]>
Commit | Line | Data |
---|---|---|
5d26edcf | 1 | diff -urN courier-0.58.0.orig/configure.in courier-0.58.0/configure.in |
2 | --- courier-0.58.0.orig/configure.in 2007-11-24 04:25:52.000000000 +0100 | |
3 | +++ courier-0.58.0/configure.in 2008-01-19 23:37:26.428337743 +0100 | |
4 | @@ -70,6 +70,11 @@ | |
c2c7a750 AA |
5 | eval "localstatedir=$localstatedir" |
6 | eval "datadir=$datadir" | |
7 | ||
8 | +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ], | |
69e1f9b1 | 9 | +certsdir="$withval", certsdir=$datadir) |
c2c7a750 AA |
10 | + |
11 | +AC_SUBST(certsdir) | |
12 | + | |
33c18667 AA |
13 | AC_ARG_WITH(makedatprog, [], , |
14 | ac_configure_args="$ac_configure_args --with-makedatprog=${libexecdir}/courier/makedatprog") | |
15 | ||
5d26edcf | 16 | diff -urN courier-0.58.0.orig/courier/configure.in courier-0.58.0/courier/configure.in |
17 | --- courier-0.58.0.orig/courier/configure.in 2007-11-24 04:25:52.000000000 +0100 | |
18 | +++ courier-0.58.0/courier/configure.in 2008-01-19 23:38:38.745253650 +0100 | |
19 | @@ -498,6 +498,12 @@ | |
20 | eval "datarootdir=$datarootdir" | |
c2c7a750 | 21 | eval "bindir=$bindir" |
5d26edcf | 22 | eval "localstatedir=$localstatedir" |
69e1f9b1 AA |
23 | +eval "datadir=$datadir" |
24 | + | |
c2c7a750 | 25 | +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ], |
69e1f9b1 | 26 | +certsdir="$withval", certsdir=$datadir) |
c2c7a750 AA |
27 | + |
28 | +AC_SUBST(certsdir) | |
69e1f9b1 | 29 | |
c2c7a750 AA |
30 | MAILDROP="$bindir/maildrop" |
31 | AC_SUBST(MAILDROP) | |
5d26edcf | 32 | diff -urN courier-0.58.0.orig/courier/imapd-ssl.rc.in courier-0.58.0/courier/imapd-ssl.rc.in |
33 | --- courier-0.58.0.orig/courier/imapd-ssl.rc.in 2008-01-19 23:30:56.000000000 +0100 | |
34 | +++ courier-0.58.0/courier/imapd-ssl.rc.in 2008-01-19 23:37:26.428337743 +0100 | |
c2c7a750 AA |
35 | @@ -28,6 +28,11 @@ |
36 | ||
37 | case $1 in | |
38 | start) | |
33c18667 AA |
39 | + # If we do not have a certificate, make one up. |
40 | + if [ ! -f @certsdir@/imapd.pem ]; then | |
41 | + @sbindir@/mkimapdcert | |
42 | + fi | |
c2c7a750 | 43 | + |
33c18667 AA |
44 | umask $IMAP_UMASK |
45 | @ULIMIT@ $IMAP_ULIMITD | |
46 | @SETENV@ -i @SHELL@ -c " set -a ; | |
5d26edcf | 47 | diff -urN courier-0.58.0.orig/courier/module.esmtp/configure.in courier-0.58.0/courier/module.esmtp/configure.in |
48 | --- courier-0.58.0.orig/courier/module.esmtp/configure.in 2007-11-04 22:17:03.000000000 +0100 | |
49 | +++ courier-0.58.0/courier/module.esmtp/configure.in 2008-01-19 23:37:26.428337743 +0100 | |
50 | @@ -306,6 +306,11 @@ | |
51 | AC_SUBST(mydatadir) # Quell automake warning | |
52 | ||
c2c7a750 AA |
53 | |
54 | +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ], | |
b3795f4c | 55 | +certsdir="$withval", certsdir=$datadir) |
c2c7a750 AA |
56 | + |
57 | +AC_SUBST(certsdir) | |
58 | + | |
59 | dnl | |
60 | dnl Check what libraries are available | |
61 | dnl | |
5d26edcf | 62 | diff -urN courier-0.58.0.orig/courier/module.esmtp/esmtpd.cnf.openssl.in courier-0.58.0/courier/module.esmtp/esmtpd.cnf.openssl.in |
63 | --- courier-0.58.0.orig/courier/module.esmtp/esmtpd.cnf.openssl.in 2007-07-01 17:36:34.000000000 +0200 | |
64 | +++ courier-0.58.0/courier/module.esmtp/esmtpd.cnf.openssl.in 2008-01-19 23:39:34.911369481 +0100 | |
9cae2a57 AA |
65 | @@ -1,5 +1,5 @@ |
66 | ||
5d26edcf | 67 | -RANDFILE = @mydatadir@/esmtpd.rnd |
68 | +RANDFILE = @certsdir@/esmtpd.rnd | |
9cae2a57 AA |
69 | |
70 | [ req ] | |
71 | default_bits = 1024 | |
5d26edcf | 72 | diff -urN courier-0.58.0.orig/courier/module.esmtp/esmtpd.dist.in courier-0.58.0/courier/module.esmtp/esmtpd.dist.in |
73 | --- courier-0.58.0.orig/courier/module.esmtp/esmtpd.dist.in 2007-11-04 22:17:03.000000000 +0100 | |
74 | +++ courier-0.58.0/courier/module.esmtp/esmtpd.dist.in 2008-01-19 23:39:44.028487817 +0100 | |
75 | @@ -233,7 +233,7 @@ | |
3d35ebab | 76 | # |
5d26edcf | 77 | # This is an experimental feature. |
78 | ||
79 | -TLS_CERTFILE=@mydatadir@/esmtpd.pem | |
3d35ebab AA |
80 | +TLS_CERTFILE=@certsdir@/esmtpd.pem |
81 | ||
82 | ##NAME: TLS_CERTINFO:0 | |
83 | # | |
5d26edcf | 84 | diff -urN courier-0.58.0.orig/courier/module.esmtp/esmtpd-ssl.dist.in courier-0.58.0/courier/module.esmtp/esmtpd-ssl.dist.in |
85 | --- courier-0.58.0.orig/courier/module.esmtp/esmtpd-ssl.dist.in 2007-11-04 22:17:03.000000000 +0100 | |
86 | +++ courier-0.58.0/courier/module.esmtp/esmtpd-ssl.dist.in 2008-01-19 23:39:22.684097067 +0100 | |
87 | @@ -256,7 +256,7 @@ | |
c2c7a750 | 88 | # |
5d26edcf | 89 | # This is an experimental feature. |
90 | ||
91 | -TLS_CERTFILE=@mydatadir@/esmtpd.pem | |
c2c7a750 AA |
92 | +TLS_CERTFILE=@certsdir@/esmtpd.pem |
93 | ||
94 | ##NAME: TLS_TRUSTCERTS:0 | |
95 | # | |
5d26edcf | 96 | diff -urN courier-0.58.0.orig/courier/module.esmtp/esmtpd-ssl.in courier-0.58.0/courier/module.esmtp/esmtpd-ssl.in |
97 | --- courier-0.58.0.orig/courier/module.esmtp/esmtpd-ssl.in 2008-01-19 23:30:56.000000000 +0100 | |
98 | +++ courier-0.58.0/courier/module.esmtp/esmtpd-ssl.in 2008-01-19 23:37:26.431671242 +0100 | |
c2c7a750 AA |
99 | @@ -25,6 +25,10 @@ |
100 | ||
101 | case $1 in | |
102 | start) | |
103 | + # If we do not have a certificate, make one up. | |
104 | + if [ ! -f @certsdir@/esmtpd.pem ]; then | |
105 | + @sbindir@/mkesmtpdcert | |
106 | + fi | |
107 | ;; | |
108 | stop) | |
109 | ${sbindir}/couriertcpd -pid=$SSLPIDFILE -stop | |
5d26edcf | 110 | diff -urN courier-0.58.0.orig/courier/module.esmtp/mkesmtpdcert.in courier-0.58.0/courier/module.esmtp/mkesmtpdcert.in |
111 | --- courier-0.58.0.orig/courier/module.esmtp/mkesmtpdcert.in 2007-11-04 22:17:03.000000000 +0100 | |
112 | +++ courier-0.58.0/courier/module.esmtp/mkesmtpdcert.in 2008-01-19 23:40:14.373324466 +0100 | |
113 | @@ -16,38 +16,38 @@ | |
114 | test -x @CERTTOOL@ || exit 0 | |
115 | fi | |
69e1f9b1 | 116 | |
5d26edcf | 117 | -if test -f @mydatadir@/esmtpd.pem |
69e1f9b1 AA |
118 | +if test -f @certsdir@/esmtpd.pem |
119 | then | |
5d26edcf | 120 | - echo "@mydatadir@/esmtpd.pem already exists." |
69e1f9b1 AA |
121 | + echo "@certsdir@/esmtpd.pem already exists." |
122 | exit 1 | |
123 | fi | |
124 | ||
69e1f9b1 | 125 | cleanup() { |
5d26edcf | 126 | - rm -f @mydatadir@/esmtpd.rand |
127 | - rm -f @mydatadir@/esmtpd.pem | |
128 | - rm -f @mydatadir@/esmtpd.key | |
129 | - rm -f @mydatadir@/esmtpd.cert | |
69e1f9b1 AA |
130 | + rm -f @certsdir@/esmtpd.rand |
131 | + rm -f @certsdir@/esmtpd.pem | |
5d26edcf | 132 | + rm -f @certsdir@/esmtpd.key |
133 | + rm -f @certsdir@/esmtpd.cert | |
69e1f9b1 AA |
134 | exit 1 |
135 | } | |
136 | ||
5d26edcf | 137 | -cd @mydatadir@ |
138 | +cd @certsdir@ | |
139 | ||
140 | if test "@ssllib@" = "openssl" | |
141 | then | |
142 | - cp /dev/null @mydatadir@/esmtpd.pem | |
143 | - chmod 600 @mydatadir@/esmtpd.pem | |
144 | - chown @mailuser@ @mydatadir@/esmtpd.pem | |
145 | - dd if=@RANDOMV@ of=@mydatadir@/esmtpd.rand count=1 2>/dev/null | |
146 | + cp /dev/null @certsdir@/esmtpd.pem | |
147 | + chmod 600 @certsdir@/esmtpd.pem | |
148 | + chown @mailuser@ @certsdir@/esmtpd.pem | |
149 | + dd if=@RANDOMV@ of=@certsdir@/esmtpd.rand count=1 2>/dev/null | |
150 | @OPENSSL@ req -new -x509 -days 365 -nodes \ | |
151 | - -config @sysconfdir@/esmtpd.cnf -out @mydatadir@/esmtpd.pem -keyout @mydatadir@/esmtpd.pem || cleanup | |
152 | - @OPENSSL@ gendh -rand @mydatadir@/esmtpd.rand 512 >>@mydatadir@/esmtpd.pem || cleanup | |
153 | - @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/esmtpd.pem || cleanup | |
154 | - rm -f @mydatadir@/esmtpd.rand | |
155 | + -config @sysconfdir@/esmtpd.cnf -out @certsdir@/esmtpd.pem -keyout @certsdir@/esmtpd.pem || cleanup | |
156 | + @OPENSSL@ gendh -rand @certsdir@/esmtpd.rand 512 >>@certsdir@/esmtpd.pem || cleanup | |
157 | + @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/esmtpd.pem || cleanup | |
158 | + rm -f @certsdir@/esmtpd.rand | |
159 | else | |
160 | - cp /dev/null @mydatadir@/esmtpd.key | |
161 | - chmod 600 @mydatadir@/esmtpd.key | |
162 | - cp /dev/null @mydatadir@/esmtpd.cert | |
163 | - chmod 600 @mydatadir@/esmtpd.cert | |
164 | + cp /dev/null @certsdir@/esmtpd.key | |
165 | + chmod 600 @certsdir@/esmtpd.key | |
166 | + cp /dev/null @certsdir@/esmtpd.cert | |
167 | + chmod 600 @certsdir@/esmtpd.cert | |
168 | ||
169 | @CERTTOOL@ --generate-privkey --outfile esmtpd.key | |
170 | @CERTTOOL@ --generate-self-signed --load-privkey esmtpd.key --outfile esmtpd.cert --template @sysconfdir@/esmtpd.cnf | |
171 | diff -urN courier-0.58.0.orig/courier/pop3d-ssl.in courier-0.58.0/courier/pop3d-ssl.in | |
172 | --- courier-0.58.0.orig/courier/pop3d-ssl.in 2008-01-19 23:30:56.000000000 +0100 | |
173 | +++ courier-0.58.0/courier/pop3d-ssl.in 2008-01-19 23:37:26.431671242 +0100 | |
c2c7a750 AA |
174 | @@ -29,6 +29,11 @@ |
175 | ||
176 | case $1 in | |
177 | start) | |
33c18667 AA |
178 | + # If we do not have a certificate, make one up. |
179 | + if [ ! -f @certsdir@/pop3d.pem ]; then | |
180 | + @sbindir@/mkpop3dcert | |
181 | + fi | |
c2c7a750 | 182 | + |
33c18667 AA |
183 | exec @SETENV@ -i PATH="$PATH" SHELL="$SHELL" \ |
184 | @SHELL@ -c " set -a ; \ | |
185 | prefix=@prefix@ ; \ | |
5d26edcf | 186 | diff -urN courier-0.58.0.orig/courier.sysvinit.in courier-0.58.0/courier.sysvinit.in |
187 | --- courier-0.58.0.orig/courier.sysvinit.in 2008-01-19 23:30:56.000000000 +0100 | |
188 | +++ courier-0.58.0/courier.sysvinit.in 2008-01-19 23:37:26.431671242 +0100 | |
189 | @@ -18,7 +18,7 @@ | |
c2c7a750 AA |
190 | sbindir="@sbindir@" |
191 | bindir="@bindir@" | |
192 | libexecdir="@libexecdir@" | |
193 | -datadir="@datadir@" | |
194 | +certsdir="@certsdir@" | |
195 | ||
196 | if test ! -f ${sysconfdir}/esmtpd | |
197 | then | |
5d26edcf | 198 | @@ -85,7 +85,7 @@ |
c2c7a750 AA |
199 | then |
200 | # If we do not have a certificate, make one up. | |
201 | ||
202 | - if test ! -f ${datadir}/esmtpd.pem | |
203 | + if test ! -f ${certsdir}/esmtpd.pem | |
204 | then | |
205 | if test -x $COURIERTLS | |
206 | then | |
5d26edcf | 207 | @@ -152,7 +152,7 @@ |
c2c7a750 AA |
208 | then |
209 | # If we do not have a certificate, make one up. | |
210 | ||
211 | - if test ! -f ${datadir}/pop3d.pem | |
212 | + if test ! -f ${certsdir}/pop3d.pem | |
213 | then | |
214 | echo -n " generating-POP3-SSL-certificate..." | |
215 | ||
5d26edcf | 216 | @@ -182,7 +182,7 @@ |
c2c7a750 AA |
217 | then |
218 | # If we do not have a certificate, make one up. | |
219 | ||
220 | - if test ! -f ${datadir}/imapd.pem | |
221 | + if test ! -f ${certsdir}/imapd.pem | |
222 | then | |
223 | echo -n " generating-IMAP-SSL-certificate..." | |
224 | ||
5d26edcf | 225 | diff -urN courier-0.58.0.orig/imap/configure.in courier-0.58.0/imap/configure.in |
226 | --- courier-0.58.0.orig/imap/configure.in 2007-11-24 04:23:13.000000000 +0100 | |
227 | +++ courier-0.58.0/imap/configure.in 2008-01-19 23:37:26.435004741 +0100 | |
228 | @@ -300,6 +300,11 @@ | |
229 | mydatadir="$datadir" | |
230 | AC_SUBST(mydatadir) # Avoid useless autoconf warning | |
c2c7a750 AA |
231 | |
232 | +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ], | |
69e1f9b1 | 233 | +certsdir="$withval", certsdir=$datadir) |
c2c7a750 AA |
234 | + |
235 | +AC_SUBST(certsdir) | |
236 | + | |
237 | # | |
238 | # Check for PAM configuration flavor | |
239 | ||
5d26edcf | 240 | diff -urN courier-0.58.0.orig/imap/imapd.cnf.openssl.in courier-0.58.0/imap/imapd.cnf.openssl.in |
241 | --- courier-0.58.0.orig/imap/imapd.cnf.openssl.in 2007-11-04 21:49:58.000000000 +0100 | |
242 | +++ courier-0.58.0/imap/imapd.cnf.openssl.in 2008-01-19 23:40:41.287991189 +0100 | |
9cae2a57 AA |
243 | @@ -1,5 +1,5 @@ |
244 | ||
5d26edcf | 245 | -RANDFILE = @mydatadir@/imapd.rand |
9cae2a57 AA |
246 | +RANDFILE = @certsdir@/imapd.rand |
247 | ||
248 | [ req ] | |
249 | default_bits = 1024 | |
5d26edcf | 250 | diff -urN courier-0.58.0.orig/imap/imapd-ssl.dist.in courier-0.58.0/imap/imapd-ssl.dist.in |
251 | --- courier-0.58.0.orig/imap/imapd-ssl.dist.in 2008-01-19 23:30:56.000000000 +0100 | |
252 | +++ courier-0.58.0/imap/imapd-ssl.dist.in 2008-01-19 23:40:36.037731086 +0100 | |
253 | @@ -254,7 +254,7 @@ | |
c2c7a750 | 254 | # |
5d26edcf | 255 | # This is an experimental feature. |
256 | ||
257 | -TLS_CERTFILE=@mydatadir@/imapd.pem | |
c2c7a750 AA |
258 | +TLS_CERTFILE=@certsdir@/imapd.pem |
259 | ||
260 | ##NAME: TLS_TRUSTCERTS:0 | |
261 | # | |
5d26edcf | 262 | diff -urN courier-0.58.0.orig/imap/mkimapdcert.8.in courier-0.58.0/imap/mkimapdcert.8.in |
263 | --- courier-0.58.0.orig/imap/mkimapdcert.8.in 2007-04-22 20:19:43.000000000 +0200 | |
264 | +++ courier-0.58.0/imap/mkimapdcert.8.in 2008-01-19 23:41:04.485807114 +0100 | |
265 | @@ -21,18 +21,18 @@ | |
266 | .SH "DESCRIPTION" | |
69e1f9b1 | 267 | .PP |
468ee817 | 268 | IMAP over SSL requires a valid, signed, X\.509 certificate\. The default location for the certificate file is |
269 | -\fI@datadir@/imapd\.pem\fR\. | |
270 | +\fI@certsdir@/imapd\.pem\fR\. | |
69e1f9b1 | 271 | \fBmkimapdcert\fR |
468ee817 | 272 | generates a self\-signed X\.509 certificate, mainly for testing\. For production use the X\.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the certificate\. |
69e1f9b1 | 273 | .PP |
5d26edcf | 274 | |
468ee817 | 275 | -\fI@datadir@/imapd\.pem\fR |
276 | +\fI@certsdir@/imapd\.pem\fR | |
277 | must be owned by the @mailuser@ user and have no group or world permissions\. The | |
5d26edcf | 278 | \fBmkimapdcert\fR |
468ee817 | 279 | command will enforce this\. To prevent an unfortunate accident, |
5d26edcf | 280 | \fBmkimapdcert\fR |
281 | will not work if | |
468ee817 | 282 | -\fB@datadir@/imapd\.pem\fR |
283 | +\fB@certsdir@/imapd\.pem\fR | |
284 | already exists\. | |
69e1f9b1 | 285 | .PP |
5d26edcf | 286 | |
287 | @@ -42,7 +42,7 @@ | |
468ee817 | 288 | to be installed\. |
5d26edcf | 289 | .SH "FILES" |
290 | .PP | |
468ee817 | 291 | -@datadir@/imapd\.pem |
292 | +@certsdir@/imapd\.pem | |
5d26edcf | 293 | .RS 4 |
468ee817 | 294 | X\.509 certificate\. |
5d26edcf | 295 | .RE |
296 | diff -urN courier-0.58.0.orig/imap/mkimapdcert.html.in courier-0.58.0/imap/mkimapdcert.html.in | |
297 | --- courier-0.58.0.orig/imap/mkimapdcert.html.in 2007-04-22 20:19:42.000000000 +0200 | |
298 | +++ courier-0.58.0/imap/mkimapdcert.html.in 2008-01-19 23:41:31.457143328 +0100 | |
299 | @@ -7,22 +7,22 @@ | |
468ee817 | 300 | --></head><body><div class="refentry" lang="en" xml:lang="en"><a id="mkimapdcert" shape="rect"> </a><div class="titlepage"/><div class="refnamediv"><h2>Name</h2><p>mkimapdcert — create a test SSL certificate for IMAP over SSL</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">@sbindir@/mkimapdcert</code> </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id572113" shape="rect"> </a><h2>DESCRIPTION</h2><p> |
5d26edcf | 301 | IMAP over SSL requires a valid, signed, X.509 certificate. The default |
69e1f9b1 | 302 | location for the certificate file is |
5d26edcf | 303 | -<code class="filename">@datadir@/imapd.pem</code>. |
304 | +<code class="filename">@certsdir@/imapd.pem</code>. | |
468ee817 | 305 | <span class="command"><strong>mkimapdcert</strong></span> generates a self-signed X.509 certificate, |
69e1f9b1 AA |
306 | mainly for |
307 | testing. | |
5d26edcf | 308 | For production use the X.509 certificate must be signed by a |
69e1f9b1 | 309 | recognized certificate authority, in order for mail clients to accept the |
5d26edcf | 310 | certificate.</p><p> |
311 | -<code class="filename">@datadir@/imapd.pem</code> must be owned by the | |
312 | +<code class="filename">@certsdir@/imapd.pem</code> must be owned by the | |
69e1f9b1 AA |
313 | @mailuser@ user and |
314 | have no group or world permissions. | |
468ee817 | 315 | The <span class="command"><strong>mkimapdcert</strong></span> command will |
69e1f9b1 | 316 | enforce this. To prevent an unfortunate accident, |
468ee817 | 317 | <span class="command"><strong>mkimapdcert</strong></span> |
318 | -will not work if <span class="command"><strong>@datadir@/imapd.pem</strong></span> already exists.</p><p> | |
319 | +will not work if <span class="command"><strong>@certsdir@/imapd.pem</strong></span> already exists.</p><p> | |
320 | <span class="command"><strong>mkimapdcert</strong></span> requires | |
321 | -<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id574718" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@datadir@/imapd.pem</span></dt><dd> | |
322 | +<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id574718" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@certsdir@/imapd.pem</span></dt><dd> | |
69e1f9b1 | 323 | X.509 certificate. |
5d26edcf | 324 | </dd><dt><span class="term">@sysconfdir@/imapd.cnf</span></dt><dd> |
325 | Parameters used by OpenSSL to | |
326 | diff -urN courier-0.58.0.orig/imap/mkimapdcert.in courier-0.58.0/imap/mkimapdcert.in | |
327 | --- courier-0.58.0.orig/imap/mkimapdcert.in 2007-11-04 21:53:05.000000000 +0100 | |
328 | +++ courier-0.58.0/imap/mkimapdcert.in 2008-01-19 23:42:07.038906129 +0100 | |
329 | @@ -18,41 +18,41 @@ | |
f7e6e3e9 AA |
330 | |
331 | prefix="@prefix@" | |
332 | ||
5d26edcf | 333 | -if test -f @mydatadir@/imapd.pem |
f7e6e3e9 AA |
334 | +if test -f @certsdir@/imapd.pem |
335 | then | |
5d26edcf | 336 | - echo "@mydatadir@/imapd.pem already exists." |
f7e6e3e9 AA |
337 | + echo "@certsdir@/imapd.pem already exists." |
338 | exit 1 | |
339 | fi | |
340 | ||
341 | umask 077 | |
f7e6e3e9 AA |
342 | |
343 | cleanup() { | |
5d26edcf | 344 | - rm -f @mydatadir@/imapd.pem |
345 | - rm -f @mydatadir@/imapd.rand | |
346 | - rm -f @mydatadir@/imapd.key | |
347 | - rm -f @mydatadir@/imapd.cert | |
f7e6e3e9 AA |
348 | + rm -f @certsdir@/imapd.pem |
349 | + rm -f @certsdir@/imapd.rand | |
5d26edcf | 350 | + rm -f @certsdir@/imapd.key |
351 | + rm -f @certsdir@/imapd.cert | |
f7e6e3e9 AA |
352 | exit 1 |
353 | } | |
354 | ||
5d26edcf | 355 | -cd @mydatadir@ |
f7e6e3e9 | 356 | +cd @certsdir@ |
5d26edcf | 357 | |
358 | if test "@ssllib@" = "openssl" | |
359 | then | |
360 | - cp /dev/null @mydatadir@/imapd.pem | |
361 | - chmod 600 @mydatadir@/imapd.pem | |
362 | - chown @mailuser@ @mydatadir@/imapd.pem | |
363 | + cp /dev/null @certsdir@/imapd.pem | |
364 | + chmod 600 @certsdir@/imapd.pem | |
365 | + chown @mailuser@ @certsdir@/imapd.pem | |
366 | ||
367 | - dd if=@RANDOMV@ of=@mydatadir@/imapd.rand count=1 2>/dev/null | |
368 | + dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null | |
369 | @OPENSSL@ req -new -x509 -days 365 -nodes \ | |
370 | - -config @sysconfdir@/imapd.cnf -out @mydatadir@/imapd.pem -keyout @mydatadir@/imapd.pem || cleanup | |
371 | - @OPENSSL@ gendh -rand @mydatadir@/imapd.rand 512 >>@mydatadir@/imapd.pem || cleanup | |
372 | - @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/imapd.pem || cleanup | |
373 | - rm -f @mydatadir@/imapd.rand | |
374 | + -config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem || cleanup | |
375 | + @OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem || cleanup | |
376 | + @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem || cleanup | |
377 | + rm -f @certsdir@/imapd.rand | |
378 | else | |
379 | - cp /dev/null @mydatadir@/imapd.key | |
380 | - chmod 600 @mydatadir@/imapd.key | |
381 | - cp /dev/null @mydatadir@/imapd.cert | |
382 | - chmod 600 @mydatadir@/imapd.cert | |
383 | + cp /dev/null @certsdir@/imapd.key | |
384 | + chmod 600 @certsdir@/imapd.key | |
385 | + cp /dev/null @certsdir@/imapd.cert | |
386 | + chmod 600 @certsdir@/imapd.cert | |
387 | ||
388 | @CERTTOOL@ --generate-privkey --outfile imapd.key | |
389 | @CERTTOOL@ --generate-self-signed --load-privkey imapd.key --outfile imapd.cert --template @sysconfdir@/imapd.cnf | |
390 | diff -urN courier-0.58.0.orig/imap/mkpop3dcert.8.in courier-0.58.0/imap/mkpop3dcert.8.in | |
391 | --- courier-0.58.0.orig/imap/mkpop3dcert.8.in 2007-04-22 20:19:45.000000000 +0200 | |
392 | +++ courier-0.58.0/imap/mkpop3dcert.8.in 2008-01-19 23:42:20.199558142 +0100 | |
393 | @@ -21,18 +21,18 @@ | |
394 | .SH "DESCRIPTION" | |
395 | .PP | |
468ee817 | 396 | POP3 over SSL requires a valid, signed, X\.509 certificate\. The default location for the certificate file is |
397 | -\fI@datadir@/pop3d\.pem\fR\. | |
398 | +\fI@certsdir@/pop3d\.pem\fR\. | |
5d26edcf | 399 | \fBmkpop3dcert\fR |
468ee817 | 400 | generates a self\-signed X\.509 certificate, mainly for testing\. For production use the X\.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the certificate\. |
5d26edcf | 401 | .PP |
402 | ||
468ee817 | 403 | -\fI@datadir@/pop3d\.pem\fR |
404 | +\fI@certsdir@/pop3d\.pem\fR | |
405 | must be owned by the @mailuser@ user and have no group or world permissions\. The | |
5d26edcf | 406 | \fBmkpop3dcert\fR |
468ee817 | 407 | command will enforce this\. To prevent an unfortunate accident, |
5d26edcf | 408 | \fBmkpop3dcert\fR |
409 | will not work if | |
468ee817 | 410 | -\fB@datadir@/pop3d\.pem\fR |
411 | +\fB@certsdir@/pop3d\.pem\fR | |
412 | already exists\. | |
5d26edcf | 413 | .PP |
414 | ||
415 | @@ -42,7 +42,7 @@ | |
468ee817 | 416 | to be installed\. |
5d26edcf | 417 | .SH "FILES" |
418 | .PP | |
468ee817 | 419 | -@datadir@/pop3d\.pem |
420 | +@certsdir@/pop3d\.pem | |
5d26edcf | 421 | .RS 4 |
468ee817 | 422 | X\.509 certificate\. |
5d26edcf | 423 | .RE |
424 | diff -urN courier-0.58.0.orig/imap/mkpop3dcert.html.in courier-0.58.0/imap/mkpop3dcert.html.in | |
425 | --- courier-0.58.0.orig/imap/mkpop3dcert.html.in 2007-04-22 20:19:45.000000000 +0200 | |
426 | +++ courier-0.58.0/imap/mkpop3dcert.html.in 2008-01-19 23:42:28.846653207 +0100 | |
427 | @@ -7,22 +7,22 @@ | |
468ee817 | 428 | --></head><body><div class="refentry" lang="en" xml:lang="en"><a id="mkpop3dcert" shape="rect"> </a><div class="titlepage"/><div class="refnamediv"><h2>Name</h2><p>mkpop3dcert — create a test SSL certificate for POP3 over SSL</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">@sbindir@/mkpop3dcert</code> </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id327377" shape="rect"> </a><h2>DESCRIPTION</h2><p> |
5d26edcf | 429 | POP3 over SSL requires a valid, signed, X.509 certificate. The default |
430 | location for the certificate file is | |
431 | -<code class="filename">@datadir@/pop3d.pem</code>. | |
432 | +<code class="filename">@certsdir@/pop3d.pem</code>. | |
468ee817 | 433 | <span class="command"><strong>mkpop3dcert</strong></span> generates a self-signed X.509 certificate, |
5d26edcf | 434 | mainly for |
435 | testing. | |
436 | For production use the X.509 certificate must be signed by a | |
437 | recognized certificate authority, in order for mail clients to accept the | |
438 | certificate.</p><p> | |
439 | -<code class="filename">@datadir@/pop3d.pem</code> must be owned by the | |
440 | +<code class="filename">@certsdir@/pop3d.pem</code> must be owned by the | |
441 | @mailuser@ user and | |
442 | have no group or world permissions. | |
468ee817 | 443 | The <span class="command"><strong>mkpop3dcert</strong></span> command will |
5d26edcf | 444 | enforce this. To prevent an unfortunate accident, |
468ee817 | 445 | <span class="command"><strong>mkpop3dcert</strong></span> |
446 | -will not work if <span class="command"><strong>@datadir@/pop3d.pem</strong></span> already exists.</p><p> | |
447 | +will not work if <span class="command"><strong>@certsdir@/pop3d.pem</strong></span> already exists.</p><p> | |
448 | <span class="command"><strong>mkpop3dcert</strong></span> requires | |
449 | -<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id329982" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@datadir@/pop3d.pem</span></dt><dd> | |
450 | +<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id329982" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@certsdir@/pop3d.pem</span></dt><dd> | |
5d26edcf | 451 | X.509 certificate. |
452 | </dd><dt><span class="term">@sysconfdir@/pop3d.cnf</span></dt><dd> | |
453 | Parameters used by OpenSSL to | |
454 | diff -urN courier-0.58.0.orig/imap/mkpop3dcert.in courier-0.58.0/imap/mkpop3dcert.in | |
455 | --- courier-0.58.0.orig/imap/mkpop3dcert.in 2007-11-04 21:53:05.000000000 +0100 | |
456 | +++ courier-0.58.0/imap/mkpop3dcert.in 2008-01-19 23:42:50.974416143 +0100 | |
457 | @@ -18,41 +18,41 @@ | |
69e1f9b1 AA |
458 | |
459 | prefix="@prefix@" | |
460 | ||
5d26edcf | 461 | -if test -f @mydatadir@/pop3d.pem |
69e1f9b1 AA |
462 | +if test -f @certsdir@/pop3d.pem |
463 | then | |
5d26edcf | 464 | - echo "@mydatadir@/pop3d.pem already exists." |
69e1f9b1 AA |
465 | + echo "@certsdir@/pop3d.pem already exists." |
466 | exit 1 | |
467 | fi | |
468 | ||
f7e6e3e9 | 469 | umask 077 |
69e1f9b1 AA |
470 | |
471 | cleanup() { | |
5d26edcf | 472 | - rm -f @mydatadir@/pop3d.pem |
473 | - rm -f @mydatadir@/pop3d.rand | |
474 | - rm -f @mydatadir@/pop3d.key | |
475 | - rm -f @mydatadir@/pop3d.cert | |
69e1f9b1 AA |
476 | + rm -f @certsdir@/pop3d.pem |
477 | + rm -f @certsdir@/pop3d.rand | |
5d26edcf | 478 | + rm -f @certsdir@/pop3d.key |
479 | + rm -f @certsdir@/pop3d.cert | |
69e1f9b1 AA |
480 | exit 1 |
481 | } | |
482 | ||
5d26edcf | 483 | -cd @mydatadir@ |
484 | +cd @certsdir@ | |
485 | ||
486 | if test "@ssllib@" = "openssl" | |
487 | then | |
488 | - cp /dev/null @mydatadir@/pop3d.pem | |
489 | - chmod 600 @mydatadir@/pop3d.pem | |
490 | - chown @mailuser@ @mydatadir@/pop3d.pem | |
491 | + cp /dev/null @certsdir@/pop3d.pem | |
492 | + chmod 600 @certsdir@/pop3d.pem | |
493 | + chown @mailuser@ @certsdir@/pop3d.pem | |
494 | ||
495 | - dd if=@RANDOMV@ of=@mydatadir@/pop3d.rand count=1 2>/dev/null | |
496 | + dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null | |
497 | @OPENSSL@ req -new -x509 -days 365 -nodes \ | |
498 | - -config @sysconfdir@/pop3d.cnf -out @mydatadir@/pop3d.pem -keyout @mydatadir@/pop3d.pem || cleanup | |
499 | - @OPENSSL@ gendh -rand @mydatadir@/pop3d.rand 512 >>@mydatadir@/pop3d.pem || cleanup | |
500 | - @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/pop3d.pem || cleanup | |
501 | - rm -f @mydatadir@/pop3d.rand | |
502 | + -config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem || cleanup | |
503 | + @OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem || cleanup | |
504 | + @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem || cleanup | |
505 | + rm -f @certsdir@/pop3d.rand | |
506 | else | |
507 | - cp /dev/null @mydatadir@/pop3d.key | |
508 | - chmod 600 @mydatadir@/pop3d.key | |
509 | - cp /dev/null @mydatadir@/pop3d.cert | |
510 | - chmod 600 @mydatadir@/pop3d.cert | |
511 | + cp /dev/null @certsdir@/pop3d.key | |
512 | + chmod 600 @certsdir@/pop3d.key | |
513 | + cp /dev/null @certsdir@/pop3d.cert | |
514 | + chmod 600 @certsdir@/pop3d.cert | |
515 | ||
516 | @CERTTOOL@ --generate-privkey --outfile pop3d.key | |
517 | @CERTTOOL@ --generate-self-signed --load-privkey pop3d.key --outfile pop3d.cert --template @sysconfdir@/pop3d.cnf | |
518 | diff -urN courier-0.58.0.orig/imap/pop3d.cnf.openssl.in courier-0.58.0/imap/pop3d.cnf.openssl.in | |
519 | --- courier-0.58.0.orig/imap/pop3d.cnf.openssl.in 2007-11-04 21:49:58.000000000 +0100 | |
520 | +++ courier-0.58.0/imap/pop3d.cnf.openssl.in 2008-01-19 23:43:08.841968023 +0100 | |
521 | @@ -1,5 +1,5 @@ | |
522 | ||
523 | -RANDFILE = @mydatadir@/pop3d.rand | |
524 | +RANDFILE = @certsdir@/pop3d.rand | |
525 | ||
526 | [ req ] | |
527 | default_bits = 1024 | |
528 | diff -urN courier-0.58.0.orig/imap/pop3d-ssl.dist.in courier-0.58.0/imap/pop3d-ssl.dist.in | |
529 | --- courier-0.58.0.orig/imap/pop3d-ssl.dist.in 2008-01-19 23:30:56.000000000 +0100 | |
530 | +++ courier-0.58.0/imap/pop3d-ssl.dist.in 2008-01-19 23:43:02.304977494 +0100 | |
531 | @@ -241,7 +241,7 @@ | |
532 | # | |
533 | # This is an experimental feature. | |
534 | ||
535 | -TLS_CERTFILE=@mydatadir@/pop3d.pem | |
536 | +TLS_CERTFILE=@certsdir@/pop3d.pem | |
537 | ||
538 | ##NAME: TLS_TRUSTCERTS:0 | |
539 | # |