From 5d26edcf2ead7b5b6e8b20a6562492b3dcc1d0a6 Mon Sep 17 00:00:00 2001 From: hawk Date: Sat, 19 Jan 2008 23:24:22 +0000 Subject: [PATCH] - updated for 0.58.0 Changed files: courier-certs.patch -> 1.8 --- courier-certs.patch | 648 +++++++++++++++++++++++--------------------- 1 file changed, 345 insertions(+), 303 deletions(-) diff --git a/courier-certs.patch b/courier-certs.patch index f8f60c4..c0d1290 100644 --- a/courier-certs.patch +++ b/courier-certs.patch @@ -1,7 +1,7 @@ -diff -Nur old/configure.in new/configure.in ---- old/configure.in 2005-03-01 03:16:43.000000000 +0000 -+++ new/configure.in 2005-03-04 19:53:15.000000000 +0000 -@@ -58,6 +58,11 @@ +diff -urN courier-0.58.0.orig/configure.in courier-0.58.0/configure.in +--- courier-0.58.0.orig/configure.in 2007-11-24 04:25:52.000000000 +0100 ++++ courier-0.58.0/configure.in 2008-01-19 23:37:26.428337743 +0100 +@@ -70,6 +70,11 @@ eval "localstatedir=$localstatedir" eval "datadir=$datadir" @@ -13,13 +13,13 @@ diff -Nur old/configure.in new/configure.in AC_ARG_WITH(makedatprog, [], , ac_configure_args="$ac_configure_args --with-makedatprog=${libexecdir}/courier/makedatprog") -diff -Nur old/courier/configure.in new/courier/configure.in ---- old/courier/configure.in 2005-03-01 03:16:43.000000000 +0000 -+++ new/courier/configure.in 2005-03-04 19:46:17.000000000 +0000 -@@ -462,6 +462,12 @@ - - eval "exec_prefix=$exec_prefix" +diff -urN courier-0.58.0.orig/courier/configure.in courier-0.58.0/courier/configure.in +--- courier-0.58.0.orig/courier/configure.in 2007-11-24 04:25:52.000000000 +0100 ++++ courier-0.58.0/courier/configure.in 2008-01-19 23:38:38.745253650 +0100 +@@ -498,6 +498,12 @@ + eval "datarootdir=$datarootdir" eval "bindir=$bindir" + eval "localstatedir=$localstatedir" +eval "datadir=$datadir" + +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ], @@ -29,9 +29,9 @@ diff -Nur old/courier/configure.in new/courier/configure.in MAILDROP="$bindir/maildrop" AC_SUBST(MAILDROP) -diff -Nur old/courier/imapd-ssl.rc.in new/courier/imapd-ssl.rc.in ---- old/courier/imapd-ssl.rc.in 2005-02-16 23:42:13.000000000 +0000 -+++ new/courier/imapd-ssl.rc.in 2005-03-04 19:47:54.000000000 +0000 +diff -urN courier-0.58.0.orig/courier/imapd-ssl.rc.in courier-0.58.0/courier/imapd-ssl.rc.in +--- courier-0.58.0.orig/courier/imapd-ssl.rc.in 2008-01-19 23:30:56.000000000 +0100 ++++ courier-0.58.0/courier/imapd-ssl.rc.in 2008-01-19 23:37:26.428337743 +0100 @@ -28,6 +28,11 @@ case $1 in @@ -44,12 +44,12 @@ diff -Nur old/courier/imapd-ssl.rc.in new/courier/imapd-ssl.rc.in umask $IMAP_UMASK @ULIMIT@ $IMAP_ULIMITD @SETENV@ -i @SHELL@ -c " set -a ; -diff -Nur old/courier/module.esmtp/configure.in new/courier/module.esmtp/configure.in ---- old/courier/module.esmtp/configure.in 2004-05-11 00:16:05.000000000 +0000 -+++ new/courier/module.esmtp/configure.in 2004-05-25 07:46:38.000000000 +0000 -@@ -300,6 +300,11 @@ - eval "datadir=$datadir" - eval "localstatedir=$localstatedir" +diff -urN courier-0.58.0.orig/courier/module.esmtp/configure.in courier-0.58.0/courier/module.esmtp/configure.in +--- courier-0.58.0.orig/courier/module.esmtp/configure.in 2007-11-04 22:17:03.000000000 +0100 ++++ courier-0.58.0/courier/module.esmtp/configure.in 2008-01-19 23:37:26.428337743 +0100 +@@ -306,6 +306,11 @@ + AC_SUBST(mydatadir) # Quell automake warning + +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ], +certsdir="$withval", certsdir=$datadir) @@ -59,43 +59,43 @@ diff -Nur old/courier/module.esmtp/configure.in new/courier/module.esmtp/configu dnl dnl Check what libraries are available dnl -diff -Nur old/courier/module.esmtp/esmtpd.cnf.in new/courier/module.esmtp/esmtpd.cnf.in ---- old/courier/module.esmtp/esmtpd.cnf.in 2001-08-18 22:18:12.000000000 +0000 -+++ new/courier/module.esmtp/esmtpd.cnf.in 2004-05-30 22:45:59.000000000 +0000 +diff -urN courier-0.58.0.orig/courier/module.esmtp/esmtpd.cnf.openssl.in courier-0.58.0/courier/module.esmtp/esmtpd.cnf.openssl.in +--- courier-0.58.0.orig/courier/module.esmtp/esmtpd.cnf.openssl.in 2007-07-01 17:36:34.000000000 +0200 ++++ courier-0.58.0/courier/module.esmtp/esmtpd.cnf.openssl.in 2008-01-19 23:39:34.911369481 +0100 @@ -1,5 +1,5 @@ --RANDFILE = @datadir@/esmtpd.rnd -+RANDFILE = @certsdir@/esmtpd.rand +-RANDFILE = @mydatadir@/esmtpd.rnd ++RANDFILE = @certsdir@/esmtpd.rnd [ req ] default_bits = 1024 -diff -Nur old/courier/module.esmtp/esmtpd.dist.in new/courier/module.esmtp/esmtpd.dist.in ---- old/courier/module.esmtp/esmtpd.dist.in 2004-05-11 00:48:14.000000000 +0000 -+++ new/courier/module.esmtp/esmtpd.dist.in 2004-07-11 18:09:20.000000000 +0000 -@@ -143,7 +143,7 @@ - # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually - # treated as confidential, and must not be world-readable. +diff -urN courier-0.58.0.orig/courier/module.esmtp/esmtpd.dist.in courier-0.58.0/courier/module.esmtp/esmtpd.dist.in +--- courier-0.58.0.orig/courier/module.esmtp/esmtpd.dist.in 2007-11-04 22:17:03.000000000 +0100 ++++ courier-0.58.0/courier/module.esmtp/esmtpd.dist.in 2008-01-19 23:39:44.028487817 +0100 +@@ -233,7 +233,7 @@ # --TLS_CERTFILE=@datadir@/esmtpd.pem + # This is an experimental feature. + +-TLS_CERTFILE=@mydatadir@/esmtpd.pem +TLS_CERTFILE=@certsdir@/esmtpd.pem ##NAME: TLS_CERTINFO:0 # -diff -Nur old/courier/module.esmtp/esmtpd-ssl.dist.in new/courier/module.esmtp/esmtpd-ssl.dist.in ---- old/courier/module.esmtp/esmtpd-ssl.dist.in 2004-04-24 19:56:19.000000000 +0000 -+++ new/courier/module.esmtp/esmtpd-ssl.dist.in 2004-05-24 20:57:52.000000000 +0000 -@@ -168,7 +168,7 @@ - # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually - # treated as confidential, and must not be world-readable. +diff -urN courier-0.58.0.orig/courier/module.esmtp/esmtpd-ssl.dist.in courier-0.58.0/courier/module.esmtp/esmtpd-ssl.dist.in +--- courier-0.58.0.orig/courier/module.esmtp/esmtpd-ssl.dist.in 2007-11-04 22:17:03.000000000 +0100 ++++ courier-0.58.0/courier/module.esmtp/esmtpd-ssl.dist.in 2008-01-19 23:39:22.684097067 +0100 +@@ -256,7 +256,7 @@ # --TLS_CERTFILE=@datadir@/esmtpd.pem + # This is an experimental feature. + +-TLS_CERTFILE=@mydatadir@/esmtpd.pem +TLS_CERTFILE=@certsdir@/esmtpd.pem ##NAME: TLS_TRUSTCERTS:0 # -diff -Nur old/courier/module.esmtp/esmtpd-ssl.in new/courier/module.esmtp/esmtpd-ssl.in ---- old/courier/module.esmtp/esmtpd-ssl.in 2004-05-24 21:24:41.000000000 +0000 -+++ new/courier/module.esmtp/esmtpd-ssl.in 2004-05-24 21:31:31.000000000 +0000 +diff -urN courier-0.58.0.orig/courier/module.esmtp/esmtpd-ssl.in courier-0.58.0/courier/module.esmtp/esmtpd-ssl.in +--- courier-0.58.0.orig/courier/module.esmtp/esmtpd-ssl.in 2008-01-19 23:30:56.000000000 +0100 ++++ courier-0.58.0/courier/module.esmtp/esmtpd-ssl.in 2008-01-19 23:37:26.431671242 +0100 @@ -25,6 +25,10 @@ case $1 in @@ -107,50 +107,70 @@ diff -Nur old/courier/module.esmtp/esmtpd-ssl.in new/courier/module.esmtp/esmtpd ;; stop) ${sbindir}/couriertcpd -pid=$SSLPIDFILE -stop -diff -Nur old/courier/module.esmtp/mkesmtpdcert.in new/courier/module.esmtp/mkesmtpdcert.in ---- old/courier/module.esmtp/mkesmtpdcert.in 2000-09-18 17:24:01.000000000 +0000 -+++ new/courier/module.esmtp/mkesmtpdcert.in 2004-05-25 07:31:21.000000000 +0000 -@@ -11,25 +11,25 @@ - - test -x @OPENSSL@ || exit 0 +diff -urN courier-0.58.0.orig/courier/module.esmtp/mkesmtpdcert.in courier-0.58.0/courier/module.esmtp/mkesmtpdcert.in +--- courier-0.58.0.orig/courier/module.esmtp/mkesmtpdcert.in 2007-11-04 22:17:03.000000000 +0100 ++++ courier-0.58.0/courier/module.esmtp/mkesmtpdcert.in 2008-01-19 23:40:14.373324466 +0100 +@@ -16,38 +16,38 @@ + test -x @CERTTOOL@ || exit 0 + fi --if test -f @datadir@/esmtpd.pem +-if test -f @mydatadir@/esmtpd.pem +if test -f @certsdir@/esmtpd.pem then -- echo "@datadir@/esmtpd.pem already exists." +- echo "@mydatadir@/esmtpd.pem already exists." + echo "@certsdir@/esmtpd.pem already exists." exit 1 fi --cp /dev/null @datadir@/esmtpd.pem --chmod 600 @datadir@/esmtpd.pem --chown @mailuser@ @datadir@/esmtpd.pem -+cp /dev/null @certsdir@/esmtpd.pem -+chmod 600 @certsdir@/esmtpd.pem -+chown @mailuser@ @certsdir@/esmtpd.pem - cleanup() { -- rm -f @datadir@/esmtpd.rand -- rm -f @datadir@/esmtpd.pem +- rm -f @mydatadir@/esmtpd.rand +- rm -f @mydatadir@/esmtpd.pem +- rm -f @mydatadir@/esmtpd.key +- rm -f @mydatadir@/esmtpd.cert + rm -f @certsdir@/esmtpd.rand + rm -f @certsdir@/esmtpd.pem ++ rm -f @certsdir@/esmtpd.key ++ rm -f @certsdir@/esmtpd.cert exit 1 } --dd if=@RANDOMV@ of=@datadir@/esmtpd.rand count=1 2>/dev/null -+dd if=@RANDOMV@ of=@certsdir@/esmtpd.rand count=1 2>/dev/null - @OPENSSL@ req -new -x509 -days 365 -nodes \ -- -config @sysconfdir@/esmtpd.cnf -out @datadir@/esmtpd.pem -keyout @datadir@/esmtpd.pem || cleanup --@OPENSSL@ gendh -rand @datadir@/esmtpd.rand 512 >>@datadir@/esmtpd.pem || cleanup --@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/esmtpd.pem || cleanup --rm -f @datadir@/esmtpd.rand -+ -config @sysconfdir@/esmtpd.cnf -out @certsdir@/esmtpd.pem -keyout @certsdir@/esmtpd.pem || cleanup -+@OPENSSL@ gendh -rand @certsdir@/esmtpd.rand 512 >>@certsdir@/esmtpd.pem || cleanup -+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/esmtpd.pem || cleanup -+rm -f @certsdir@/esmtpd.rand -diff -Nur old/courier/pop3d-ssl.in new/courier/pop3d-ssl.in ---- old/courier/pop3d-ssl.in 2005-02-16 23:42:13.000000000 +0000 -+++ new/courier/pop3d-ssl.in 2005-03-04 19:48:23.000000000 +0000 +-cd @mydatadir@ ++cd @certsdir@ + + if test "@ssllib@" = "openssl" + then +- cp /dev/null @mydatadir@/esmtpd.pem +- chmod 600 @mydatadir@/esmtpd.pem +- chown @mailuser@ @mydatadir@/esmtpd.pem +- dd if=@RANDOMV@ of=@mydatadir@/esmtpd.rand count=1 2>/dev/null ++ cp /dev/null @certsdir@/esmtpd.pem ++ chmod 600 @certsdir@/esmtpd.pem ++ chown @mailuser@ @certsdir@/esmtpd.pem ++ dd if=@RANDOMV@ of=@certsdir@/esmtpd.rand count=1 2>/dev/null + @OPENSSL@ req -new -x509 -days 365 -nodes \ +- -config @sysconfdir@/esmtpd.cnf -out @mydatadir@/esmtpd.pem -keyout @mydatadir@/esmtpd.pem || cleanup +- @OPENSSL@ gendh -rand @mydatadir@/esmtpd.rand 512 >>@mydatadir@/esmtpd.pem || cleanup +- @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/esmtpd.pem || cleanup +- rm -f @mydatadir@/esmtpd.rand ++ -config @sysconfdir@/esmtpd.cnf -out @certsdir@/esmtpd.pem -keyout @certsdir@/esmtpd.pem || cleanup ++ @OPENSSL@ gendh -rand @certsdir@/esmtpd.rand 512 >>@certsdir@/esmtpd.pem || cleanup ++ @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/esmtpd.pem || cleanup ++ rm -f @certsdir@/esmtpd.rand + else +- cp /dev/null @mydatadir@/esmtpd.key +- chmod 600 @mydatadir@/esmtpd.key +- cp /dev/null @mydatadir@/esmtpd.cert +- chmod 600 @mydatadir@/esmtpd.cert ++ cp /dev/null @certsdir@/esmtpd.key ++ chmod 600 @certsdir@/esmtpd.key ++ cp /dev/null @certsdir@/esmtpd.cert ++ chmod 600 @certsdir@/esmtpd.cert + + @CERTTOOL@ --generate-privkey --outfile esmtpd.key + @CERTTOOL@ --generate-self-signed --load-privkey esmtpd.key --outfile esmtpd.cert --template @sysconfdir@/esmtpd.cnf +diff -urN courier-0.58.0.orig/courier/pop3d-ssl.in courier-0.58.0/courier/pop3d-ssl.in +--- courier-0.58.0.orig/courier/pop3d-ssl.in 2008-01-19 23:30:56.000000000 +0100 ++++ courier-0.58.0/courier/pop3d-ssl.in 2008-01-19 23:37:26.431671242 +0100 @@ -29,6 +29,11 @@ case $1 in @@ -163,10 +183,10 @@ diff -Nur old/courier/pop3d-ssl.in new/courier/pop3d-ssl.in exec @SETENV@ -i PATH="$PATH" SHELL="$SHELL" \ @SHELL@ -c " set -a ; \ prefix=@prefix@ ; \ -diff -Nur old/courier.sysvinit.in new/courier.sysvinit.in ---- old/courier.sysvinit.in 2004-05-02 14:24:06.000000000 +0000 -+++ new/courier.sysvinit.in 2004-05-24 20:56:37.000000000 +0000 -@@ -14,7 +14,7 @@ +diff -urN courier-0.58.0.orig/courier.sysvinit.in courier-0.58.0/courier.sysvinit.in +--- courier-0.58.0.orig/courier.sysvinit.in 2008-01-19 23:30:56.000000000 +0100 ++++ courier-0.58.0/courier.sysvinit.in 2008-01-19 23:37:26.431671242 +0100 +@@ -18,7 +18,7 @@ sbindir="@sbindir@" bindir="@bindir@" libexecdir="@libexecdir@" @@ -175,7 +195,7 @@ diff -Nur old/courier.sysvinit.in new/courier.sysvinit.in if test ! -f ${sysconfdir}/esmtpd then -@@ -82,7 +82,7 @@ +@@ -85,7 +85,7 @@ then # If we do not have a certificate, make one up. @@ -184,7 +204,7 @@ diff -Nur old/courier.sysvinit.in new/courier.sysvinit.in then if test -x $COURIERTLS then -@@ -149,7 +149,7 @@ +@@ -152,7 +152,7 @@ then # If we do not have a certificate, make one up. @@ -193,7 +213,7 @@ diff -Nur old/courier.sysvinit.in new/courier.sysvinit.in then echo -n " generating-POP3-SSL-certificate..." -@@ -179,7 +179,7 @@ +@@ -182,7 +182,7 @@ then # If we do not have a certificate, make one up. @@ -202,12 +222,12 @@ diff -Nur old/courier.sysvinit.in new/courier.sysvinit.in then echo -n " generating-IMAP-SSL-certificate..." -diff -Nur old/imap/configure.in new/imap/configure.in ---- old/imap/configure.in 2004-05-16 02:38:13.000000000 +0000 -+++ new/imap/configure.in 2004-05-25 07:37:24.000000000 +0000 -@@ -283,6 +283,11 @@ - eval "sysconfdir=$sysconfdir" - eval "localstatedir=$localstatedir" +diff -urN courier-0.58.0.orig/imap/configure.in courier-0.58.0/imap/configure.in +--- courier-0.58.0.orig/imap/configure.in 2007-11-24 04:23:13.000000000 +0100 ++++ courier-0.58.0/imap/configure.in 2008-01-19 23:37:26.435004741 +0100 +@@ -300,6 +300,11 @@ + mydatadir="$datadir" + AC_SUBST(mydatadir) # Avoid useless autoconf warning +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ], +certsdir="$withval", certsdir=$datadir) @@ -217,281 +237,303 @@ diff -Nur old/imap/configure.in new/imap/configure.in # # Check for PAM configuration flavor -diff -Nur old/imap/imapd.cnf.in new/imap/imapd.cnf.in ---- old/imap/imapd.cnf.in 2001-03-24 04:59:55.000000000 +0000 -+++ new/imap/imapd.cnf.in 2004-05-30 22:37:03.000000000 +0000 +diff -urN courier-0.58.0.orig/imap/imapd.cnf.openssl.in courier-0.58.0/imap/imapd.cnf.openssl.in +--- courier-0.58.0.orig/imap/imapd.cnf.openssl.in 2007-11-04 21:49:58.000000000 +0100 ++++ courier-0.58.0/imap/imapd.cnf.openssl.in 2008-01-19 23:40:41.287991189 +0100 @@ -1,5 +1,5 @@ --RANDFILE = @datadir@/imapd.rand +-RANDFILE = @mydatadir@/imapd.rand +RANDFILE = @certsdir@/imapd.rand [ req ] default_bits = 1024 -diff -Nur old/imap/imapd-ssl.dist.in new/imap/imapd-ssl.dist.in ---- old/imap/imapd-ssl.dist.in 2004-01-25 05:40:03.000000000 +0000 -+++ new/imap/imapd-ssl.dist.in 2004-05-24 20:57:29.000000000 +0000 -@@ -146,7 +146,7 @@ - # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually - # treated as confidential, and must not be world-readable. +diff -urN courier-0.58.0.orig/imap/imapd-ssl.dist.in courier-0.58.0/imap/imapd-ssl.dist.in +--- courier-0.58.0.orig/imap/imapd-ssl.dist.in 2008-01-19 23:30:56.000000000 +0100 ++++ courier-0.58.0/imap/imapd-ssl.dist.in 2008-01-19 23:40:36.037731086 +0100 +@@ -254,7 +254,7 @@ # --TLS_CERTFILE=@datadir@/imapd.pem + # This is an experimental feature. + +-TLS_CERTFILE=@mydatadir@/imapd.pem +TLS_CERTFILE=@certsdir@/imapd.pem ##NAME: TLS_TRUSTCERTS:0 # -diff -Nur old/imap/mkimapdcert.8.in new/imap/mkimapdcert.8.in ---- old/imap/mkimapdcert.8.in 2004-01-14 00:51:10.000000000 +0000 -+++ new/imap/mkimapdcert.8.in 2004-05-25 07:32:16.000000000 +0000 -@@ -18,7 +18,7 @@ +diff -urN courier-0.58.0.orig/imap/mkimapdcert.8.in courier-0.58.0/imap/mkimapdcert.8.in +--- courier-0.58.0.orig/imap/mkimapdcert.8.in 2007-04-22 20:19:43.000000000 +0200 ++++ courier-0.58.0/imap/mkimapdcert.8.in 2008-01-19 23:41:04.485807114 +0100 +@@ -21,18 +21,18 @@ + .SH "DESCRIPTION" .PP - IMAP over SSL requires a valid, signed, X.509 certificate. The default - location for the certificate file is --\fI@datadir@/imapd.pem\fR\&. -+\fI@certsdir@/imapd.pem\fR\&. - \fBmkimapdcert\fR generates a self-signed X.509 certificate, - mainly for - testing. -@@ -26,19 +26,19 @@ - recognized certificate authority, in order for mail clients to accept the - certificate. - .PP --\fI@datadir@/imapd.pem\fR must be owned by the -+\fI@certsdir@/imapd.pem\fR must be owned by the - @mailuser@ user and - have no group or world permissions. - The \fBmkimapdcert\fR command will - enforce this. To prevent an unfortunate accident, + IMAP over SSL requires a valid, signed, X.509 certificate. The default location for the certificate file is +-\fI@datadir@/imapd.pem\fR. ++\fI@certsdir@/imapd.pem\fR. \fBmkimapdcert\fR --will not work if \fB@datadir@/imapd.pem\fR already exists. -+will not work if \fB@certsdir@/imapd.pem\fR already exists. + generates a self\-signed X.509 certificate, mainly for testing. For production use the X.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the certificate. .PP - \fBmkimapdcert\fR requires - \fBOpenSSL\fR to be installed. - .SH "FILES" - .TP + +-\fI@datadir@/imapd.pem\fR ++\fI@certsdir@/imapd.pem\fR + must be owned by the @mailuser@ user and have no group or world permissions. The + \fBmkimapdcert\fR + command will enforce this. To prevent an unfortunate accident, + \fBmkimapdcert\fR + will not work if -\fB@datadir@/imapd.pem\fR +\fB@certsdir@/imapd.pem\fR - X.509 certificate. - .TP - \fB@sysconfdir@/imapd.cnf\fR -diff -Nur old/imap/mkimapdcert.html.in new/imap/mkimapdcert.html.in ---- old/imap/mkimapdcert.html.in 2004-01-14 00:51:16.000000000 +0000 -+++ new/imap/mkimapdcert.html.in 2004-05-25 07:32:37.000000000 +0000 -@@ -57,7 +57,7 @@ - location for the certificate file is - @datadir@/imapd.pem@certsdir@/imapd.pem. -

@datadir@/imapd.pem@certsdir@/imapd.pem must be owned by the - @mailuser@ user and - have no group or world permissions. -@@ -86,7 +86,7 @@ - > - will not work if @datadir@/imapd.pem@certsdir@/imapd.pem already exists.

@datadir@/imapd.pem
@certsdir@/imapd.pem

X.509 certificate.

Name

mkimapdcert — create a test SSL certificate for IMAP over SSL

Synopsis

@sbindir@/mkimapdcert

DESCRIPTION

+ IMAP over SSL requires a valid, signed, X.509 certificate. The default location for the certificate file is --\fI@datadir@/pop3d.pem\fR\&. -+\fI@certsdir@/pop3d.pem\fR\&. - \fBmkpop3dcert\fR generates a self-signed X.509 certificate, +-@datadir@/imapd.pem. ++@certsdir@/imapd.pem. + mkimapdcert generates a self-signed X.509 certificate, mainly for testing. -@@ -26,19 +26,19 @@ + For production use the X.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the - certificate. - .PP --\fI@datadir@/pop3d.pem\fR must be owned by the -+\fI@certsdir@/pop3d.pem\fR must be owned by the + certificate.

+-@datadir@/imapd.pem must be owned by the ++@certsdir@/imapd.pem must be owned by the @mailuser@ user and have no group or world permissions. - The \fBmkpop3dcert\fR command will + The mkimapdcert command will enforce this. To prevent an unfortunate accident, - \fBmkpop3dcert\fR --will not work if \fB@datadir@/pop3d.pem\fR already exists. -+will not work if \fB@certsdir@/pop3d.pem\fR already exists. - .PP - \fBmkpop3dcert\fR requires - \fBOpenSSL\fR to be installed. - .SH "FILES" - .TP --\fB@datadir@/pop3d.pem\fR -+\fB@certsdir@/pop3d.pem\fR + mkimapdcert +-will not work if @datadir@/imapd.pem already exists.

++will not work if @certsdir@/imapd.pem already exists.

+ mkimapdcert requires +-OpenSSL to be installed.

FILES

@datadir@/imapd.pem
++OpenSSL to be installed.

FILES

@certsdir@/imapd.pem
X.509 certificate. - .TP - \fB@sysconfdir@/pop3d.cnf\fR -diff -Nur old/imap/mkpop3dcert.html.in new/imap/mkpop3dcert.html.in ---- old/imap/mkpop3dcert.html.in 2004-01-14 00:51:17.000000000 +0000 -+++ new/imap/mkpop3dcert.html.in 2004-05-25 07:34:26.000000000 +0000 -@@ -57,7 +57,7 @@ - location for the certificate file is - @datadir@/pop3d.pem@certsdir@/pop3d.pem. -

@datadir@/pop3d.pem@certsdir@/pop3d.pem must be owned by the - @mailuser@ user and - have no group or world permissions. -@@ -86,7 +86,7 @@ - > - will not work if @datadir@/pop3d.pem@certsdir@/pop3d.pem already exists.

@datadir@/pop3d.pem
@certsdir@/pop3d.pem

X.509 certificate.

@sysconfdir@/imapd.cnf
+ Parameters used by OpenSSL to +diff -urN courier-0.58.0.orig/imap/mkimapdcert.in courier-0.58.0/imap/mkimapdcert.in +--- courier-0.58.0.orig/imap/mkimapdcert.in 2007-11-04 21:53:05.000000000 +0100 ++++ courier-0.58.0/imap/mkimapdcert.in 2008-01-19 23:42:07.038906129 +0100 +@@ -18,41 +18,41 @@ prefix="@prefix@" --if test -f @datadir@/imapd.pem +-if test -f @mydatadir@/imapd.pem +if test -f @certsdir@/imapd.pem then -- echo "@datadir@/imapd.pem already exists." +- echo "@mydatadir@/imapd.pem already exists." + echo "@certsdir@/imapd.pem already exists." exit 1 fi umask 077 --cp /dev/null @datadir@/imapd.pem --chmod 600 @datadir@/imapd.pem --chown @mailuser@ @datadir@/imapd.pem -+cp /dev/null @certsdir@/imapd.pem -+chmod 600 @certsdir@/imapd.pem -+chown @mailuser@ @certsdir@/imapd.pem cleanup() { -- rm -f @datadir@/imapd.pem -- rm -f @datadir@/imapd.rand +- rm -f @mydatadir@/imapd.pem +- rm -f @mydatadir@/imapd.rand +- rm -f @mydatadir@/imapd.key +- rm -f @mydatadir@/imapd.cert + rm -f @certsdir@/imapd.pem + rm -f @certsdir@/imapd.rand ++ rm -f @certsdir@/imapd.key ++ rm -f @certsdir@/imapd.cert exit 1 } --cd @datadir@ --dd if=@RANDOMV@ of=@datadir@/imapd.rand count=1 2>/dev/null +-cd @mydatadir@ +cd @certsdir@ -+dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null - @OPENSSL@ req -new -x509 -days 365 -nodes \ -- -config @sysconfdir@/imapd.cnf -out @datadir@/imapd.pem -keyout @datadir@/imapd.pem || cleanup --@OPENSSL@ gendh -rand @datadir@/imapd.rand 512 >>@datadir@/imapd.pem || cleanup --@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/imapd.pem || cleanup --rm -f @datadir@/imapd.rand -+ -config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem || cleanup -+@OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem || cleanup -+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem || cleanup -+rm -f @certsdir@/imapd.rand -diff -Nur old/imap/mkpop3dcert.in new/imap/mkpop3dcert.in ---- old/imap/mkpop3dcert.in 2005-07-02 02:09:09.000000000 +0000 -+++ new/imap/mkpop3dcert.in 2005-08-16 20:55:43.145234472 +0000 -@@ -13,26 +13,26 @@ + + if test "@ssllib@" = "openssl" + then +- cp /dev/null @mydatadir@/imapd.pem +- chmod 600 @mydatadir@/imapd.pem +- chown @mailuser@ @mydatadir@/imapd.pem ++ cp /dev/null @certsdir@/imapd.pem ++ chmod 600 @certsdir@/imapd.pem ++ chown @mailuser@ @certsdir@/imapd.pem + +- dd if=@RANDOMV@ of=@mydatadir@/imapd.rand count=1 2>/dev/null ++ dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null + @OPENSSL@ req -new -x509 -days 365 -nodes \ +- -config @sysconfdir@/imapd.cnf -out @mydatadir@/imapd.pem -keyout @mydatadir@/imapd.pem || cleanup +- @OPENSSL@ gendh -rand @mydatadir@/imapd.rand 512 >>@mydatadir@/imapd.pem || cleanup +- @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/imapd.pem || cleanup +- rm -f @mydatadir@/imapd.rand ++ -config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem || cleanup ++ @OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem || cleanup ++ @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem || cleanup ++ rm -f @certsdir@/imapd.rand + else +- cp /dev/null @mydatadir@/imapd.key +- chmod 600 @mydatadir@/imapd.key +- cp /dev/null @mydatadir@/imapd.cert +- chmod 600 @mydatadir@/imapd.cert ++ cp /dev/null @certsdir@/imapd.key ++ chmod 600 @certsdir@/imapd.key ++ cp /dev/null @certsdir@/imapd.cert ++ chmod 600 @certsdir@/imapd.cert + + @CERTTOOL@ --generate-privkey --outfile imapd.key + @CERTTOOL@ --generate-self-signed --load-privkey imapd.key --outfile imapd.cert --template @sysconfdir@/imapd.cnf +diff -urN courier-0.58.0.orig/imap/mkpop3dcert.8.in courier-0.58.0/imap/mkpop3dcert.8.in +--- courier-0.58.0.orig/imap/mkpop3dcert.8.in 2007-04-22 20:19:45.000000000 +0200 ++++ courier-0.58.0/imap/mkpop3dcert.8.in 2008-01-19 23:42:20.199558142 +0100 +@@ -21,18 +21,18 @@ + .SH "DESCRIPTION" + .PP + POP3 over SSL requires a valid, signed, X.509 certificate. The default location for the certificate file is +-\fI@datadir@/pop3d.pem\fR. ++\fI@certsdir@/pop3d.pem\fR. + \fBmkpop3dcert\fR + generates a self\-signed X.509 certificate, mainly for testing. For production use the X.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the certificate. + .PP + +-\fI@datadir@/pop3d.pem\fR ++\fI@certsdir@/pop3d.pem\fR + must be owned by the @mailuser@ user and have no group or world permissions. The + \fBmkpop3dcert\fR + command will enforce this. To prevent an unfortunate accident, + \fBmkpop3dcert\fR + will not work if +-\fB@datadir@/pop3d.pem\fR ++\fB@certsdir@/pop3d.pem\fR + already exists. + .PP + +@@ -42,7 +42,7 @@ + to be installed. + .SH "FILES" + .PP +-@datadir@/pop3d.pem ++@certsdir@/pop3d.pem + .RS 4 + X.509 certificate. + .RE +diff -urN courier-0.58.0.orig/imap/mkpop3dcert.html.in courier-0.58.0/imap/mkpop3dcert.html.in +--- courier-0.58.0.orig/imap/mkpop3dcert.html.in 2007-04-22 20:19:45.000000000 +0200 ++++ courier-0.58.0/imap/mkpop3dcert.html.in 2008-01-19 23:42:28.846653207 +0100 +@@ -7,22 +7,22 @@ + -->

Name

mkpop3dcert — create a test SSL certificate for POP3 over SSL

Synopsis

@sbindir@/mkpop3dcert

DESCRIPTION

+ POP3 over SSL requires a valid, signed, X.509 certificate. The default + location for the certificate file is +-@datadir@/pop3d.pem. ++@certsdir@/pop3d.pem. + mkpop3dcert generates a self-signed X.509 certificate, + mainly for + testing. + For production use the X.509 certificate must be signed by a + recognized certificate authority, in order for mail clients to accept the + certificate.

+-@datadir@/pop3d.pem must be owned by the ++@certsdir@/pop3d.pem must be owned by the + @mailuser@ user and + have no group or world permissions. + The mkpop3dcert command will + enforce this. To prevent an unfortunate accident, + mkpop3dcert +-will not work if @datadir@/pop3d.pem already exists.

++will not work if @certsdir@/pop3d.pem already exists.

+ mkpop3dcert requires +-OpenSSL to be installed.

FILES

@datadir@/pop3d.pem
++OpenSSL to be installed.

FILES

@certsdir@/pop3d.pem
+ X.509 certificate. +
@sysconfdir@/pop3d.cnf
+ Parameters used by OpenSSL to +diff -urN courier-0.58.0.orig/imap/mkpop3dcert.in courier-0.58.0/imap/mkpop3dcert.in +--- courier-0.58.0.orig/imap/mkpop3dcert.in 2007-11-04 21:53:05.000000000 +0100 ++++ courier-0.58.0/imap/mkpop3dcert.in 2008-01-19 23:42:50.974416143 +0100 +@@ -18,41 +18,41 @@ prefix="@prefix@" --if test -f @datadir@/pop3d.pem +-if test -f @mydatadir@/pop3d.pem +if test -f @certsdir@/pop3d.pem then -- echo "@datadir@/pop3d.pem already exists." +- echo "@mydatadir@/pop3d.pem already exists." + echo "@certsdir@/pop3d.pem already exists." exit 1 fi umask 077 --cp /dev/null @datadir@/pop3d.pem --chmod 600 @datadir@/pop3d.pem --chown @mailuser@ @datadir@/pop3d.pem -+cp /dev/null @certsdir@/pop3d.pem -+chmod 600 @certsdir@/pop3d.pem -+chown @mailuser@ @certsdir@/pop3d.pem cleanup() { -- rm -f @datadir@/pop3d.pem -- rm -f @datadir@/pop3d.rand +- rm -f @mydatadir@/pop3d.pem +- rm -f @mydatadir@/pop3d.rand +- rm -f @mydatadir@/pop3d.key +- rm -f @mydatadir@/pop3d.cert + rm -f @certsdir@/pop3d.pem + rm -f @certsdir@/pop3d.rand ++ rm -f @certsdir@/pop3d.key ++ rm -f @certsdir@/pop3d.cert exit 1 } --dd if=@RANDOMV@ of=@datadir@/pop3d.rand count=1 2>/dev/null -+dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null - @OPENSSL@ req -new -x509 -days 365 -nodes \ -- -config @sysconfdir@/pop3d.cnf -out @datadir@/pop3d.pem -keyout @datadir@/pop3d.pem || cleanup --@OPENSSL@ gendh -rand @datadir@/pop3d.rand 512 >>@datadir@/pop3d.pem || cleanup --@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/pop3d.pem || cleanup --rm -f @datadir@/pop3d.rand -+ -config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem || cleanup -+@OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem || cleanup -+@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem || cleanup -+rm -f @certsdir@/pop3d.rand +-cd @mydatadir@ ++cd @certsdir@ + + if test "@ssllib@" = "openssl" + then +- cp /dev/null @mydatadir@/pop3d.pem +- chmod 600 @mydatadir@/pop3d.pem +- chown @mailuser@ @mydatadir@/pop3d.pem ++ cp /dev/null @certsdir@/pop3d.pem ++ chmod 600 @certsdir@/pop3d.pem ++ chown @mailuser@ @certsdir@/pop3d.pem + +- dd if=@RANDOMV@ of=@mydatadir@/pop3d.rand count=1 2>/dev/null ++ dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null + @OPENSSL@ req -new -x509 -days 365 -nodes \ +- -config @sysconfdir@/pop3d.cnf -out @mydatadir@/pop3d.pem -keyout @mydatadir@/pop3d.pem || cleanup +- @OPENSSL@ gendh -rand @mydatadir@/pop3d.rand 512 >>@mydatadir@/pop3d.pem || cleanup +- @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/pop3d.pem || cleanup +- rm -f @mydatadir@/pop3d.rand ++ -config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem || cleanup ++ @OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem || cleanup ++ @OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem || cleanup ++ rm -f @certsdir@/pop3d.rand + else +- cp /dev/null @mydatadir@/pop3d.key +- chmod 600 @mydatadir@/pop3d.key +- cp /dev/null @mydatadir@/pop3d.cert +- chmod 600 @mydatadir@/pop3d.cert ++ cp /dev/null @certsdir@/pop3d.key ++ chmod 600 @certsdir@/pop3d.key ++ cp /dev/null @certsdir@/pop3d.cert ++ chmod 600 @certsdir@/pop3d.cert + + @CERTTOOL@ --generate-privkey --outfile pop3d.key + @CERTTOOL@ --generate-self-signed --load-privkey pop3d.key --outfile pop3d.cert --template @sysconfdir@/pop3d.cnf +diff -urN courier-0.58.0.orig/imap/pop3d.cnf.openssl.in courier-0.58.0/imap/pop3d.cnf.openssl.in +--- courier-0.58.0.orig/imap/pop3d.cnf.openssl.in 2007-11-04 21:49:58.000000000 +0100 ++++ courier-0.58.0/imap/pop3d.cnf.openssl.in 2008-01-19 23:43:08.841968023 +0100 +@@ -1,5 +1,5 @@ + +-RANDFILE = @mydatadir@/pop3d.rand ++RANDFILE = @certsdir@/pop3d.rand + + [ req ] + default_bits = 1024 +diff -urN courier-0.58.0.orig/imap/pop3d-ssl.dist.in courier-0.58.0/imap/pop3d-ssl.dist.in +--- courier-0.58.0.orig/imap/pop3d-ssl.dist.in 2008-01-19 23:30:56.000000000 +0100 ++++ courier-0.58.0/imap/pop3d-ssl.dist.in 2008-01-19 23:43:02.304977494 +0100 +@@ -241,7 +241,7 @@ + # + # This is an experimental feature. + +-TLS_CERTFILE=@mydatadir@/pop3d.pem ++TLS_CERTFILE=@certsdir@/pop3d.pem + + ##NAME: TLS_TRUSTCERTS:0 + # -- 2.44.0