1 diff -Nur old/configure.in new/configure.in
2 --- old/configure.in 2005-03-01 03:16:43.000000000 +0000
3 +++ new/configure.in 2005-03-04 19:53:15.000000000 +0000
5 eval "localstatedir=$localstatedir"
6 eval "datadir=$datadir"
8 +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
9 +certsdir="$withval", certsdir=$datadir)
13 AC_ARG_WITH(makedatprog, [], ,
14 ac_configure_args="$ac_configure_args --with-makedatprog=${libexecdir}/courier/makedatprog")
16 diff -Nur old/courier/configure.in new/courier/configure.in
17 --- old/courier/configure.in 2005-03-01 03:16:43.000000000 +0000
18 +++ new/courier/configure.in 2005-03-04 19:46:17.000000000 +0000
21 eval "exec_prefix=$exec_prefix"
23 +eval "datadir=$datadir"
25 +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
26 +certsdir="$withval", certsdir=$datadir)
30 MAILDROP="$bindir/maildrop"
32 diff -Nur old/courier/imapd-ssl.rc.in new/courier/imapd-ssl.rc.in
33 --- old/courier/imapd-ssl.rc.in 2005-02-16 23:42:13.000000000 +0000
34 +++ new/courier/imapd-ssl.rc.in 2005-03-04 19:47:54.000000000 +0000
39 + # If we do not have a certificate, make one up.
40 + if [ ! -f @certsdir@/imapd.pem ]; then
41 + @sbindir@/mkimapdcert
45 @ULIMIT@ $IMAP_ULIMITD
46 @SETENV@ -i @SHELL@ -c " set -a ;
47 diff -Nur old/courier/module.esmtp/configure.in new/courier/module.esmtp/configure.in
48 --- old/courier/module.esmtp/configure.in 2004-05-11 00:16:05.000000000 +0000
49 +++ new/courier/module.esmtp/configure.in 2004-05-25 07:46:38.000000000 +0000
51 eval "datadir=$datadir"
52 eval "localstatedir=$localstatedir"
54 +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
55 +certsdir="$withval", certsdir=$datadir)
60 dnl Check what libraries are available
62 diff -Nur old/courier/module.esmtp/esmtpd.cnf.in new/courier/module.esmtp/esmtpd.cnf.in
63 --- old/courier/module.esmtp/esmtpd.cnf.in 2001-08-18 22:18:12.000000000 +0000
64 +++ new/courier/module.esmtp/esmtpd.cnf.in 2004-05-30 22:45:59.000000000 +0000
67 -RANDFILE = @datadir@/esmtpd.rnd
68 +RANDFILE = @certsdir@/esmtpd.rand
72 diff -Nur old/courier/module.esmtp/esmtpd.dist.in new/courier/module.esmtp/esmtpd.dist.in
73 --- old/courier/module.esmtp/esmtpd.dist.in 2004-05-11 00:48:14.000000000 +0000
74 +++ new/courier/module.esmtp/esmtpd.dist.in 2004-07-11 18:09:20.000000000 +0000
76 # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
77 # treated as confidential, and must not be world-readable.
79 -TLS_CERTFILE=@datadir@/esmtpd.pem
80 +TLS_CERTFILE=@certsdir@/esmtpd.pem
82 ##NAME: TLS_CERTINFO:0
84 diff -Nur old/courier/module.esmtp/esmtpd-ssl.dist.in new/courier/module.esmtp/esmtpd-ssl.dist.in
85 --- old/courier/module.esmtp/esmtpd-ssl.dist.in 2004-04-24 19:56:19.000000000 +0000
86 +++ new/courier/module.esmtp/esmtpd-ssl.dist.in 2004-05-24 20:57:52.000000000 +0000
88 # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
89 # treated as confidential, and must not be world-readable.
91 -TLS_CERTFILE=@datadir@/esmtpd.pem
92 +TLS_CERTFILE=@certsdir@/esmtpd.pem
94 ##NAME: TLS_TRUSTCERTS:0
96 diff -Nur old/courier/module.esmtp/esmtpd-ssl.in new/courier/module.esmtp/esmtpd-ssl.in
97 --- old/courier/module.esmtp/esmtpd-ssl.in 2004-05-24 21:24:41.000000000 +0000
98 +++ new/courier/module.esmtp/esmtpd-ssl.in 2004-05-24 21:31:31.000000000 +0000
103 + # If we do not have a certificate, make one up.
104 + if [ ! -f @certsdir@/esmtpd.pem ]; then
105 + @sbindir@/mkesmtpdcert
109 ${sbindir}/couriertcpd -pid=$SSLPIDFILE -stop
110 diff -Nur old/courier/module.esmtp/mkesmtpdcert.in new/courier/module.esmtp/mkesmtpdcert.in
111 --- old/courier/module.esmtp/mkesmtpdcert.in 2000-09-18 17:24:01.000000000 +0000
112 +++ new/courier/module.esmtp/mkesmtpdcert.in 2004-05-25 07:31:21.000000000 +0000
115 test -x @OPENSSL@ || exit 0
117 -if test -f @datadir@/esmtpd.pem
118 +if test -f @certsdir@/esmtpd.pem
120 - echo "@datadir@/esmtpd.pem already exists."
121 + echo "@certsdir@/esmtpd.pem already exists."
125 -cp /dev/null @datadir@/esmtpd.pem
126 -chmod 600 @datadir@/esmtpd.pem
127 -chown @mailuser@ @datadir@/esmtpd.pem
128 +cp /dev/null @certsdir@/esmtpd.pem
129 +chmod 600 @certsdir@/esmtpd.pem
130 +chown @mailuser@ @certsdir@/esmtpd.pem
133 - rm -f @datadir@/esmtpd.rand
134 - rm -f @datadir@/esmtpd.pem
135 + rm -f @certsdir@/esmtpd.rand
136 + rm -f @certsdir@/esmtpd.pem
140 -dd if=@RANDOMV@ of=@datadir@/esmtpd.rand count=1 2>/dev/null
141 +dd if=@RANDOMV@ of=@certsdir@/esmtpd.rand count=1 2>/dev/null
142 @OPENSSL@ req -new -x509 -days 365 -nodes \
143 - -config @sysconfdir@/esmtpd.cnf -out @datadir@/esmtpd.pem -keyout @datadir@/esmtpd.pem || cleanup
144 -@OPENSSL@ gendh -rand @datadir@/esmtpd.rand 512 >>@datadir@/esmtpd.pem || cleanup
145 -@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/esmtpd.pem || cleanup
146 -rm -f @datadir@/esmtpd.rand
147 + -config @sysconfdir@/esmtpd.cnf -out @certsdir@/esmtpd.pem -keyout @certsdir@/esmtpd.pem || cleanup
148 +@OPENSSL@ gendh -rand @certsdir@/esmtpd.rand 512 >>@certsdir@/esmtpd.pem || cleanup
149 +@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/esmtpd.pem || cleanup
150 +rm -f @certsdir@/esmtpd.rand
151 diff -Nur old/courier/pop3d-ssl.in new/courier/pop3d-ssl.in
152 --- old/courier/pop3d-ssl.in 2005-02-16 23:42:13.000000000 +0000
153 +++ new/courier/pop3d-ssl.in 2005-03-04 19:48:23.000000000 +0000
158 + # If we do not have a certificate, make one up.
159 + if [ ! -f @certsdir@/pop3d.pem ]; then
160 + @sbindir@/mkpop3dcert
163 exec @SETENV@ -i PATH="$PATH" SHELL="$SHELL" \
164 @SHELL@ -c " set -a ; \
166 diff -Nur old/courier.sysvinit.in new/courier.sysvinit.in
167 --- old/courier.sysvinit.in 2004-05-02 14:24:06.000000000 +0000
168 +++ new/courier.sysvinit.in 2004-05-24 20:56:37.000000000 +0000
172 libexecdir="@libexecdir@"
174 +certsdir="@certsdir@"
176 if test ! -f ${sysconfdir}/esmtpd
180 # If we do not have a certificate, make one up.
182 - if test ! -f ${datadir}/esmtpd.pem
183 + if test ! -f ${certsdir}/esmtpd.pem
185 if test -x $COURIERTLS
189 # If we do not have a certificate, make one up.
191 - if test ! -f ${datadir}/pop3d.pem
192 + if test ! -f ${certsdir}/pop3d.pem
194 echo -n " generating-POP3-SSL-certificate..."
198 # If we do not have a certificate, make one up.
200 - if test ! -f ${datadir}/imapd.pem
201 + if test ! -f ${certsdir}/imapd.pem
203 echo -n " generating-IMAP-SSL-certificate..."
205 diff -Nur old/imap/configure.in new/imap/configure.in
206 --- old/imap/configure.in 2004-05-16 02:38:13.000000000 +0000
207 +++ new/imap/configure.in 2004-05-25 07:37:24.000000000 +0000
209 eval "sysconfdir=$sysconfdir"
210 eval "localstatedir=$localstatedir"
212 +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
213 +certsdir="$withval", certsdir=$datadir)
218 # Check for PAM configuration flavor
220 diff -Nur old/imap/imapd.cnf.in new/imap/imapd.cnf.in
221 --- old/imap/imapd.cnf.in 2001-03-24 04:59:55.000000000 +0000
222 +++ new/imap/imapd.cnf.in 2004-05-30 22:37:03.000000000 +0000
225 -RANDFILE = @datadir@/imapd.rand
226 +RANDFILE = @certsdir@/imapd.rand
230 diff -Nur old/imap/imapd-ssl.dist.in new/imap/imapd-ssl.dist.in
231 --- old/imap/imapd-ssl.dist.in 2004-01-25 05:40:03.000000000 +0000
232 +++ new/imap/imapd-ssl.dist.in 2004-05-24 20:57:29.000000000 +0000
234 # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
235 # treated as confidential, and must not be world-readable.
237 -TLS_CERTFILE=@datadir@/imapd.pem
238 +TLS_CERTFILE=@certsdir@/imapd.pem
240 ##NAME: TLS_TRUSTCERTS:0
242 diff -Nur old/imap/mkimapdcert.8.in new/imap/mkimapdcert.8.in
243 --- old/imap/mkimapdcert.8.in 2004-01-14 00:51:10.000000000 +0000
244 +++ new/imap/mkimapdcert.8.in 2004-05-25 07:32:16.000000000 +0000
247 IMAP over SSL requires a valid, signed, X.509 certificate. The default
248 location for the certificate file is
249 -\fI@datadir@/imapd.pem\fR\&.
250 +\fI@certsdir@/imapd.pem\fR\&.
251 \fBmkimapdcert\fR generates a self-signed X.509 certificate,
255 recognized certificate authority, in order for mail clients to accept the
258 -\fI@datadir@/imapd.pem\fR must be owned by the
259 +\fI@certsdir@/imapd.pem\fR must be owned by the
261 have no group or world permissions.
262 The \fBmkimapdcert\fR command will
263 enforce this. To prevent an unfortunate accident,
265 -will not work if \fB@datadir@/imapd.pem\fR already exists.
266 +will not work if \fB@certsdir@/imapd.pem\fR already exists.
268 \fBmkimapdcert\fR requires
269 \fBOpenSSL\fR to be installed.
272 -\fB@datadir@/imapd.pem\fR
273 +\fB@certsdir@/imapd.pem\fR
276 \fB@sysconfdir@/imapd.cnf\fR
277 diff -Nur old/imap/mkimapdcert.html.in new/imap/mkimapdcert.html.in
278 --- old/imap/mkimapdcert.html.in 2004-01-14 00:51:16.000000000 +0000
279 +++ new/imap/mkimapdcert.html.in 2004-05-25 07:32:37.000000000 +0000
281 location for the certificate file is
284 ->@datadir@/imapd.pem</TT
285 +>@certsdir@/imapd.pem</TT
293 ->@datadir@/imapd.pem</TT
294 +>@certsdir@/imapd.pem</TT
295 > must be owned by the
297 have no group or world permissions.
302 ->@datadir@/imapd.pem</B
303 +>@certsdir@/imapd.pem</B
311 ->@datadir@/imapd.pem</DT
312 +>@certsdir@/imapd.pem</DT
315 >X.509 certificate.</P
316 diff -Nur old/imap/mkpop3dcert.8.in new/imap/mkpop3dcert.8.in
317 --- old/imap/mkpop3dcert.8.in 2004-01-14 00:51:13.000000000 +0000
318 +++ new/imap/mkpop3dcert.8.in 2004-05-25 07:34:07.000000000 +0000
321 POP3 over SSL requires a valid, signed, X.509 certificate. The default
322 location for the certificate file is
323 -\fI@datadir@/pop3d.pem\fR\&.
324 +\fI@certsdir@/pop3d.pem\fR\&.
325 \fBmkpop3dcert\fR generates a self-signed X.509 certificate,
329 recognized certificate authority, in order for mail clients to accept the
332 -\fI@datadir@/pop3d.pem\fR must be owned by the
333 +\fI@certsdir@/pop3d.pem\fR must be owned by the
335 have no group or world permissions.
336 The \fBmkpop3dcert\fR command will
337 enforce this. To prevent an unfortunate accident,
339 -will not work if \fB@datadir@/pop3d.pem\fR already exists.
340 +will not work if \fB@certsdir@/pop3d.pem\fR already exists.
342 \fBmkpop3dcert\fR requires
343 \fBOpenSSL\fR to be installed.
346 -\fB@datadir@/pop3d.pem\fR
347 +\fB@certsdir@/pop3d.pem\fR
350 \fB@sysconfdir@/pop3d.cnf\fR
351 diff -Nur old/imap/mkpop3dcert.html.in new/imap/mkpop3dcert.html.in
352 --- old/imap/mkpop3dcert.html.in 2004-01-14 00:51:17.000000000 +0000
353 +++ new/imap/mkpop3dcert.html.in 2004-05-25 07:34:26.000000000 +0000
355 location for the certificate file is
358 ->@datadir@/pop3d.pem</TT
359 +>@certsdir@/pop3d.pem</TT
367 ->@datadir@/pop3d.pem</TT
368 +>@certsdir@/pop3d.pem</TT
369 > must be owned by the
371 have no group or world permissions.
376 ->@datadir@/pop3d.pem</B
377 +>@certsdir@/pop3d.pem</B
385 ->@datadir@/pop3d.pem</DT
386 +>@certsdir@/pop3d.pem</DT
389 >X.509 certificate.</P
390 diff -Nur old/imap/pop3d.cnf.in new/imap/pop3d.cnf.in
391 --- old/imap/pop3d.cnf.in 2001-03-24 04:59:55.000000000 +0000
392 +++ new/imap/pop3d.cnf.in 2004-05-30 22:37:10.000000000 +0000
395 -RANDFILE = @datadir@/pop3d.rand
396 +RANDFILE = @certsdir@/pop3d.rand
400 diff -Nur old/imap/pop3d-ssl.dist.in new/imap/pop3d-ssl.dist.in
401 --- old/imap/pop3d-ssl.dist.in 2004-01-25 05:40:04.000000000 +0000
402 +++ new/imap/pop3d-ssl.dist.in 2004-05-24 20:57:32.000000000 +0000
404 # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
405 # treated as confidential, and must not be world-readable.
407 -TLS_CERTFILE=@datadir@/pop3d.pem
408 +TLS_CERTFILE=@certsdir@/pop3d.pem
410 ##NAME: TLS_TRUSTCERTS:0
412 diff -Nur old/imap/mkimapdcert.in new/imap/mkimapdcert.in
413 --- old/imap/mkimapdcert.in 2005-07-02 02:09:09.000000000 +0000
414 +++ new/imap/mkimapdcert.in 2005-08-16 20:55:43.144234624 +0000
419 -if test -f @datadir@/imapd.pem
420 +if test -f @certsdir@/imapd.pem
422 - echo "@datadir@/imapd.pem already exists."
423 + echo "@certsdir@/imapd.pem already exists."
428 -cp /dev/null @datadir@/imapd.pem
429 -chmod 600 @datadir@/imapd.pem
430 -chown @mailuser@ @datadir@/imapd.pem
431 +cp /dev/null @certsdir@/imapd.pem
432 +chmod 600 @certsdir@/imapd.pem
433 +chown @mailuser@ @certsdir@/imapd.pem
436 - rm -f @datadir@/imapd.pem
437 - rm -f @datadir@/imapd.rand
438 + rm -f @certsdir@/imapd.pem
439 + rm -f @certsdir@/imapd.rand
444 -dd if=@RANDOMV@ of=@datadir@/imapd.rand count=1 2>/dev/null
446 +dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null
447 @OPENSSL@ req -new -x509 -days 365 -nodes \
448 - -config @sysconfdir@/imapd.cnf -out @datadir@/imapd.pem -keyout @datadir@/imapd.pem || cleanup
449 -@OPENSSL@ gendh -rand @datadir@/imapd.rand 512 >>@datadir@/imapd.pem || cleanup
450 -@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/imapd.pem || cleanup
451 -rm -f @datadir@/imapd.rand
452 + -config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem || cleanup
453 +@OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem || cleanup
454 +@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem || cleanup
455 +rm -f @certsdir@/imapd.rand
456 diff -Nur old/imap/mkpop3dcert.in new/imap/mkpop3dcert.in
457 --- old/imap/mkpop3dcert.in 2005-07-02 02:09:09.000000000 +0000
458 +++ new/imap/mkpop3dcert.in 2005-08-16 20:55:43.145234472 +0000
463 -if test -f @datadir@/pop3d.pem
464 +if test -f @certsdir@/pop3d.pem
466 - echo "@datadir@/pop3d.pem already exists."
467 + echo "@certsdir@/pop3d.pem already exists."
472 -cp /dev/null @datadir@/pop3d.pem
473 -chmod 600 @datadir@/pop3d.pem
474 -chown @mailuser@ @datadir@/pop3d.pem
475 +cp /dev/null @certsdir@/pop3d.pem
476 +chmod 600 @certsdir@/pop3d.pem
477 +chown @mailuser@ @certsdir@/pop3d.pem
480 - rm -f @datadir@/pop3d.pem
481 - rm -f @datadir@/pop3d.rand
482 + rm -f @certsdir@/pop3d.pem
483 + rm -f @certsdir@/pop3d.rand
487 -dd if=@RANDOMV@ of=@datadir@/pop3d.rand count=1 2>/dev/null
488 +dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null
489 @OPENSSL@ req -new -x509 -days 365 -nodes \
490 - -config @sysconfdir@/pop3d.cnf -out @datadir@/pop3d.pem -keyout @datadir@/pop3d.pem || cleanup
491 -@OPENSSL@ gendh -rand @datadir@/pop3d.rand 512 >>@datadir@/pop3d.pem || cleanup
492 -@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/pop3d.pem || cleanup
493 -rm -f @datadir@/pop3d.rand
494 + -config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem || cleanup
495 +@OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem || cleanup
496 +@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem || cleanup
497 +rm -f @certsdir@/pop3d.rand