure.in new/configure.in
2 --- old/configure.in 2004-05-16 02:40:19.000000000 +0000
3 +++ new/configure.in 2004-05-25 07:37:13.000000000 +0000
5 eval "localstatedir=$localstatedir"
6 eval "datadir=$datadir"
8 +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
9 +certsdir="$withval", certsdir=$datadir)
14 -- see INSTALL, or courier/doc/install.html for configuration options -- ], ,
15 ac_configure_args="$ac_configure_args --with-userdb=${sysconfdir}/userdb")
16 diff -Nur old/courier/configure.in new/courier/configure.in
17 --- old/courier/configure.in 2004-05-02 14:59:42.000000000 +0000
18 +++ new/courier/configure.in 2004-05-25 07:38:14.000000000 +0000
21 eval "exec_prefix=$exec_prefix"
23 +eval "datadir=$datadir"
25 +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
26 +certsdir="$withval", certsdir=$datadir)
30 MAILDROP="$bindir/maildrop"
32 diff -Nur old/courier/imapd-ssl.rc.in new/courier/imapd-ssl.rc.in
33 --- old/courier/imapd-ssl.rc.in 2004-05-24 21:25:19.000000000 +0000
34 +++ new/courier/imapd-ssl.rc.in 2004-05-24 21:32:29.000000000 +0000
39 + # If we do not have a certificate, make one up.
40 + if [ ! -f @certsdir@/imapd.pem ]; then
41 + @sbindir@/mkimapdcert
45 for f in `echo $AUTHMODULES`
47 diff -Nur old/courier/module.esmtp/configure.in new/courier/module.esmtp/configure.in
48 --- old/courier/module.esmtp/configure.in 2004-05-11 00:16:05.000000000 +0000
49 +++ new/courier/module.esmtp/configure.in 2004-05-25 07:37:36.000000000 +0000
51 eval "datadir=$datadir"
52 eval "localstatedir=$localstatedir"
54 +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
55 +certsdir="$withval", certsdir=$datadir
60 dnl Check what libraries are available
62 diff -Nur old/courier/module.esmtp/esmtpd-ssl.dist.in new/courier/module.esmtp/esmtpd-ssl.dist.in
63 --- old/courier/module.esmtp/esmtpd-ssl.dist.in 2004-04-24 19:56:19.000000000 +0000
64 +++ new/courier/module.esmtp/esmtpd-ssl.dist.in 2004-05-24 20:57:52.000000000 +0000
66 # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
67 # treated as confidential, and must not be world-readable.
69 -TLS_CERTFILE=@datadir@/esmtpd.pem
70 +TLS_CERTFILE=@certsdir@/esmtpd.pem
72 ##NAME: TLS_TRUSTCERTS:0
74 diff -Nur old/courier/module.esmtp/esmtpd-ssl.in new/courier/module.esmtp/esmtpd-ssl.in
75 --- old/courier/module.esmtp/esmtpd-ssl.in 2004-05-24 21:24:41.000000000 +0000
76 +++ new/courier/module.esmtp/esmtpd-ssl.in 2004-05-24 21:31:31.000000000 +0000
81 + # If we do not have a certificate, make one up.
82 + if [ ! -f @certsdir@/esmtpd.pem ]; then
83 + @sbindir@/mkesmtpdcert
87 ${sbindir}/couriertcpd -pid=$SSLPIDFILE -stop
88 diff -Nur old/courier/module.esmtp/mkesmtpdcert.in new/courier/module.esmtp/mkesmtpdcert.in
89 --- old/courier/module.esmtp/mkesmtpdcert.in 2000-09-18 17:24:01.000000000 +0000
90 +++ new/courier/module.esmtp/mkesmtpdcert.in 2004-05-25 07:31:21.000000000 +0000
93 test -x @OPENSSL@ || exit 0
95 -if test -f @datadir@/esmtpd.pem
96 +if test -f @certsdir@/esmtpd.pem
98 - echo "@datadir@/esmtpd.pem already exists."
99 + echo "@certsdir@/esmtpd.pem already exists."
103 -cp /dev/null @datadir@/esmtpd.pem
104 -chmod 600 @datadir@/esmtpd.pem
105 -chown @mailuser@ @datadir@/esmtpd.pem
106 +cp /dev/null @certsdir@/esmtpd.pem
107 +chmod 600 @certsdir@/esmtpd.pem
108 +chown @mailuser@ @certsdir@/esmtpd.pem
111 - rm -f @datadir@/esmtpd.rand
112 - rm -f @datadir@/esmtpd.pem
113 + rm -f @certsdir@/esmtpd.rand
114 + rm -f @certsdir@/esmtpd.pem
118 -dd if=@RANDOMV@ of=@datadir@/esmtpd.rand count=1 2>/dev/null
119 +dd if=@RANDOMV@ of=@certsdir@/esmtpd.rand count=1 2>/dev/null
120 @OPENSSL@ req -new -x509 -days 365 -nodes \
121 - -config @sysconfdir@/esmtpd.cnf -out @datadir@/esmtpd.pem -keyout @datadir@/esmtpd.pem || cleanup
122 -@OPENSSL@ gendh -rand @datadir@/esmtpd.rand 512 >>@datadir@/esmtpd.pem || cleanup
123 -@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/esmtpd.pem || cleanup
124 -rm -f @datadir@/esmtpd.rand
125 + -config @sysconfdir@/esmtpd.cnf -out @certsdir@/esmtpd.pem -keyout @certsdir@/esmtpd.pem || cleanup
126 +@OPENSSL@ gendh -rand @certsdir@/esmtpd.rand 512 >>@certsdir@/esmtpd.pem || cleanup
127 +@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/esmtpd.pem || cleanup
128 +rm -f @certsdir@/esmtpd.rand
129 diff -Nur old/courier/pop3d-ssl.in new/courier/pop3d-ssl.in
130 --- old/courier/pop3d-ssl.in 2004-05-24 21:25:31.000000000 +0000
131 +++ new/courier/pop3d-ssl.in 2004-05-24 21:33:05.000000000 +0000
136 + # If we do not have a certificate, make one up.
137 + if [ ! -f @certsdir@/pop3d.pem ]; then
138 + @sbindir@/mkpop3dcert
142 for f in `echo $AUTHMODULES`
144 diff -Nur old/courier.sysvinit.in new/courier.sysvinit.in
145 --- old/courier.sysvinit.in 2004-05-02 14:24:06.000000000 +0000
146 +++ new/courier.sysvinit.in 2004-05-24 20:56:37.000000000 +0000
150 libexecdir="@libexecdir@"
152 +certsdir="@certsdir@"
154 if test ! -f ${sysconfdir}/esmtpd
158 # If we do not have a certificate, make one up.
160 - if test ! -f ${datadir}/esmtpd.pem
161 + if test ! -f ${certsdir}/esmtpd.pem
163 if test -x $COURIERTLS
167 # If we do not have a certificate, make one up.
169 - if test ! -f ${datadir}/pop3d.pem
170 + if test ! -f ${certsdir}/pop3d.pem
172 echo -n " generating-POP3-SSL-certificate..."
176 # If we do not have a certificate, make one up.
178 - if test ! -f ${datadir}/imapd.pem
179 + if test ! -f ${certsdir}/imapd.pem
181 echo -n " generating-IMAP-SSL-certificate..."
183 diff -Nur old/imap/configure.in new/imap/configure.in
184 --- old/imap/configure.in 2004-05-16 02:38:13.000000000 +0000
185 +++ new/imap/configure.in 2004-05-25 07:37:24.000000000 +0000
187 eval "sysconfdir=$sysconfdir"
188 eval "localstatedir=$localstatedir"
190 +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
191 +certsdir="$withval", certsdir=$datadir)
196 # Check for PAM configuration flavor
198 diff -Nur old/imap/imapd-ssl.dist.in new/imap/imapd-ssl.dist.in
199 --- old/imap/imapd-ssl.dist.in 2004-01-25 05:40:03.000000000 +0000
200 +++ new/imap/imapd-ssl.dist.in 2004-05-24 20:57:29.000000000 +0000
202 # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
203 # treated as confidential, and must not be world-readable.
205 -TLS_CERTFILE=@datadir@/imapd.pem
206 +TLS_CERTFILE=@certsdir@/imapd.pem
208 ##NAME: TLS_TRUSTCERTS:0
210 diff -Nur old/imap/mkimapdcert.8.in new/imap/mkimapdcert.8.in
211 --- old/imap/mkimapdcert.8.in 2004-01-14 00:51:10.000000000 +0000
212 +++ new/imap/mkimapdcert.8.in 2004-05-25 07:32:16.000000000 +0000
215 IMAP over SSL requires a valid, signed, X.509 certificate. The default
216 location for the certificate file is
217 -\fI@datadir@/imapd.pem\fR\&.
218 +\fI@certsdir@/imapd.pem\fR\&.
219 \fBmkimapdcert\fR generates a self-signed X.509 certificate,
223 recognized certificate authority, in order for mail clients to accept the
226 -\fI@datadir@/imapd.pem\fR must be owned by the
227 +\fI@certsdir@/imapd.pem\fR must be owned by the
229 have no group or world permissions.
230 The \fBmkimapdcert\fR command will
231 enforce this. To prevent an unfortunate accident,
233 -will not work if \fB@datadir@/imapd.pem\fR already exists.
234 +will not work if \fB@certsdir@/imapd.pem\fR already exists.
236 \fBmkimapdcert\fR requires
237 \fBOpenSSL\fR to be installed.
240 -\fB@datadir@/imapd.pem\fR
241 +\fB@certsdir@/imapd.pem\fR
244 \fB@sysconfdir@/imapd.cnf\fR
245 diff -Nur old/imap/mkimapdcert.html.in new/imap/mkimapdcert.html.in
246 --- old/imap/mkimapdcert.html.in 2004-01-14 00:51:16.000000000 +0000
247 +++ new/imap/mkimapdcert.html.in 2004-05-25 07:32:37.000000000 +0000
249 location for the certificate file is
252 ->@datadir@/imapd.pem</TT
253 +>@certsdir@/imapd.pem</TT
261 ->@datadir@/imapd.pem</TT
262 +>@certsdir@/imapd.pem</TT
263 > must be owned by the
265 have no group or world permissions.
270 ->@datadir@/imapd.pem</B
271 +>@certsdir@/imapd.pem</B
279 ->@datadir@/imapd.pem</DT
280 +>@certsdir@/imapd.pem</DT
283 >X.509 certificate.</P
284 diff -Nur old/imap/mkimapdcert.in new/imap/mkimapdcert.in
285 --- old/imap/mkimapdcert.in 2001-08-26 16:16:42.000000000 +0000
286 +++ new/imap/mkimapdcert.in 2004-05-25 07:33:42.000000000 +0000
291 -if test -f @datadir@/imapd.pem
292 +if test -f @certsdir@/imapd.pem
294 - echo "@datadir@/imapd.pem already exists."
295 + echo "@certsdir@/imapd.pem already exists."
299 -cp /dev/null @datadir@/imapd.pem
300 -chmod 600 @datadir@/imapd.pem
301 -chown @mailuser@ @datadir@/imapd.pem
302 +cp /dev/null @certsdir@/imapd.pem
303 +chmod 600 @certsdir@/imapd.pem
304 +chown @mailuser@ @certsdir@/imapd.pem
307 - rm -f @datadir@/imapd.pem
308 - rm -f @datadir@/imapd.rand
309 + rm -f @certsdir@/imapd.pem
310 + rm -f @certsdir@/imapd.rand
315 -dd if=@RANDOMV@ of=@datadir@/imapd.rand count=1 2>/dev/null
317 +dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null
318 @OPENSSL@ req -new -x509 -days 365 -nodes \
319 - -config @sysconfdir@/imapd.cnf -out @datadir@/imapd.pem -keyout @datadir@/imapd.pem || cleanup
320 -@OPENSSL@ gendh -rand @datadir@/imapd.rand 512 >>@datadir@/imapd.pem || cleanup
321 -@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/imapd.pem || cleanup
322 -rm -f @datadir@/imapd.rand
323 + -config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem || cleanup
324 +@OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem || cleanup
325 +@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem || cleanup
326 +rm -f @certsdir@/imapd.rand
327 diff -Nur old/imap/mkpop3dcert.8.in new/imap/mkpop3dcert.8.in
328 --- old/imap/mkpop3dcert.8.in 2004-01-14 00:51:13.000000000 +0000
329 +++ new/imap/mkpop3dcert.8.in 2004-05-25 07:34:07.000000000 +0000
332 POP3 over SSL requires a valid, signed, X.509 certificate. The default
333 location for the certificate file is
334 -\fI@datadir@/pop3d.pem\fR\&.
335 +\fI@certsdir@/pop3d.pem\fR\&.
336 \fBmkpop3dcert\fR generates a self-signed X.509 certificate,
340 recognized certificate authority, in order for mail clients to accept the
343 -\fI@datadir@/pop3d.pem\fR must be owned by the
344 +\fI@certsdir@/pop3d.pem\fR must be owned by the
346 have no group or world permissions.
347 The \fBmkpop3dcert\fR command will
348 enforce this. To prevent an unfortunate accident,
350 -will not work if \fB@datadir@/pop3d.pem\fR already exists.
351 +will not work if \fB@certsdir@/pop3d.pem\fR already exists.
353 \fBmkpop3dcert\fR requires
354 \fBOpenSSL\fR to be installed.
357 -\fB@datadir@/pop3d.pem\fR
358 +\fB@certsdir@/pop3d.pem\fR
361 \fB@sysconfdir@/pop3d.cnf\fR
362 diff -Nur old/imap/mkpop3dcert.html.in new/imap/mkpop3dcert.html.in
363 --- old/imap/mkpop3dcert.html.in 2004-01-14 00:51:17.000000000 +0000
364 +++ new/imap/mkpop3dcert.html.in 2004-05-25 07:34:26.000000000 +0000
366 location for the certificate file is
369 ->@datadir@/pop3d.pem</TT
370 +>@certsdir@/pop3d.pem</TT
378 ->@datadir@/pop3d.pem</TT
379 +>@certsdir@/pop3d.pem</TT
380 > must be owned by the
382 have no group or world permissions.
387 ->@datadir@/pop3d.pem</B
388 +>@certsdir@/pop3d.pem</B
396 ->@datadir@/pop3d.pem</DT
397 +>@certsdir@/pop3d.pem</DT
400 >X.509 certificate.</P
401 diff -Nur old/imap/mkpop3dcert.in new/imap/mkpop3dcert.in
402 --- old/imap/mkpop3dcert.in 2000-10-06 17:50:37.000000000 +0000
403 +++ new/imap/mkpop3dcert.in 2004-05-25 07:35:23.000000000 +0000
408 -if test -f @datadir@/pop3d.pem
409 +if test -f @certsdir@/pop3d.pem
411 - echo "@datadir@/pop3d.pem already exists."
412 + echo "@certsdir@/pop3d.pem already exists."
416 -cp /dev/null @datadir@/pop3d.pem
417 -chmod 600 @datadir@/pop3d.pem
418 -chown @mailuser@ @datadir@/pop3d.pem
419 +cp /dev/null @certsdir@/pop3d.pem
420 +chmod 600 @certsdir@/pop3d.pem
421 +chown @mailuser@ @certsdir@/pop3d.pem
424 - rm -f @datadir@/pop3d.pem
425 - rm -f @datadir@/pop3d.rand
426 + rm -f @certsdir@/pop3d.pem
427 + rm -f @certsdir@/pop3d.rand
431 -dd if=@RANDOMV@ of=@datadir@/pop3d.rand count=1 2>/dev/null
432 +dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null
433 @OPENSSL@ req -new -x509 -days 365 -nodes \
434 - -config @sysconfdir@/pop3d.cnf -out @datadir@/pop3d.pem -keyout @datadir@/pop3d.pem || cleanup
435 -@OPENSSL@ gendh -rand @datadir@/pop3d.rand 512 >>@datadir@/pop3d.pem || cleanup
436 -@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/pop3d.pem || cleanup
437 -rm -f @datadir@/pop3d.rand
438 + -config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem || cleanup
439 +@OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem || cleanup
440 +@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem || cleanup
441 +rm -f @certsdir@/pop3d.rand
442 diff -Nur old/imap/pop3d-ssl.dist.in new/imap/pop3d-ssl.dist.in
443 --- old/imap/pop3d-ssl.dist.in 2004-01-25 05:40:04.000000000 +0000
444 +++ new/imap/pop3d-ssl.dist.in 2004-05-24 20:57:32.000000000 +0000
446 # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
447 # treated as confidential, and must not be world-readable.
449 -TLS_CERTFILE=@datadir@/pop3d.pem
450 +TLS_CERTFILE=@certsdir@/pop3d.pem
452 ##NAME: TLS_TRUSTCERTS:0