[packages/courier.git] / courier-certs.patch

diff -Nur old/configure.in new/configure.in
--- old/configure.in	2004-05-16 02:40:19.000000000 +0000
+++ new/configure.in	2004-05-25 07:37:13.000000000 +0000
@@ -58,6 +58,11 @@
 eval "localstatedir=$localstatedir"
 eval "datadir=$datadir"
 
+AC_ARG_WITH(certsdir, [  --with-certsdir Directory where certs are created ],
+certsdir="$withval", certsdir=$datadir)
+
+AC_SUBST(certsdir)
+
 AC_ARG_WITH(userdb, [
 -- see INSTALL, or courier/doc/install.html for configuration options -- ], ,
 	ac_configure_args="$ac_configure_args --with-userdb=${sysconfdir}/userdb")
diff -Nur old/courier/configure.in new/courier/configure.in
--- old/courier/configure.in	2004-05-02 14:59:42.000000000 +0000
+++ new/courier/configure.in	2004-05-25 07:38:14.000000000 +0000
@@ -575,6 +575,12 @@
 
 eval "exec_prefix=$exec_prefix"
 eval "bindir=$bindir"
+eval "datadir=$datadir"
+
+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
+certsdir="$withval", certsdir=$datadir)
+
+AC_SUBST(certsdir)
 
 MAILDROP="$bindir/maildrop"
 AC_SUBST(MAILDROP)
diff -Nur old/courier/imapd-ssl.rc.in new/courier/imapd-ssl.rc.in
--- old/courier/imapd-ssl.rc.in	2004-05-24 21:25:19.000000000 +0000
+++ new/courier/imapd-ssl.rc.in	2004-05-24 21:32:29.000000000 +0000
@@ -28,6 +28,11 @@
 
 case $1 in
 start)
+	# If we do not have a certificate, make one up.
+	if [ ! -f @certsdir@/imapd.pem ]; then
+	@sbindir@/mkimapdcert
+	fi
+
 	LIBAUTHMODULES=""
 	for f in `echo $AUTHMODULES`
 	do
diff -Nur old/courier/module.esmtp/configure.in new/courier/module.esmtp/configure.in
--- old/courier/module.esmtp/configure.in	2004-05-11 00:16:05.000000000 +0000
+++ new/courier/module.esmtp/configure.in	2004-05-25 07:37:36.000000000 +0000
@@ -300,6 +300,11 @@
 eval "datadir=$datadir"
 eval "localstatedir=$localstatedir"
 
+AC_ARG_WITH(certsdir, [  --with-certsdir Directory where certs are created ],
+certsdir="$withval", certsdir=$datadir
+
+AC_SUBST(certsdir)
+
 dnl
 dnl  Check what libraries are available
 dnl
diff -Nur old/courier/module.esmtp/esmtpd-ssl.dist.in new/courier/module.esmtp/esmtpd-ssl.dist.in
--- old/courier/module.esmtp/esmtpd-ssl.dist.in	2004-04-24 19:56:19.000000000 +0000
+++ new/courier/module.esmtp/esmtpd-ssl.dist.in	2004-05-24 20:57:52.000000000 +0000
@@ -168,7 +168,7 @@
 # servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
 # treated as confidential, and must not be world-readable.
 #
-TLS_CERTFILE=@datadir@/esmtpd.pem
+TLS_CERTFILE=@certsdir@/esmtpd.pem
 
 ##NAME: TLS_TRUSTCERTS:0
 #
diff -Nur old/courier/module.esmtp/esmtpd-ssl.in new/courier/module.esmtp/esmtpd-ssl.in
--- old/courier/module.esmtp/esmtpd-ssl.in	2004-05-24 21:24:41.000000000 +0000
+++ new/courier/module.esmtp/esmtpd-ssl.in	2004-05-24 21:31:31.000000000 +0000
@@ -25,6 +25,10 @@
 
 case $1 in
 start)
+	# If we do not have a certificate, make one up.
+	if [ ! -f @certsdir@/esmtpd.pem ]; then
+	@sbindir@/mkesmtpdcert
+	fi
 	;;
 stop)
 	${sbindir}/couriertcpd -pid=$SSLPIDFILE -stop
diff -Nur old/courier/module.esmtp/mkesmtpdcert.in new/courier/module.esmtp/mkesmtpdcert.in
--- old/courier/module.esmtp/mkesmtpdcert.in	2000-09-18 17:24:01.000000000 +0000
+++ new/courier/module.esmtp/mkesmtpdcert.in	2004-05-25 07:31:21.000000000 +0000
@@ -11,25 +11,25 @@
 
 test -x @OPENSSL@ || exit 0
 
-if test -f @datadir@/esmtpd.pem
+if test -f @certsdir@/esmtpd.pem
 then
-	echo "@datadir@/esmtpd.pem already exists."
+	echo "@certsdir@/esmtpd.pem already exists."
 	exit 1
 fi
 
-cp /dev/null @datadir@/esmtpd.pem
-chmod 600 @datadir@/esmtpd.pem
-chown @mailuser@ @datadir@/esmtpd.pem
+cp /dev/null @certsdir@/esmtpd.pem
+chmod 600 @certsdir@/esmtpd.pem
+chown @mailuser@ @certsdir@/esmtpd.pem
 
 cleanup() {
-	rm -f @datadir@/esmtpd.rand
-	rm -f @datadir@/esmtpd.pem
+	rm -f @certsdir@/esmtpd.rand
+	rm -f @certsdir@/esmtpd.pem
 	exit 1
 }
 
-dd if=@RANDOMV@ of=@datadir@/esmtpd.rand count=1 2>/dev/null
+dd if=@RANDOMV@ of=@certsdir@/esmtpd.rand count=1 2>/dev/null
 @OPENSSL@ req -new -x509 -days 365 -nodes \
-	-config @sysconfdir@/esmtpd.cnf -out @datadir@/esmtpd.pem -keyout @datadir@/esmtpd.pem || cleanup
-@OPENSSL@ gendh -rand @datadir@/esmtpd.rand 512 >>@datadir@/esmtpd.pem || cleanup
-@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/esmtpd.pem || cleanup
-rm -f @datadir@/esmtpd.rand
+	-config @sysconfdir@/esmtpd.cnf -out @certsdir@/esmtpd.pem -keyout @certsdir@/esmtpd.pem || cleanup
+@OPENSSL@ gendh -rand @certsdir@/esmtpd.rand 512 >>@certsdir@/esmtpd.pem || cleanup
+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/esmtpd.pem || cleanup
+rm -f @certsdir@/esmtpd.rand
diff -Nur old/courier/pop3d-ssl.in new/courier/pop3d-ssl.in
--- old/courier/pop3d-ssl.in	2004-05-24 21:25:31.000000000 +0000
+++ new/courier/pop3d-ssl.in	2004-05-24 21:33:05.000000000 +0000
@@ -29,6 +29,11 @@
 
 case $1 in
 start)
+	# If we do not have a certificate, make one up.
+	if [ ! -f @certsdir@/pop3d.pem ]; then
+	@sbindir@/mkpop3dcert
+	fi
+
 	LIBAUTHMODULES=""
 	for f in `echo $AUTHMODULES`
 	do
diff -Nur old/courier.sysvinit.in new/courier.sysvinit.in
--- old/courier.sysvinit.in	2004-05-02 14:24:06.000000000 +0000
+++ new/courier.sysvinit.in	2004-05-24 20:56:37.000000000 +0000
@@ -14,7 +14,7 @@
 sbindir="@sbindir@"
 bindir="@bindir@"
 libexecdir="@libexecdir@"
-datadir="@datadir@"
+certsdir="@certsdir@"
 
 if test ! -f ${sysconfdir}/esmtpd
 then
@@ -82,7 +82,7 @@
 	then
 # If we do not have a certificate, make one up.
 
-		if test ! -f ${datadir}/esmtpd.pem
+		if test ! -f ${certsdir}/esmtpd.pem
 		then
 			if test -x $COURIERTLS
 			then
@@ -149,7 +149,7 @@
 			then
 # If we do not have a certificate, make one up.
 
-				if test ! -f ${datadir}/pop3d.pem
+				if test ! -f ${certsdir}/pop3d.pem
 				then
 					echo -n " generating-POP3-SSL-certificate..."
 
@@ -179,7 +179,7 @@
 			then
 # If we do not have a certificate, make one up.
 
-				if test ! -f ${datadir}/imapd.pem
+				if test ! -f ${certsdir}/imapd.pem
 				then
 					echo -n " generating-IMAP-SSL-certificate..."
 
diff -Nur old/imap/configure.in new/imap/configure.in
--- old/imap/configure.in	2004-05-16 02:38:13.000000000 +0000
+++ new/imap/configure.in	2004-05-25 07:37:24.000000000 +0000
@@ -283,6 +283,11 @@
 eval "sysconfdir=$sysconfdir"
 eval "localstatedir=$localstatedir"
 
+AC_ARG_WITH(certsdir, [  --with-certsdir Directory where certs are created ],
+certsdir="$withval", certsdir=$datadir)
+
+AC_SUBST(certsdir)
+
 #
 # Check for PAM configuration flavor
 
diff -Nur old/imap/imapd-ssl.dist.in new/imap/imapd-ssl.dist.in
--- old/imap/imapd-ssl.dist.in	2004-01-25 05:40:03.000000000 +0000
+++ new/imap/imapd-ssl.dist.in	2004-05-24 20:57:29.000000000 +0000
@@ -146,7 +146,7 @@
 # servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
 # treated as confidential, and must not be world-readable.
 #
-TLS_CERTFILE=@datadir@/imapd.pem
+TLS_CERTFILE=@certsdir@/imapd.pem
 
 ##NAME: TLS_TRUSTCERTS:0
 #
diff -Nur old/imap/mkimapdcert.8.in new/imap/mkimapdcert.8.in
--- old/imap/mkimapdcert.8.in	2004-01-14 00:51:10.000000000 +0000
+++ new/imap/mkimapdcert.8.in	2004-05-25 07:32:16.000000000 +0000
@@ -18,7 +18,7 @@
 .PP
 IMAP over SSL requires a valid, signed, X.509 certificate.  The default
 location for the certificate file is
-\fI@datadir@/imapd.pem\fR\&.
+\fI@certsdir@/imapd.pem\fR\&.
 \fBmkimapdcert\fR generates a self-signed X.509 certificate,
 mainly for
 testing.
@@ -26,19 +26,19 @@
 recognized certificate authority, in order for mail clients to accept the
 certificate.
 .PP
-\fI@datadir@/imapd.pem\fR must be owned by the
+\fI@certsdir@/imapd.pem\fR must be owned by the
 @mailuser@ user and
 have no group or world permissions.
 The \fBmkimapdcert\fR command will
 enforce this.  To prevent an unfortunate accident,
 \fBmkimapdcert\fR
-will not work if \fB@datadir@/imapd.pem\fR already exists.
+will not work if \fB@certsdir@/imapd.pem\fR already exists.
 .PP
 \fBmkimapdcert\fR requires
 \fBOpenSSL\fR to be installed.
 .SH "FILES"
 .TP
-\fB@datadir@/imapd.pem\fR
+\fB@certsdir@/imapd.pem\fR
 X.509 certificate.
 .TP
 \fB@sysconfdir@/imapd.cnf\fR
diff -Nur old/imap/mkimapdcert.html.in new/imap/mkimapdcert.html.in
--- old/imap/mkimapdcert.html.in	2004-01-14 00:51:16.000000000 +0000
+++ new/imap/mkimapdcert.html.in	2004-05-25 07:32:37.000000000 +0000
@@ -57,7 +57,7 @@
 location for the certificate file is
 <TT
 CLASS="FILENAME"
->@datadir@/imapd.pem</TT
+>@certsdir@/imapd.pem</TT
 >.
 <B
 CLASS="COMMAND"
@@ -71,7 +71,7 @@
 ><P
 ><TT
 CLASS="FILENAME"
->@datadir@/imapd.pem</TT
+>@certsdir@/imapd.pem</TT
 > must be owned by the
 @mailuser@ user and
 have no group or world permissions.
@@ -86,7 +86,7 @@
 >
 will not work if <B
 CLASS="COMMAND"
->@datadir@/imapd.pem</B
+>@certsdir@/imapd.pem</B
 > already exists.</P
 ><P
 ><B
@@ -111,7 +111,7 @@
 CLASS="VARIABLELIST"
 ><DL
 ><DT
->@datadir@/imapd.pem</DT
+>@certsdir@/imapd.pem</DT
 ><DD
 ><P
 >X.509 certificate.</P
diff -Nur old/imap/mkimapdcert.in new/imap/mkimapdcert.in
--- old/imap/mkimapdcert.in	2001-08-26 16:16:42.000000000 +0000
+++ new/imap/mkimapdcert.in	2004-05-25 07:33:42.000000000 +0000
@@ -13,26 +13,26 @@
 
 prefix="@prefix@"
 
-if test -f @datadir@/imapd.pem
+if test -f @certsdir@/imapd.pem
 then
-	echo "@datadir@/imapd.pem already exists."
+	echo "@certsdir@/imapd.pem already exists."
 	exit 1
 fi
 
-cp /dev/null @datadir@/imapd.pem
-chmod 600 @datadir@/imapd.pem
-chown @mailuser@ @datadir@/imapd.pem
+cp /dev/null @certsdir@/imapd.pem
+chmod 600 @certsdir@/imapd.pem
+chown @mailuser@ @certsdir@/imapd.pem
 
 cleanup() {
-	rm -f @datadir@/imapd.pem
-	rm -f @datadir@/imapd.rand
+	rm -f @certsdir@/imapd.pem
+	rm -f @certsdir@/imapd.rand
 	exit 1
 }
 
-cd @datadir@
-dd if=@RANDOMV@ of=@datadir@/imapd.rand count=1 2>/dev/null
+cd @certsdir@
+dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null
 @OPENSSL@ req -new -x509 -days 365 -nodes \
-	-config @sysconfdir@/imapd.cnf -out @datadir@/imapd.pem -keyout @datadir@/imapd.pem || cleanup
-@OPENSSL@ gendh -rand @datadir@/imapd.rand 512 >>@datadir@/imapd.pem || cleanup
-@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/imapd.pem || cleanup
-rm -f @datadir@/imapd.rand
+	-config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem || cleanup
+@OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem || cleanup
+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem || cleanup
+rm -f @certsdir@/imapd.rand
diff -Nur old/imap/mkpop3dcert.8.in new/imap/mkpop3dcert.8.in
--- old/imap/mkpop3dcert.8.in	2004-01-14 00:51:13.000000000 +0000
+++ new/imap/mkpop3dcert.8.in	2004-05-25 07:34:07.000000000 +0000
@@ -18,7 +18,7 @@
 .PP
 POP3 over SSL requires a valid, signed, X.509 certificate.  The default
 location for the certificate file is
-\fI@datadir@/pop3d.pem\fR\&.
+\fI@certsdir@/pop3d.pem\fR\&.
 \fBmkpop3dcert\fR generates a self-signed X.509 certificate,
 mainly for
 testing.
@@ -26,19 +26,19 @@
 recognized certificate authority, in order for mail clients to accept the
 certificate.
 .PP
-\fI@datadir@/pop3d.pem\fR must be owned by the
+\fI@certsdir@/pop3d.pem\fR must be owned by the
 @mailuser@ user and
 have no group or world permissions.
 The \fBmkpop3dcert\fR command will
 enforce this.  To prevent an unfortunate accident,
 \fBmkpop3dcert\fR
-will not work if \fB@datadir@/pop3d.pem\fR already exists.
+will not work if \fB@certsdir@/pop3d.pem\fR already exists.
 .PP
 \fBmkpop3dcert\fR requires
 \fBOpenSSL\fR to be installed.
 .SH "FILES"
 .TP
-\fB@datadir@/pop3d.pem\fR
+\fB@certsdir@/pop3d.pem\fR
 X.509 certificate.
 .TP
 \fB@sysconfdir@/pop3d.cnf\fR
diff -Nur old/imap/mkpop3dcert.html.in new/imap/mkpop3dcert.html.in
--- old/imap/mkpop3dcert.html.in	2004-01-14 00:51:17.000000000 +0000
+++ new/imap/mkpop3dcert.html.in	2004-05-25 07:34:26.000000000 +0000
@@ -57,7 +57,7 @@
 location for the certificate file is
 <TT
 CLASS="FILENAME"
->@datadir@/pop3d.pem</TT
+>@certsdir@/pop3d.pem</TT
 >.
 <B
 CLASS="COMMAND"
@@ -71,7 +71,7 @@
 ><P
 ><TT
 CLASS="FILENAME"
->@datadir@/pop3d.pem</TT
+>@certsdir@/pop3d.pem</TT
 > must be owned by the
 @mailuser@ user and
 have no group or world permissions.
@@ -86,7 +86,7 @@
 >
 will not work if <B
 CLASS="COMMAND"
->@datadir@/pop3d.pem</B
+>@certsdir@/pop3d.pem</B
 > already exists.</P
 ><P
 ><B
@@ -111,7 +111,7 @@
 CLASS="VARIABLELIST"
 ><DL
 ><DT
->@datadir@/pop3d.pem</DT
+>@certsdir@/pop3d.pem</DT
 ><DD
 ><P
 >X.509 certificate.</P
diff -Nur old/imap/mkpop3dcert.in new/imap/mkpop3dcert.in
--- old/imap/mkpop3dcert.in	2000-10-06 17:50:37.000000000 +0000
+++ new/imap/mkpop3dcert.in	2004-05-25 07:35:23.000000000 +0000
@@ -13,25 +13,25 @@
 
 prefix="@prefix@"
 
-if test -f @datadir@/pop3d.pem
+if test -f @certsdir@/pop3d.pem
 then
-	echo "@datadir@/pop3d.pem already exists."
+	echo "@certsdir@/pop3d.pem already exists."
 	exit 1
 fi
 
-cp /dev/null @datadir@/pop3d.pem
-chmod 600 @datadir@/pop3d.pem
-chown @mailuser@ @datadir@/pop3d.pem
+cp /dev/null @certsdir@/pop3d.pem
+chmod 600 @certsdir@/pop3d.pem
+chown @mailuser@ @certsdir@/pop3d.pem
 
 cleanup() {
-	rm -f @datadir@/pop3d.pem
-	rm -f @datadir@/pop3d.rand
+	rm -f @certsdir@/pop3d.pem
+	rm -f @certsdir@/pop3d.rand
 	exit 1
 }
 
-dd if=@RANDOMV@ of=@datadir@/pop3d.rand count=1 2>/dev/null
+dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null
 @OPENSSL@ req -new -x509 -days 365 -nodes \
-	-config @sysconfdir@/pop3d.cnf -out @datadir@/pop3d.pem -keyout @datadir@/pop3d.pem || cleanup
-@OPENSSL@ gendh -rand @datadir@/pop3d.rand 512 >>@datadir@/pop3d.pem || cleanup
-@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/pop3d.pem || cleanup
-rm -f @datadir@/pop3d.rand
+	-config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem || cleanup
+@OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem || cleanup
+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem || cleanup
+rm -f @certsdir@/pop3d.rand
diff -Nur old/imap/pop3d-ssl.dist.in new/imap/pop3d-ssl.dist.in
--- old/imap/pop3d-ssl.dist.in	2004-01-25 05:40:04.000000000 +0000
+++ new/imap/pop3d-ssl.dist.in	2004-05-24 20:57:32.000000000 +0000
@@ -135,7 +135,7 @@
 # servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
 # treated as confidential, and must not be world-readable.
 #
-TLS_CERTFILE=@datadir@/pop3d.pem
+TLS_CERTFILE=@certsdir@/pop3d.pem
 
 ##NAME: TLS_TRUSTCERTS:0
 #
Commit	Line	Data
c2c7a750 AA	1	diff -Nur old/configure.in new/configure.in
c2c7a750 AA	2	--- old/configure.in 2004-05-16 02:40:19.000000000 +0000
69e1f9b1	3	+++ new/configure.in 2004-05-25 07:37:13.000000000 +0000
c2c7a750 AA	4	@@ -58,6 +58,11 @@
	5	eval "localstatedir=$localstatedir"
	6	eval "datadir=$datadir"
	7
	8	+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
69e1f9b1	9	+certsdir="$withval", certsdir=$datadir)
c2c7a750 AA	10	+
	11	+AC_SUBST(certsdir)
	12	+
	13	AC_ARG_WITH(userdb, [
	14	-- see INSTALL, or courier/doc/install.html for configuration options -- ], ,
	15	ac_configure_args="$ac_configure_args --with-userdb=${sysconfdir}/userdb")
	16	diff -Nur old/courier/configure.in new/courier/configure.in
	17	--- old/courier/configure.in 2004-05-02 14:59:42.000000000 +0000
69e1f9b1 AA	18	+++ new/courier/configure.in 2004-05-25 07:38:14.000000000 +0000
	19	@@ -575,6 +575,12 @@
	20
c2c7a750 AA	21	eval "exec_prefix=$exec_prefix"
c2c7a750 AA	22	eval "bindir=$bindir"
69e1f9b1 AA	23	+eval "datadir=$datadir"
69e1f9b1 AA	24	+
c2c7a750	25	+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
69e1f9b1	26	+certsdir="$withval", certsdir=$datadir)
c2c7a750 AA	27	+
c2c7a750 AA	28	+AC_SUBST(certsdir)
69e1f9b1	29
c2c7a750 AA	30	MAILDROP="$bindir/maildrop"
c2c7a750 AA	31	AC_SUBST(MAILDROP)
c2c7a750 AA	32	diff -Nur old/courier/imapd-ssl.rc.in new/courier/imapd-ssl.rc.in
	33	--- old/courier/imapd-ssl.rc.in 2004-05-24 21:25:19.000000000 +0000
	34	+++ new/courier/imapd-ssl.rc.in 2004-05-24 21:32:29.000000000 +0000
	35	@@ -28,6 +28,11 @@
	36
	37	case $1 in
	38	start)
	39	+ # If we do not have a certificate, make one up.
	40	+ if [ ! -f @certsdir@/imapd.pem ]; then
	41	+ @sbindir@/mkimapdcert
	42	+ fi
	43	+
	44	LIBAUTHMODULES=""
	45	for f in `echo $AUTHMODULES`
	46	do
	47	diff -Nur old/courier/module.esmtp/configure.in new/courier/module.esmtp/configure.in
	48	--- old/courier/module.esmtp/configure.in 2004-05-11 00:16:05.000000000 +0000
69e1f9b1	49	+++ new/courier/module.esmtp/configure.in 2004-05-25 07:37:36.000000000 +0000
c2c7a750 AA	50	@@ -300,6 +300,11 @@
	51	eval "datadir=$datadir"
	52	eval "localstatedir=$localstatedir"
	53
	54	+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
69e1f9b1	55	+certsdir="$withval", certsdir=$datadir
c2c7a750 AA	56	+
	57	+AC_SUBST(certsdir)
	58	+
	59	dnl
	60	dnl Check what libraries are available
	61	dnl
	62	diff -Nur old/courier/module.esmtp/esmtpd-ssl.dist.in new/courier/module.esmtp/esmtpd-ssl.dist.in
	63	--- old/courier/module.esmtp/esmtpd-ssl.dist.in 2004-04-24 19:56:19.000000000 +0000
	64	+++ new/courier/module.esmtp/esmtpd-ssl.dist.in 2004-05-24 20:57:52.000000000 +0000
	65	@@ -168,7 +168,7 @@
	66	# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
	67	# treated as confidential, and must not be world-readable.
	68	#
	69	-TLS_CERTFILE=@datadir@/esmtpd.pem
	70	+TLS_CERTFILE=@certsdir@/esmtpd.pem
	71
	72	##NAME: TLS_TRUSTCERTS:0
	73	#
	74	diff -Nur old/courier/module.esmtp/esmtpd-ssl.in new/courier/module.esmtp/esmtpd-ssl.in
	75	--- old/courier/module.esmtp/esmtpd-ssl.in 2004-05-24 21:24:41.000000000 +0000
	76	+++ new/courier/module.esmtp/esmtpd-ssl.in 2004-05-24 21:31:31.000000000 +0000
	77	@@ -25,6 +25,10 @@
	78
	79	case $1 in
	80	start)
	81	+ # If we do not have a certificate, make one up.
	82	+ if [ ! -f @certsdir@/esmtpd.pem ]; then
	83	+ @sbindir@/mkesmtpdcert
	84	+ fi
	85	;;
	86	stop)
	87	${sbindir}/couriertcpd -pid=$SSLPIDFILE -stop
69e1f9b1 AA	88	diff -Nur old/courier/module.esmtp/mkesmtpdcert.in new/courier/module.esmtp/mkesmtpdcert.in
	89	--- old/courier/module.esmtp/mkesmtpdcert.in 2000-09-18 17:24:01.000000000 +0000
	90	+++ new/courier/module.esmtp/mkesmtpdcert.in 2004-05-25 07:31:21.000000000 +0000
	91	@@ -11,25 +11,25 @@
	92
	93	test -x @OPENSSL@ \|\| exit 0
	94
	95	-if test -f @datadir@/esmtpd.pem
	96	+if test -f @certsdir@/esmtpd.pem
	97	then
	98	- echo "@datadir@/esmtpd.pem already exists."
	99	+ echo "@certsdir@/esmtpd.pem already exists."
	100	exit 1
	101	fi
	102
	103	-cp /dev/null @datadir@/esmtpd.pem
	104	-chmod 600 @datadir@/esmtpd.pem
	105	-chown @mailuser@ @datadir@/esmtpd.pem
	106	+cp /dev/null @certsdir@/esmtpd.pem
	107	+chmod 600 @certsdir@/esmtpd.pem
	108	+chown @mailuser@ @certsdir@/esmtpd.pem
	109
	110	cleanup() {
	111	- rm -f @datadir@/esmtpd.rand
	112	- rm -f @datadir@/esmtpd.pem
	113	+ rm -f @certsdir@/esmtpd.rand
	114	+ rm -f @certsdir@/esmtpd.pem
	115	exit 1
	116	}
	117
	118	-dd if=@RANDOMV@ of=@datadir@/esmtpd.rand count=1 2>/dev/null
	119	+dd if=@RANDOMV@ of=@certsdir@/esmtpd.rand count=1 2>/dev/null
	120	@OPENSSL@ req -new -x509 -days 365 -nodes \
	121	- -config @sysconfdir@/esmtpd.cnf -out @datadir@/esmtpd.pem -keyout @datadir@/esmtpd.pem \|\| cleanup
	122	-@OPENSSL@ gendh -rand @datadir@/esmtpd.rand 512 >>@datadir@/esmtpd.pem \|\| cleanup
	123	-@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/esmtpd.pem \|\| cleanup
	124	-rm -f @datadir@/esmtpd.rand
	125	+ -config @sysconfdir@/esmtpd.cnf -out @certsdir@/esmtpd.pem -keyout @certsdir@/esmtpd.pem \|\| cleanup
	126	+@OPENSSL@ gendh -rand @certsdir@/esmtpd.rand 512 >>@certsdir@/esmtpd.pem \|\| cleanup
	127	+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/esmtpd.pem \|\| cleanup
	128	+rm -f @certsdir@/esmtpd.rand
c2c7a750 AA	129	diff -Nur old/courier/pop3d-ssl.in new/courier/pop3d-ssl.in
	130	--- old/courier/pop3d-ssl.in 2004-05-24 21:25:31.000000000 +0000
	131	+++ new/courier/pop3d-ssl.in 2004-05-24 21:33:05.000000000 +0000
	132	@@ -29,6 +29,11 @@
	133
	134	case $1 in
	135	start)
	136	+ # If we do not have a certificate, make one up.
	137	+ if [ ! -f @certsdir@/pop3d.pem ]; then
	138	+ @sbindir@/mkpop3dcert
	139	+ fi
	140	+
	141	LIBAUTHMODULES=""
	142	for f in `echo $AUTHMODULES`
	143	do
	144	diff -Nur old/courier.sysvinit.in new/courier.sysvinit.in
	145	--- old/courier.sysvinit.in 2004-05-02 14:24:06.000000000 +0000
	146	+++ new/courier.sysvinit.in 2004-05-24 20:56:37.000000000 +0000
	147	@@ -14,7 +14,7 @@
	148	sbindir="@sbindir@"
	149	bindir="@bindir@"
	150	libexecdir="@libexecdir@"
	151	-datadir="@datadir@"
	152	+certsdir="@certsdir@"
	153
	154	if test ! -f ${sysconfdir}/esmtpd
	155	then
	156	@@ -82,7 +82,7 @@
	157	then
	158	# If we do not have a certificate, make one up.
	159
	160	- if test ! -f ${datadir}/esmtpd.pem
	161	+ if test ! -f ${certsdir}/esmtpd.pem
	162	then
	163	if test -x $COURIERTLS
	164	then
	165	@@ -149,7 +149,7 @@
	166	then
	167	# If we do not have a certificate, make one up.
	168
	169	- if test ! -f ${datadir}/pop3d.pem
	170	+ if test ! -f ${certsdir}/pop3d.pem
	171	then
	172	echo -n " generating-POP3-SSL-certificate..."
	173
	174	@@ -179,7 +179,7 @@
	175	then
	176	# If we do not have a certificate, make one up.
	177
	178	- if test ! -f ${datadir}/imapd.pem
	179	+ if test ! -f ${certsdir}/imapd.pem
	180	then
	181	echo -n " generating-IMAP-SSL-certificate..."
	182
	183	diff -Nur old/imap/configure.in new/imap/configure.in
	184	--- old/imap/configure.in 2004-05-16 02:38:13.000000000 +0000
69e1f9b1	185	+++ new/imap/configure.in 2004-05-25 07:37:24.000000000 +0000
c2c7a750 AA	186	@@ -283,6 +283,11 @@
	187	eval "sysconfdir=$sysconfdir"
	188	eval "localstatedir=$localstatedir"
	189
	190	+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
69e1f9b1	191	+certsdir="$withval", certsdir=$datadir)
c2c7a750 AA	192	+
	193	+AC_SUBST(certsdir)
	194	+
	195	#
	196	# Check for PAM configuration flavor
	197
	198	diff -Nur old/imap/imapd-ssl.dist.in new/imap/imapd-ssl.dist.in
	199	--- old/imap/imapd-ssl.dist.in 2004-01-25 05:40:03.000000000 +0000
	200	+++ new/imap/imapd-ssl.dist.in 2004-05-24 20:57:29.000000000 +0000
	201	@@ -146,7 +146,7 @@
	202	# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
	203	# treated as confidential, and must not be world-readable.
	204	#
	205	-TLS_CERTFILE=@datadir@/imapd.pem
	206	+TLS_CERTFILE=@certsdir@/imapd.pem
	207
	208	##NAME: TLS_TRUSTCERTS:0
	209	#
69e1f9b1 AA	210	diff -Nur old/imap/mkimapdcert.8.in new/imap/mkimapdcert.8.in
	211	--- old/imap/mkimapdcert.8.in 2004-01-14 00:51:10.000000000 +0000
	212	+++ new/imap/mkimapdcert.8.in 2004-05-25 07:32:16.000000000 +0000
	213	@@ -18,7 +18,7 @@
	214	.PP
	215	IMAP over SSL requires a valid, signed, X.509 certificate. The default
	216	location for the certificate file is
	217	-\fI@datadir@/imapd.pem\fR\&.
	218	+\fI@certsdir@/imapd.pem\fR\&.
	219	\fBmkimapdcert\fR generates a self-signed X.509 certificate,
	220	mainly for
	221	testing.
	222	@@ -26,19 +26,19 @@
	223	recognized certificate authority, in order for mail clients to accept the
	224	certificate.
	225	.PP
	226	-\fI@datadir@/imapd.pem\fR must be owned by the
	227	+\fI@certsdir@/imapd.pem\fR must be owned by the
	228	@mailuser@ user and
	229	have no group or world permissions.
	230	The \fBmkimapdcert\fR command will
	231	enforce this. To prevent an unfortunate accident,
	232	\fBmkimapdcert\fR
	233	-will not work if \fB@datadir@/imapd.pem\fR already exists.
	234	+will not work if \fB@certsdir@/imapd.pem\fR already exists.
	235	.PP
	236	\fBmkimapdcert\fR requires
	237	\fBOpenSSL\fR to be installed.
	238	.SH "FILES"
	239	.TP
	240	-\fB@datadir@/imapd.pem\fR
	241	+\fB@certsdir@/imapd.pem\fR
	242	X.509 certificate.
	243	.TP
	244	\fB@sysconfdir@/imapd.cnf\fR
	245	diff -Nur old/imap/mkimapdcert.html.in new/imap/mkimapdcert.html.in
	246	--- old/imap/mkimapdcert.html.in 2004-01-14 00:51:16.000000000 +0000
	247	+++ new/imap/mkimapdcert.html.in 2004-05-25 07:32:37.000000000 +0000
	248	@@ -57,7 +57,7 @@
	249	location for the certificate file is
	250	<TT
	251	CLASS="FILENAME"
	252	->@datadir@/imapd.pem</TT
	253	+>@certsdir@/imapd.pem</TT
	254	>.
	255	<B
	256	CLASS="COMMAND"
	257	@@ -71,7 +71,7 @@
	258	><P
	259	><TT
	260	CLASS="FILENAME"
	261	->@datadir@/imapd.pem</TT
	262	+>@certsdir@/imapd.pem</TT
	263	> must be owned by the
	264	@mailuser@ user and
	265	have no group or world permissions.
	266	@@ -86,7 +86,7 @@
	267	>
	268	will not work if <B
	269	CLASS="COMMAND"
	270	->@datadir@/imapd.pem</B
	271	+>@certsdir@/imapd.pem</B
	272	> already exists.</P
	273	><P
274	><B
275	@@ -111,7 +111,7 @@
276	CLASS="VARIABLELIST"
277	><DL
278	><DT
279	->@datadir@/imapd.pem</DT
280	+>@certsdir@/imapd.pem</DT
281	><DD
282	><P
283	>X.509 certificate.</P
284	diff -Nur old/imap/mkimapdcert.in new/imap/mkimapdcert.in
285	--- old/imap/mkimapdcert.in 2001-08-26 16:16:42.000000000 +0000
286	+++ new/imap/mkimapdcert.in 2004-05-25 07:33:42.000000000 +0000
287	@@ -13,26 +13,26 @@
288
289	prefix="@prefix@"
290
291	-if test -f @datadir@/imapd.pem
292	+if test -f @certsdir@/imapd.pem
293	then
294	- echo "@datadir@/imapd.pem already exists."
295	+ echo "@certsdir@/imapd.pem already exists."
296	exit 1
297	fi
298
299	-cp /dev/null @datadir@/imapd.pem
300	-chmod 600 @datadir@/imapd.pem
301	-chown @mailuser@ @datadir@/imapd.pem
302	+cp /dev/null @certsdir@/imapd.pem
303	+chmod 600 @certsdir@/imapd.pem
304	+chown @mailuser@ @certsdir@/imapd.pem
305
306	cleanup() {
307	- rm -f @datadir@/imapd.pem
308	- rm -f @datadir@/imapd.rand
309	+ rm -f @certsdir@/imapd.pem
310	+ rm -f @certsdir@/imapd.rand
311	exit 1
312	}
313
314	-cd @datadir@
315	-dd if=@RANDOMV@ of=@datadir@/imapd.rand count=1 2>/dev/null
316	+cd @certsdir@
317	+dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null
318	@OPENSSL@ req -new -x509 -days 365 -nodes \
319	- -config @sysconfdir@/imapd.cnf -out @datadir@/imapd.pem -keyout @datadir@/imapd.pem \|\| cleanup
320	-@OPENSSL@ gendh -rand @datadir@/imapd.rand 512 >>@datadir@/imapd.pem \|\| cleanup
321	-@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/imapd.pem \|\| cleanup
322	-rm -f @datadir@/imapd.rand
323	+ -config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem \|\| cleanup
324	+@OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem \|\| cleanup
325	+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem \|\| cleanup
326	+rm -f @certsdir@/imapd.rand
327	diff -Nur old/imap/mkpop3dcert.8.in new/imap/mkpop3dcert.8.in
328	--- old/imap/mkpop3dcert.8.in 2004-01-14 00:51:13.000000000 +0000
329	+++ new/imap/mkpop3dcert.8.in 2004-05-25 07:34:07.000000000 +0000
330	@@ -18,7 +18,7 @@
331	.PP
332	POP3 over SSL requires a valid, signed, X.509 certificate. The default
333	location for the certificate file is
334	-\fI@datadir@/pop3d.pem\fR\&.
335	+\fI@certsdir@/pop3d.pem\fR\&.
336	\fBmkpop3dcert\fR generates a self-signed X.509 certificate,
337	mainly for
338	testing.
339	@@ -26,19 +26,19 @@
340	recognized certificate authority, in order for mail clients to accept the
341	certificate.
342	.PP
343	-\fI@datadir@/pop3d.pem\fR must be owned by the
344	+\fI@certsdir@/pop3d.pem\fR must be owned by the
345	@mailuser@ user and
346	have no group or world permissions.
347	The \fBmkpop3dcert\fR command will
348	enforce this. To prevent an unfortunate accident,
349	\fBmkpop3dcert\fR
350	-will not work if \fB@datadir@/pop3d.pem\fR already exists.
351	+will not work if \fB@certsdir@/pop3d.pem\fR already exists.
352	.PP
353	\fBmkpop3dcert\fR requires
354	\fBOpenSSL\fR to be installed.
355	.SH "FILES"
356	.TP
357	-\fB@datadir@/pop3d.pem\fR
358	+\fB@certsdir@/pop3d.pem\fR
359	X.509 certificate.
360	.TP
361	\fB@sysconfdir@/pop3d.cnf\fR
362	diff -Nur old/imap/mkpop3dcert.html.in new/imap/mkpop3dcert.html.in
363	--- old/imap/mkpop3dcert.html.in 2004-01-14 00:51:17.000000000 +0000
364	+++ new/imap/mkpop3dcert.html.in 2004-05-25 07:34:26.000000000 +0000
365	@@ -57,7 +57,7 @@
366	location for the certificate file is
367	<TT
368	CLASS="FILENAME"
369	->@datadir@/pop3d.pem</TT
370	+>@certsdir@/pop3d.pem</TT
371	>.
372	<B
373	CLASS="COMMAND"
374	@@ -71,7 +71,7 @@
375	><P
376	><TT
377	CLASS="FILENAME"
378	->@datadir@/pop3d.pem</TT
379	+>@certsdir@/pop3d.pem</TT
380	> must be owned by the
381	@mailuser@ user and
382	have no group or world permissions.
383	@@ -86,7 +86,7 @@
384	>
385	will not work if <B
386	CLASS="COMMAND"
387	->@datadir@/pop3d.pem</B
388	+>@certsdir@/pop3d.pem</B
389	> already exists.</P
390	><P
391	><B
392	@@ -111,7 +111,7 @@
393	CLASS="VARIABLELIST"
394	><DL
395	><DT
396	->@datadir@/pop3d.pem</DT
397	+>@certsdir@/pop3d.pem</DT
398	><DD
399	><P
400	>X.509 certificate.</P
401	diff -Nur old/imap/mkpop3dcert.in new/imap/mkpop3dcert.in
402	--- old/imap/mkpop3dcert.in 2000-10-06 17:50:37.000000000 +0000
403	+++ new/imap/mkpop3dcert.in 2004-05-25 07:35:23.000000000 +0000
404	@@ -13,25 +13,25 @@
405
406	prefix="@prefix@"
407
408	-if test -f @datadir@/pop3d.pem
409	+if test -f @certsdir@/pop3d.pem
410	then
411	- echo "@datadir@/pop3d.pem already exists."
412	+ echo "@certsdir@/pop3d.pem already exists."
413	exit 1
414	fi
415
416	-cp /dev/null @datadir@/pop3d.pem
417	-chmod 600 @datadir@/pop3d.pem
418	-chown @mailuser@ @datadir@/pop3d.pem
419	+cp /dev/null @certsdir@/pop3d.pem
420	+chmod 600 @certsdir@/pop3d.pem
421	+chown @mailuser@ @certsdir@/pop3d.pem
422
423	cleanup() {
424	- rm -f @datadir@/pop3d.pem
425	- rm -f @datadir@/pop3d.rand
426	+ rm -f @certsdir@/pop3d.pem
427	+ rm -f @certsdir@/pop3d.rand
428	exit 1
429	}
430
431	-dd if=@RANDOMV@ of=@datadir@/pop3d.rand count=1 2>/dev/null
432	+dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null
433	@OPENSSL@ req -new -x509 -days 365 -nodes \
434	- -config @sysconfdir@/pop3d.cnf -out @datadir@/pop3d.pem -keyout @datadir@/pop3d.pem \|\| cleanup
435	-@OPENSSL@ gendh -rand @datadir@/pop3d.rand 512 >>@datadir@/pop3d.pem \|\| cleanup
436	-@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/pop3d.pem \|\| cleanup
437	-rm -f @datadir@/pop3d.rand
438	+ -config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem \|\| cleanup
439	+@OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem \|\| cleanup
440	+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem \|\| cleanup
441	+rm -f @certsdir@/pop3d.rand
c2c7a750 AA	442	diff -Nur old/imap/pop3d-ssl.dist.in new/imap/pop3d-ssl.dist.in
	443	--- old/imap/pop3d-ssl.dist.in 2004-01-25 05:40:04.000000000 +0000
	444	+++ new/imap/pop3d-ssl.dist.in 2004-05-24 20:57:32.000000000 +0000
	445	@@ -135,7 +135,7 @@
	446	# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
	447	# treated as confidential, and must not be world-readable.
	448	#
	449	-TLS_CERTFILE=@datadir@/pop3d.pem
	450	+TLS_CERTFILE=@certsdir@/pop3d.pem
	451
	452	##NAME: TLS_TRUSTCERTS:0
	453	#