diff -Nur old/configure.in new/configure.in
--- old/configure.in 2005-03-01 03:16:43.000000000 +0000
+++ new/configure.in 2005-03-04 19:53:15.000000000 +0000
@@ -58,6 +58,11 @@
eval "localstatedir=$localstatedir"
eval "datadir=$datadir"
+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
+certsdir="$withval", certsdir=$datadir)
+
+AC_SUBST(certsdir)
+
AC_ARG_WITH(makedatprog, [], ,
ac_configure_args="$ac_configure_args --with-makedatprog=${libexecdir}/courier/makedatprog")
diff -Nur old/courier/configure.in new/courier/configure.in
--- old/courier/configure.in 2005-03-01 03:16:43.000000000 +0000
+++ new/courier/configure.in 2005-03-04 19:46:17.000000000 +0000
@@ -462,6 +462,12 @@
eval "exec_prefix=$exec_prefix"
eval "bindir=$bindir"
+eval "datadir=$datadir"
+
+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
+certsdir="$withval", certsdir=$datadir)
+
+AC_SUBST(certsdir)
MAILDROP="$bindir/maildrop"
AC_SUBST(MAILDROP)
diff -Nur old/courier/imapd-ssl.rc.in new/courier/imapd-ssl.rc.in
--- old/courier/imapd-ssl.rc.in 2005-02-16 23:42:13.000000000 +0000
+++ new/courier/imapd-ssl.rc.in 2005-03-04 19:47:54.000000000 +0000
@@ -28,6 +28,11 @@
case $1 in
start)
+ # If we do not have a certificate, make one up.
+ if [ ! -f @certsdir@/imapd.pem ]; then
+ @sbindir@/mkimapdcert
+ fi
+
umask $IMAP_UMASK
@ULIMIT@ $IMAP_ULIMITD
@SETENV@ -i @SHELL@ -c " set -a ;
diff -Nur old/courier/module.esmtp/configure.in new/courier/module.esmtp/configure.in
--- old/courier/module.esmtp/configure.in 2004-05-11 00:16:05.000000000 +0000
+++ new/courier/module.esmtp/configure.in 2004-05-25 07:46:38.000000000 +0000
@@ -300,6 +300,11 @@
eval "datadir=$datadir"
eval "localstatedir=$localstatedir"
+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
+certsdir="$withval", certsdir=$datadir)
+
+AC_SUBST(certsdir)
+
dnl
dnl Check what libraries are available
dnl
diff -Nur old/courier/module.esmtp/esmtpd.cnf.in new/courier/module.esmtp/esmtpd.cnf.in
--- old/courier/module.esmtp/esmtpd.cnf.in 2001-08-18 22:18:12.000000000 +0000
+++ new/courier/module.esmtp/esmtpd.cnf.in 2004-05-30 22:45:59.000000000 +0000
@@ -1,5 +1,5 @@
-RANDFILE = @datadir@/esmtpd.rnd
+RANDFILE = @certsdir@/esmtpd.rand
[ req ]
default_bits = 1024
diff -Nur old/courier/module.esmtp/esmtpd.dist.in new/courier/module.esmtp/esmtpd.dist.in
--- old/courier/module.esmtp/esmtpd.dist.in 2004-05-11 00:48:14.000000000 +0000
+++ new/courier/module.esmtp/esmtpd.dist.in 2004-07-11 18:09:20.000000000 +0000
@@ -143,7 +143,7 @@
# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
# treated as confidential, and must not be world-readable.
#
-TLS_CERTFILE=@datadir@/esmtpd.pem
+TLS_CERTFILE=@certsdir@/esmtpd.pem
##NAME: TLS_CERTINFO:0
#
diff -Nur old/courier/module.esmtp/esmtpd-ssl.dist.in new/courier/module.esmtp/esmtpd-ssl.dist.in
--- old/courier/module.esmtp/esmtpd-ssl.dist.in 2004-04-24 19:56:19.000000000 +0000
+++ new/courier/module.esmtp/esmtpd-ssl.dist.in 2004-05-24 20:57:52.000000000 +0000
@@ -168,7 +168,7 @@
# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
# treated as confidential, and must not be world-readable.
#
-TLS_CERTFILE=@datadir@/esmtpd.pem
+TLS_CERTFILE=@certsdir@/esmtpd.pem
##NAME: TLS_TRUSTCERTS:0
#
diff -Nur old/courier/module.esmtp/esmtpd-ssl.in new/courier/module.esmtp/esmtpd-ssl.in
--- old/courier/module.esmtp/esmtpd-ssl.in 2004-05-24 21:24:41.000000000 +0000
+++ new/courier/module.esmtp/esmtpd-ssl.in 2004-05-24 21:31:31.000000000 +0000
@@ -25,6 +25,10 @@
case $1 in
start)
+ # If we do not have a certificate, make one up.
+ if [ ! -f @certsdir@/esmtpd.pem ]; then
+ @sbindir@/mkesmtpdcert
+ fi
;;
stop)
${sbindir}/couriertcpd -pid=$SSLPIDFILE -stop
diff -Nur old/courier/module.esmtp/mkesmtpdcert.in new/courier/module.esmtp/mkesmtpdcert.in
--- old/courier/module.esmtp/mkesmtpdcert.in 2000-09-18 17:24:01.000000000 +0000
+++ new/courier/module.esmtp/mkesmtpdcert.in 2004-05-25 07:31:21.000000000 +0000
@@ -11,25 +11,25 @@
test -x @OPENSSL@ || exit 0
-if test -f @datadir@/esmtpd.pem
+if test -f @certsdir@/esmtpd.pem
then
- echo "@datadir@/esmtpd.pem already exists."
+ echo "@certsdir@/esmtpd.pem already exists."
exit 1
fi
-cp /dev/null @datadir@/esmtpd.pem
-chmod 600 @datadir@/esmtpd.pem
-chown @mailuser@ @datadir@/esmtpd.pem
+cp /dev/null @certsdir@/esmtpd.pem
+chmod 600 @certsdir@/esmtpd.pem
+chown @mailuser@ @certsdir@/esmtpd.pem
cleanup() {
- rm -f @datadir@/esmtpd.rand
- rm -f @datadir@/esmtpd.pem
+ rm -f @certsdir@/esmtpd.rand
+ rm -f @certsdir@/esmtpd.pem
exit 1
}
-dd if=@RANDOMV@ of=@datadir@/esmtpd.rand count=1 2>/dev/null
+dd if=@RANDOMV@ of=@certsdir@/esmtpd.rand count=1 2>/dev/null
@OPENSSL@ req -new -x509 -days 365 -nodes \
- -config @sysconfdir@/esmtpd.cnf -out @datadir@/esmtpd.pem -keyout @datadir@/esmtpd.pem || cleanup
-@OPENSSL@ gendh -rand @datadir@/esmtpd.rand 512 >>@datadir@/esmtpd.pem || cleanup
-@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/esmtpd.pem || cleanup
-rm -f @datadir@/esmtpd.rand
+ -config @sysconfdir@/esmtpd.cnf -out @certsdir@/esmtpd.pem -keyout @certsdir@/esmtpd.pem || cleanup
+@OPENSSL@ gendh -rand @certsdir@/esmtpd.rand 512 >>@certsdir@/esmtpd.pem || cleanup
+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/esmtpd.pem || cleanup
+rm -f @certsdir@/esmtpd.rand
diff -Nur old/courier/pop3d-ssl.in new/courier/pop3d-ssl.in
--- old/courier/pop3d-ssl.in 2005-02-16 23:42:13.000000000 +0000
+++ new/courier/pop3d-ssl.in 2005-03-04 19:48:23.000000000 +0000
@@ -29,6 +29,11 @@
case $1 in
start)
+ # If we do not have a certificate, make one up.
+ if [ ! -f @certsdir@/pop3d.pem ]; then
+ @sbindir@/mkpop3dcert
+ fi
+
exec @SETENV@ -i PATH="$PATH" SHELL="$SHELL" \
@SHELL@ -c " set -a ; \
prefix=@prefix@ ; \
diff -Nur old/courier.sysvinit.in new/courier.sysvinit.in
--- old/courier.sysvinit.in 2004-05-02 14:24:06.000000000 +0000
+++ new/courier.sysvinit.in 2004-05-24 20:56:37.000000000 +0000
@@ -14,7 +14,7 @@
sbindir="@sbindir@"
bindir="@bindir@"
libexecdir="@libexecdir@"
-datadir="@datadir@"
+certsdir="@certsdir@"
if test ! -f ${sysconfdir}/esmtpd
then
@@ -82,7 +82,7 @@
then
# If we do not have a certificate, make one up.
- if test ! -f ${datadir}/esmtpd.pem
+ if test ! -f ${certsdir}/esmtpd.pem
then
if test -x $COURIERTLS
then
@@ -149,7 +149,7 @@
then
# If we do not have a certificate, make one up.
- if test ! -f ${datadir}/pop3d.pem
+ if test ! -f ${certsdir}/pop3d.pem
then
echo -n " generating-POP3-SSL-certificate..."
@@ -179,7 +179,7 @@
then
# If we do not have a certificate, make one up.
- if test ! -f ${datadir}/imapd.pem
+ if test ! -f ${certsdir}/imapd.pem
then
echo -n " generating-IMAP-SSL-certificate..."
diff -Nur old/imap/configure.in new/imap/configure.in
--- old/imap/configure.in 2004-05-16 02:38:13.000000000 +0000
+++ new/imap/configure.in 2004-05-25 07:37:24.000000000 +0000
@@ -283,6 +283,11 @@
eval "sysconfdir=$sysconfdir"
eval "localstatedir=$localstatedir"
+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
+certsdir="$withval", certsdir=$datadir)
+
+AC_SUBST(certsdir)
+
#
# Check for PAM configuration flavor
diff -Nur old/imap/imapd.cnf.in new/imap/imapd.cnf.in
--- old/imap/imapd.cnf.in 2001-03-24 04:59:55.000000000 +0000
+++ new/imap/imapd.cnf.in 2004-05-30 22:37:03.000000000 +0000
@@ -1,5 +1,5 @@
-RANDFILE = @datadir@/imapd.rand
+RANDFILE = @certsdir@/imapd.rand
[ req ]
default_bits = 1024
diff -Nur old/imap/imapd-ssl.dist.in new/imap/imapd-ssl.dist.in
--- old/imap/imapd-ssl.dist.in 2004-01-25 05:40:03.000000000 +0000
+++ new/imap/imapd-ssl.dist.in 2004-05-24 20:57:29.000000000 +0000
@@ -146,7 +146,7 @@
# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
# treated as confidential, and must not be world-readable.
#
-TLS_CERTFILE=@datadir@/imapd.pem
+TLS_CERTFILE=@certsdir@/imapd.pem
##NAME: TLS_TRUSTCERTS:0
#
diff -Nur old/imap/mkimapdcert.8.in new/imap/mkimapdcert.8.in
--- old/imap/mkimapdcert.8.in 2004-01-14 00:51:10.000000000 +0000
+++ new/imap/mkimapdcert.8.in 2004-05-25 07:32:16.000000000 +0000
@@ -18,7 +18,7 @@
.PP
IMAP over SSL requires a valid, signed, X.509 certificate. The default
location for the certificate file is
-\fI@datadir@/imapd.pem\fR\&.
+\fI@certsdir@/imapd.pem\fR\&.
\fBmkimapdcert\fR generates a self-signed X.509 certificate,
mainly for
testing.
@@ -26,19 +26,19 @@
recognized certificate authority, in order for mail clients to accept the
certificate.
.PP
-\fI@datadir@/imapd.pem\fR must be owned by the
+\fI@certsdir@/imapd.pem\fR must be owned by the
@mailuser@ user and
have no group or world permissions.
The \fBmkimapdcert\fR command will
enforce this. To prevent an unfortunate accident,
\fBmkimapdcert\fR
-will not work if \fB@datadir@/imapd.pem\fR already exists.
+will not work if \fB@certsdir@/imapd.pem\fR already exists.
.PP
\fBmkimapdcert\fR requires
\fBOpenSSL\fR to be installed.
.SH "FILES"
.TP
-\fB@datadir@/imapd.pem\fR
+\fB@certsdir@/imapd.pem\fR
X.509 certificate.
.TP
\fB@sysconfdir@/imapd.cnf\fR
diff -Nur old/imap/mkimapdcert.html.in new/imap/mkimapdcert.html.in
--- old/imap/mkimapdcert.html.in 2004-01-14 00:51:16.000000000 +0000
+++ new/imap/mkimapdcert.html.in 2004-05-25 07:32:37.000000000 +0000
@@ -57,7 +57,7 @@
location for the certificate file is
@datadir@/imapd.pem@certsdir@/imapd.pem.
@datadir@/imapd.pem@certsdir@/imapd.pem must be owned by the
@mailuser@ user and
have no group or world permissions.
@@ -86,7 +86,7 @@
>
will not work if @datadir@/imapd.pem@certsdir@/imapd.pem already exists.
- @datadir@/imapd.pem
@certsdir@/imapd.pemX.509 certificate.
@datadir@/pop3d.pem@certsdir@/pop3d.pem.
@datadir@/pop3d.pem@certsdir@/pop3d.pem must be owned by the
@mailuser@ user and
have no group or world permissions.
@@ -86,7 +86,7 @@
>
will not work if @datadir@/pop3d.pem@certsdir@/pop3d.pem
already exists.
- @datadir@/pop3d.pem
@certsdir@/pop3d.pemX.509 certificate.
/dev/null
+cd @certsdir@
+dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null
@OPENSSL@ req -new -x509 -days 365 -nodes \
- -config @sysconfdir@/imapd.cnf -out @datadir@/imapd.pem -keyout @datadir@/imapd.pem || cleanup
-@OPENSSL@ gendh -rand @datadir@/imapd.rand 512 >>@datadir@/imapd.pem || cleanup
-@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/imapd.pem || cleanup
-rm -f @datadir@/imapd.rand
+ -config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem || cleanup
+@OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem || cleanup
+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem || cleanup
+rm -f @certsdir@/imapd.rand
diff -Nur old/imap/mkpop3dcert.in new/imap/mkpop3dcert.in
--- old/imap/mkpop3dcert.in 2005-07-02 02:09:09.000000000 +0000
+++ new/imap/mkpop3dcert.in 2005-08-16 20:55:43.145234472 +0000
@@ -13,26 +13,26 @@
prefix="@prefix@"
-if test -f @datadir@/pop3d.pem
+if test -f @certsdir@/pop3d.pem
then
- echo "@datadir@/pop3d.pem already exists."
+ echo "@certsdir@/pop3d.pem already exists."
exit 1
fi
umask 077
-cp /dev/null @datadir@/pop3d.pem
-chmod 600 @datadir@/pop3d.pem
-chown @mailuser@ @datadir@/pop3d.pem
+cp /dev/null @certsdir@/pop3d.pem
+chmod 600 @certsdir@/pop3d.pem
+chown @mailuser@ @certsdir@/pop3d.pem
cleanup() {
- rm -f @datadir@/pop3d.pem
- rm -f @datadir@/pop3d.rand
+ rm -f @certsdir@/pop3d.pem
+ rm -f @certsdir@/pop3d.rand
exit 1
}
-dd if=@RANDOMV@ of=@datadir@/pop3d.rand count=1 2>/dev/null
+dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null
@OPENSSL@ req -new -x509 -days 365 -nodes \
- -config @sysconfdir@/pop3d.cnf -out @datadir@/pop3d.pem -keyout @datadir@/pop3d.pem || cleanup
-@OPENSSL@ gendh -rand @datadir@/pop3d.rand 512 >>@datadir@/pop3d.pem || cleanup
-@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/pop3d.pem || cleanup
-rm -f @datadir@/pop3d.rand
+ -config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem || cleanup
+@OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem || cleanup
+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem || cleanup
+rm -f @certsdir@/pop3d.rand