SOURCES: courier-imap-certsdir.patch - updated for 4.3.0

hawk hawk at pld-linux.org
Sat Jan 19 20:07:34 CET 2008


Author: hawk                         Date: Sat Jan 19 19:07:34 2008 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- updated for 4.3.0

---- Files affected:
SOURCES:
   courier-imap-certsdir.patch (1.3 -> 1.4) 

---- Diffs:

================================================================
Index: SOURCES/courier-imap-certsdir.patch
diff -u SOURCES/courier-imap-certsdir.patch:1.3 SOURCES/courier-imap-certsdir.patch:1.4
--- SOURCES/courier-imap-certsdir.patch:1.3	Thu Sep  1 16:04:16 2005
+++ SOURCES/courier-imap-certsdir.patch	Sat Jan 19 20:07:29 2008
@@ -1,9 +1,9 @@
-diff -Nur old/configure.in new/configure.in
---- old/configure.in	2004-06-12 01:38:04.000000000 +0000
-+++ new/configure.in	2004-07-08 16:53:13.000000000 +0000
-@@ -97,6 +97,11 @@
- eval "exec_prefix=$exec_prefix"
- eval "libexecdir=$libexecdir"
+diff -urN courier-imap-4.3.0.orig/configure.in courier-imap-4.3.0/configure.in
+--- courier-imap-4.3.0.orig/configure.in	2007-11-24 04:20:18.000000000 +0100
++++ courier-imap-4.3.0/configure.in	2008-01-19 19:53:07.090124292 +0100
+@@ -222,6 +222,11 @@
+ 
+ # Neither does it use the change password feature
  
 +AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
 +certsdir="$withval", certsdir=$datadir)
@@ -11,12 +11,12 @@
 +AC_SUBST(certsdir)
 +
  AC_ARG_WITH(authchangepwdir, [], ,
- 	ac_configure_args="$ac_configure_args --with-authchangepwdir=$libexecdir/authlib")
+ 	ac_configure_args="$ac_configure_args --with-authchangepwdir=/var/tmp/dev/null")
  
-diff -Nur old/imap/configure.in new/imap/configure.in
---- old/imap/configure.in	2004-06-12 01:38:04.000000000 +0000
-+++ new/imap/configure.in	2004-07-08 16:53:44.000000000 +0000
-@@ -35,6 +35,11 @@
+diff -urN courier-imap-4.3.0.orig/imap/configure.in courier-imap-4.3.0/imap/configure.in
+--- courier-imap-4.3.0.orig/imap/configure.in	2007-11-24 04:20:18.000000000 +0100
++++ courier-imap-4.3.0/imap/configure.in	2008-01-19 19:53:07.090124292 +0100
+@@ -52,6 +52,11 @@
  eval "exec_prefix=$exec_prefix"
  eval "bindir=$bindir"
  
@@ -28,281 +28,303 @@
  AC_ARG_WITH(mailer,
  [  --with-mailer=prog  Your mail submission program],
     SENDMAIL="$withval",
-diff -Nur old/imap/imapd.cnf.in new/imap/imapd.cnf.in
---- old/imap/imapd.cnf.in	2001-03-24 04:59:55.000000000 +0000
-+++ new/imap/imapd.cnf.in	2004-07-08 16:54:18.000000000 +0000
+diff -urN courier-imap-4.3.0.orig/imap/imapd.cnf.openssl.in courier-imap-4.3.0/imap/imapd.cnf.openssl.in
+--- courier-imap-4.3.0.orig/imap/imapd.cnf.openssl.in	2007-11-04 21:49:58.000000000 +0100
++++ courier-imap-4.3.0/imap/imapd.cnf.openssl.in	2008-01-19 19:53:07.090124292 +0100
 @@ -1,5 +1,5 @@
  
--RANDFILE = @datadir@/imapd.rand
+-RANDFILE = @mydatadir@/imapd.rand
 +RANDFILE = @certsdir@/imapd.rand
  
  [ req ]
  default_bits = 1024
-diff -Nur old/imap/imapd-ssl.dist.in new/imap/imapd-ssl.dist.in
---- old/imap/imapd-ssl.dist.in	2004-01-24 20:09:26.000000000 +0000
-+++ new/imap/imapd-ssl.dist.in	2004-07-08 16:54:04.000000000 +0000
-@@ -146,7 +146,7 @@
- # servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
- # treated as confidential, and must not be world-readable.
+diff -urN courier-imap-4.3.0.orig/imap/imapd-ssl.dist.in courier-imap-4.3.0/imap/imapd-ssl.dist.in
+--- courier-imap-4.3.0.orig/imap/imapd-ssl.dist.in	2007-11-22 15:23:05.000000000 +0100
++++ courier-imap-4.3.0/imap/imapd-ssl.dist.in	2008-01-19 19:53:22.977590279 +0100
+@@ -254,7 +254,7 @@
  #
--TLS_CERTFILE=@datadir@/imapd.pem
+ # This is an experimental feature.
+ 
+-TLS_CERTFILE=@mydatadir@/imapd.pem
 +TLS_CERTFILE=@certsdir@/imapd.pem
  
  ##NAME: TLS_TRUSTCERTS:0
  #
-diff -Nur old/imap/mkimapdcert.8.in new/imap/mkimapdcert.8.in
---- old/imap/mkimapdcert.8.in	2004-02-08 04:12:08.000000000 +0000
-+++ new/imap/mkimapdcert.8.in	2004-07-08 17:01:04.000000000 +0000
-@@ -18,7 +18,7 @@
+diff -urN courier-imap-4.3.0.orig/imap/mkimapdcert.8.in courier-imap-4.3.0/imap/mkimapdcert.8.in
+--- courier-imap-4.3.0.orig/imap/mkimapdcert.8.in	2007-04-22 17:33:32.000000000 +0200
++++ courier-imap-4.3.0/imap/mkimapdcert.8.in	2008-01-19 19:53:58.669385973 +0100
+@@ -21,18 +21,18 @@
+ .SH "DESCRIPTION"
  .PP
- IMAP over SSL requires a valid, signed, X.509 certificate.  The default
- location for the certificate file is
--\fI at datadir@/imapd.pem\fR\&.
-+\fI at certsdir@/imapd.pem\fR\&.
- \fBmkimapdcert\fR generates a self-signed X.509 certificate,
- mainly for
- testing.
-@@ -26,19 +26,19 @@
- recognized certificate authority, in order for mail clients to accept the
- certificate.
- .PP
--\fI at datadir@/imapd.pem\fR must be owned by the
-+\fI at certsdir@/imapd.pem\fR must be owned by the
- @mailuser@ user and
- have no group or world permissions.
- The \fBmkimapdcert\fR command will
- enforce this.  To prevent an unfortunate accident,
+ IMAP over SSL requires a valid, signed, X.509 certificate. The default location for the certificate file is
+-\fI at datadir@/imapd.pem\fR.
++\fI at certsdir@/imapd.pem\fR.
  \fBmkimapdcert\fR
--will not work if \fB at datadir@/imapd.pem\fR already exists.
-+will not work if \fB at certsdir@/imapd.pem\fR already exists.
+ generates a self\-signed X.509 certificate, mainly for testing. For production use the X.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the certificate.
  .PP
- \fBmkimapdcert\fR requires
- \fBOpenSSL\fR to be installed.
- .SH "FILES"
- .TP
+ 
+-\fI at datadir@/imapd.pem\fR
++\fI at certsdir@/imapd.pem\fR
+ must be owned by the @mailuser@ user and have no group or world permissions. The
+ \fBmkimapdcert\fR
+ command will enforce this. To prevent an unfortunate accident,
+ \fBmkimapdcert\fR
+ will not work if
 -\fB at datadir@/imapd.pem\fR
 +\fB at certsdir@/imapd.pem\fR
- X.509 certificate.
- .TP
- \fB at sysconfdir@/imapd.cnf\fR
-diff -Nur old/imap/mkimapdcert.html.in new/imap/mkimapdcert.html.in
---- old/imap/mkimapdcert.html.in	2004-02-08 04:12:12.000000000 +0000
-+++ new/imap/mkimapdcert.html.in	2004-07-08 17:00:45.000000000 +0000
-@@ -57,7 +57,7 @@
- location for the certificate file is
- <TT
- CLASS="FILENAME"
-->@datadir@/imapd.pem</TT
-+>@certsdir@/imapd.pem</TT
- >.
- <B
- CLASS="COMMAND"
-@@ -71,7 +71,7 @@
- ><P
- ><TT
- CLASS="FILENAME"
-->@datadir@/imapd.pem</TT
-+>@certsdir@/imapd.pem</TT
- > must be owned by the
- @mailuser@ user and
- have no group or world permissions.
-@@ -86,7 +86,7 @@
- >
- will not work if <B
- CLASS="COMMAND"
-->@datadir@/imapd.pem</B
-+>@certsdir@/imapd.pem</B
- > already exists.</P
- ><P
- ><B
-@@ -111,7 +111,7 @@
- CLASS="VARIABLELIST"
- ><DL
- ><DT
-->@datadir@/imapd.pem</DT
-+>@certsdir@/imapd.pem</DT
- ><DD
- ><P
- >X.509 certificate.</P
-diff -Nur old/imap/mkpop3dcert.8.in new/imap/mkpop3dcert.8.in
---- old/imap/mkpop3dcert.8.in	2004-02-08 04:12:10.000000000 +0000
-+++ new/imap/mkpop3dcert.8.in	2004-07-08 17:00:01.000000000 +0000
-@@ -18,7 +18,7 @@
+ already exists.
  .PP
- POP3 over SSL requires a valid, signed, X.509 certificate.  The default
+ 
+@@ -42,7 +42,7 @@
+ to be installed.
+ .SH "FILES"
+ .PP
+- at datadir@/imapd.pem
++ at certsdir@/imapd.pem
+ .RS 4
+ X.509 certificate.
+ .RE
+diff -urN courier-imap-4.3.0.orig/imap/mkimapdcert.html.in courier-imap-4.3.0/imap/mkimapdcert.html.in
+--- courier-imap-4.3.0.orig/imap/mkimapdcert.html.in	2007-04-22 17:33:32.000000000 +0200
++++ courier-imap-4.3.0/imap/mkimapdcert.html.in	2008-01-19 19:54:30.834337552 +0100
+@@ -7,22 +7,22 @@
+ --></head><body><div class="refentry" lang="en" xml:lang="en"><a id="mkimapdcert" shape="rect"> </a><div class="titlepage"/><div class="refnamediv"><h2>Name</h2><p>mkimapdcert — create a test SSL certificate for IMAP over SSL</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">@sbindir@/mkimapdcert</code> </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id281688" shape="rect"> </a><h2>DESCRIPTION</h2><p>
+ IMAP over SSL requires a valid, signed, X.509 certificate.  The default
  location for the certificate file is
--\fI at datadir@/pop3d.pem\fR\&.
-+\fI at certsdir@/pop3d.pem\fR\&.
- \fBmkpop3dcert\fR generates a self-signed X.509 certificate,
+-<code class="filename">@datadir@/imapd.pem</code>.
++<code class="filename">@certsdir@/imapd.pem</code>.
+ <span><strong class="command">mkimapdcert</strong></span> generates a self-signed X.509 certificate,
  mainly for
  testing.
-@@ -26,19 +26,19 @@
+ For production use the X.509 certificate must be signed by a
  recognized certificate authority, in order for mail clients to accept the
- certificate.
- .PP
--\fI at datadir@/pop3d.pem\fR must be owned by the
-+\fI at certsdir@/pop3d.pem\fR must be owned by the
+ certificate.</p><p>
+-<code class="filename">@datadir@/imapd.pem</code> must be owned by the
++<code class="filename">@certsdir@/imapd.pem</code> must be owned by the
  @mailuser@ user and
  have no group or world permissions.
- The \fBmkpop3dcert\fR command will
+ The <span><strong class="command">mkimapdcert</strong></span> command will
  enforce this.  To prevent an unfortunate accident,
- \fBmkpop3dcert\fR
--will not work if \fB at datadir@/pop3d.pem\fR already exists.
-+will not work if \fB at certsdir@/pop3d.pem\fR already exists.
- .PP
- \fBmkpop3dcert\fR requires
- \fBOpenSSL\fR to be installed.
- .SH "FILES"
- .TP
--\fB at datadir@/pop3d.pem\fR
-+\fB at certsdir@/pop3d.pem\fR
+ <span><strong class="command">mkimapdcert</strong></span>
+-will not work if <span><strong class="command">@datadir@/imapd.pem</strong></span> already exists.</p><p>
++will not work if <span><strong class="command">@certsdir@/imapd.pem</strong></span> already exists.</p><p>
+ <span><strong class="command">mkimapdcert</strong></span> requires
+-<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@datadir@/imapd.pem</span></dt><dd>
++<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@certsdir@/imapd.pem</span></dt><dd>
  X.509 certificate.
- .TP
- \fB at sysconfdir@/pop3d.cnf\fR
-diff -Nur old/imap/mkpop3dcert.html.in new/imap/mkpop3dcert.html.in
---- old/imap/mkpop3dcert.html.in	2004-02-08 04:12:11.000000000 +0000
-+++ new/imap/mkpop3dcert.html.in	2004-07-08 16:59:29.000000000 +0000
-@@ -57,7 +57,7 @@
- location for the certificate file is
- <TT
- CLASS="FILENAME"
-->@datadir@/pop3d.pem</TT
-+>@certsdir@/pop3d.pem</TT
- >.
- <B
- CLASS="COMMAND"
-@@ -71,7 +71,7 @@
- ><P
- ><TT
- CLASS="FILENAME"
-->@datadir@/pop3d.pem</TT
-+>@certsdir@/pop3d.pem</TT
- > must be owned by the
- @mailuser@ user and
- have no group or world permissions.
-@@ -86,7 +86,7 @@
- >
- will not work if <B
- CLASS="COMMAND"
-->@datadir@/pop3d.pem</B
-+>@certsdir@/pop3d.pem</B
- > already exists.</P
- ><P
- ><B
-@@ -111,7 +111,7 @@
- CLASS="VARIABLELIST"
- ><DL
- ><DT
-->@datadir@/pop3d.pem</DT
-+>@certsdir@/pop3d.pem</DT
- ><DD
- ><P
- >X.509 certificate.</P
-diff -Nur old/imap/pop3d.cnf.in new/imap/pop3d.cnf.in
---- old/imap/pop3d.cnf.in	2001-03-24 04:59:55.000000000 +0000
-+++ new/imap/pop3d.cnf.in	2004-07-08 16:54:38.000000000 +0000
-@@ -1,5 +1,5 @@
- 
--RANDFILE = @datadir@/pop3d.rand
-+RANDFILE = @certsdir@/pop3d.rand
- 
- [ req ]
- default_bits = 1024
-diff -Nur old/imap/pop3d-ssl.dist.in new/imap/pop3d-ssl.dist.in
---- old/imap/pop3d-ssl.dist.in	2004-01-24 20:09:31.000000000 +0000
-+++ new/imap/pop3d-ssl.dist.in	2004-07-08 16:54:31.000000000 +0000
-@@ -135,7 +135,7 @@
- # servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
- # treated as confidential, and must not be world-readable.
- #
--TLS_CERTFILE=@datadir@/pop3d.pem
-+TLS_CERTFILE=@certsdir@/pop3d.pem
- 
- ##NAME: TLS_TRUSTCERTS:0
- #
-diff -Nur old/imap/mkimapdcert.in new/imap/mkimapdcert.in
---- old/imap/mkimapdcert.in	2005-06-29 18:01:17.000000000 +0000
-+++ new/imap/mkimapdcert.in	2005-08-31 21:49:26.142362544 +0000
-@@ -13,27 +13,27 @@
+ </dd><dt><span class="term">@sysconfdir@/imapd.cnf</span></dt><dd>
+ Parameters used by OpenSSL to
+diff -urN courier-imap-4.3.0.orig/imap/mkimapdcert.in courier-imap-4.3.0/imap/mkimapdcert.in
+--- courier-imap-4.3.0.orig/imap/mkimapdcert.in	2007-11-04 21:50:15.000000000 +0100
++++ courier-imap-4.3.0/imap/mkimapdcert.in	2008-01-19 19:58:50.290723918 +0100
+@@ -18,41 +18,41 @@
  
  prefix="@prefix@"
  
--if test -f @datadir@/imapd.pem
+-if test -f @mydatadir@/imapd.pem
 +if test -f @certsdir@/imapd.pem
  then
--	echo "@datadir@/imapd.pem already exists."
+-	echo "@mydatadir@/imapd.pem already exists."
 +	echo "@certsdir@/imapd.pem already exists."
  	exit 1
  fi
  
  umask 077
--cp /dev/null @datadir@/imapd.pem
--chmod 600 @datadir@/imapd.pem
--chown @mailuser@ @datadir@/imapd.pem
-+cp /dev/null @certsdir@/imapd.pem
-+chmod 600 @certsdir@/imapd.pem
-+chown @mailuser@ @certsdir@/imapd.pem
  
  cleanup() {
--	rm -f @datadir@/imapd.pem
--	rm -f @datadir@/imapd.rand
+-	rm -f @mydatadir@/imapd.pem
+-	rm -f @mydatadir@/imapd.rand
+-	rm -f @mydatadir@/imapd.key
+-	rm -f @mydatadir@/imapd.cert
 +	rm -f @certsdir@/imapd.pem
 +	rm -f @certsdir@/imapd.rand
++	rm -f @certsdir@/imapd.key
++	rm -f @certsdir@/imapd.cert
  	exit 1
  }
  
--cd @datadir@
--dd if=@RANDOMV@ of=@datadir@/imapd.rand count=1 2>/dev/null
+-cd @mydatadir@
 +cd @certsdir@
-+dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null
- @OPENSSL@ req -new -x509 -days 365 -nodes \
--	-config @sysconfdir@/imapd.cnf -out @datadir@/imapd.pem -keyout @datadir@/imapd.pem || cleanup
-- at OPENSSL@ gendh -rand @datadir@/imapd.rand 512 >>@datadir@/imapd.pem || cleanup
-- at OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/imapd.pem || cleanup
--rm -f @datadir@/imapd.rand
-+	-config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem || cleanup
-+ at OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem || cleanup
-+ at OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem || cleanup
-+rm -f @certsdir@/imapd.rand
-diff -Nur old/imap/mkpop3dcert.in new/imap/mkpop3dcert.in
---- old/imap/mkpop3dcert.in	2005-06-29 18:01:17.000000000 +0000
-+++ new/imap/mkpop3dcert.in	2005-08-31 21:49:26.143362392 +0000
-@@ -13,26 +13,26 @@
+ 
+ if test "@ssllib@" = "openssl"
+ then
+-	cp /dev/null @mydatadir@/imapd.pem
+-	chmod 600 @mydatadir@/imapd.pem
+-	chown @mailuser@ @mydatadir@/imapd.pem
++	cp /dev/null @certsdir@/imapd.pem
++	chmod 600 @certsdir@/imapd.pem
++	chown @mailuser@ @certsdir@/imapd.pem
+ 
+-	dd if=@RANDOMV@ of=@mydatadir@/imapd.rand count=1 2>/dev/null
++	dd if=@RANDOMV@ of=@certsdir@/imapd.rand count=1 2>/dev/null
+ 	@OPENSSL@ req -new -x509 -days 365 -nodes \
+-		  -config @sysconfdir@/imapd.cnf -out @mydatadir@/imapd.pem -keyout @mydatadir@/imapd.pem || cleanup
+-	@OPENSSL@ gendh -rand @mydatadir@/imapd.rand 512 >>@mydatadir@/imapd.pem || cleanup
+-	@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/imapd.pem || cleanup
+-	rm -f @mydatadir@/imapd.rand
++		  -config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout @certsdir@/imapd.pem || cleanup
++	@OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem || cleanup
++	@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/imapd.pem || cleanup
++	rm -f @certsdir@/imapd.rand
+ else
+-	cp /dev/null @mydatadir@/imapd.key
+-	chmod 600 @mydatadir@/imapd.key
+-	cp /dev/null @mydatadir@/imapd.cert
+-	chmod 600 @mydatadir@/imapd.cert
++	cp /dev/null @certsdir@/imapd.key
++	chmod 600 @certsdir@/imapd.key
++	cp /dev/null @certsdir@/imapd.cert
++	chmod 600 @certsdir@/imapd.cert
+ 
+ 	@CERTTOOL@ --generate-privkey --outfile imapd.key
+ 	@CERTTOOL@ --generate-self-signed --load-privkey imapd.key --outfile imapd.cert --template @sysconfdir@/imapd.cnf
+diff -urN courier-imap-4.3.0.orig/imap/mkpop3dcert.8.in courier-imap-4.3.0/imap/mkpop3dcert.8.in
+--- courier-imap-4.3.0.orig/imap/mkpop3dcert.8.in	2007-04-22 17:33:36.000000000 +0200
++++ courier-imap-4.3.0/imap/mkpop3dcert.8.in	2008-01-19 19:55:01.929235273 +0100
+@@ -21,18 +21,18 @@
+ .SH "DESCRIPTION"
+ .PP
+ POP3 over SSL requires a valid, signed, X.509 certificate. The default location for the certificate file is
+-\fI at datadir@/pop3d.pem\fR.
++\fI at certsdir@/pop3d.pem\fR.
+ \fBmkpop3dcert\fR
+ generates a self\-signed X.509 certificate, mainly for testing. For production use the X.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the certificate.
+ .PP
+ 
+-\fI at datadir@/pop3d.pem\fR
++\fI at certsdir@/pop3d.pem\fR
+ must be owned by the @mailuser@ user and have no group or world permissions. The
+ \fBmkpop3dcert\fR
+ command will enforce this. To prevent an unfortunate accident,
+ \fBmkpop3dcert\fR
+ will not work if
+-\fB at datadir@/pop3d.pem\fR
++\fB at certsdir@/pop3d.pem\fR
+ already exists.
+ .PP
+ 
+@@ -42,7 +42,7 @@
+ to be installed.
+ .SH "FILES"
+ .PP
+- at datadir@/pop3d.pem
++ at certsdir@/pop3d.pem
+ .RS 4
+ X.509 certificate.
+ .RE
+diff -urN courier-imap-4.3.0.orig/imap/mkpop3dcert.html.in courier-imap-4.3.0/imap/mkpop3dcert.html.in
+--- courier-imap-4.3.0.orig/imap/mkpop3dcert.html.in	2007-04-22 17:33:35.000000000 +0200
++++ courier-imap-4.3.0/imap/mkpop3dcert.html.in	2008-01-19 19:55:15.619924063 +0100
+@@ -7,22 +7,22 @@
+ --></head><body><div class="refentry" lang="en" xml:lang="en"><a id="mkpop3dcert" shape="rect"> </a><div class="titlepage"/><div class="refnamediv"><h2>Name</h2><p>mkpop3dcert — create a test SSL certificate for POP3 over SSL</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">@sbindir@/mkpop3dcert</code> </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id281688" shape="rect"> </a><h2>DESCRIPTION</h2><p>
+ POP3 over SSL requires a valid, signed, X.509 certificate.  The default
+ location for the certificate file is
+-<code class="filename">@datadir@/pop3d.pem</code>.
++<code class="filename">@certsdir@/pop3d.pem</code>.
+ <span><strong class="command">mkpop3dcert</strong></span> generates a self-signed X.509 certificate,
+ mainly for
+ testing.
+ For production use the X.509 certificate must be signed by a
+ recognized certificate authority, in order for mail clients to accept the
+ certificate.</p><p>
+-<code class="filename">@datadir@/pop3d.pem</code> must be owned by the
++<code class="filename">@certsdir@/pop3d.pem</code> must be owned by the
+ @mailuser@ user and
+ have no group or world permissions.
+ The <span><strong class="command">mkpop3dcert</strong></span> command will
+ enforce this.  To prevent an unfortunate accident,
+ <span><strong class="command">mkpop3dcert</strong></span>
+-will not work if <span><strong class="command">@datadir@/pop3d.pem</strong></span> already exists.</p><p>
++will not work if <span><strong class="command">@certsdir@/pop3d.pem</strong></span> already exists.</p><p>
+ <span><strong class="command">mkpop3dcert</strong></span> requires
+-<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@datadir@/pop3d.pem</span></dt><dd>
++<span class="application">OpenSSL</span> to be installed.</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect"> </a><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term">@certsdir@/pop3d.pem</span></dt><dd>
+ X.509 certificate.
+ </dd><dt><span class="term">@sysconfdir@/pop3d.cnf</span></dt><dd>
+ Parameters used by OpenSSL to
+diff -urN courier-imap-4.3.0.orig/imap/mkpop3dcert.in courier-imap-4.3.0/imap/mkpop3dcert.in
+--- courier-imap-4.3.0.orig/imap/mkpop3dcert.in	2007-11-04 21:50:15.000000000 +0100
++++ courier-imap-4.3.0/imap/mkpop3dcert.in	2008-01-19 19:59:17.935447993 +0100
+@@ -18,41 +18,41 @@
  
  prefix="@prefix@"
  
--if test -f @datadir@/pop3d.pem
+-if test -f @mydatadir@/pop3d.pem
 +if test -f @certsdir@/pop3d.pem
  then
--	echo "@datadir@/pop3d.pem already exists."
+-	echo "@mydatadir@/pop3d.pem already exists."
 +	echo "@certsdir@/pop3d.pem already exists."
  	exit 1
  fi
  
  umask 077
--cp /dev/null @datadir@/pop3d.pem
--chmod 600 @datadir@/pop3d.pem
--chown @mailuser@ @datadir@/pop3d.pem
-+cp /dev/null @certsdir@/pop3d.pem
-+chmod 600 @certsdir@/pop3d.pem
-+chown @mailuser@ @certsdir@/pop3d.pem
  
  cleanup() {
--	rm -f @datadir@/pop3d.pem
--	rm -f @datadir@/pop3d.rand
+-	rm -f @mydatadir@/pop3d.pem
+-	rm -f @mydatadir@/pop3d.rand
+-	rm -f @mydatadir@/pop3d.key
+-	rm -f @mydatadir@/pop3d.cert
 +	rm -f @certsdir@/pop3d.pem
 +	rm -f @certsdir@/pop3d.rand
++	rm -f @certsdir@/pop3d.key
++	rm -f @certsdir@/pop3d.cert
  	exit 1
  }
  
--dd if=@RANDOMV@ of=@datadir@/pop3d.rand count=1 2>/dev/null
-+dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null
- @OPENSSL@ req -new -x509 -days 365 -nodes \
--	-config @sysconfdir@/pop3d.cnf -out @datadir@/pop3d.pem -keyout @datadir@/pop3d.pem || cleanup
-- at OPENSSL@ gendh -rand @datadir@/pop3d.rand 512 >>@datadir@/pop3d.pem || cleanup
-- at OPENSSL@ x509 -subject -dates -fingerprint -noout -in @datadir@/pop3d.pem || cleanup
--rm -f @datadir@/pop3d.rand
-+	-config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem || cleanup
-+ at OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem || cleanup
-+ at OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem || cleanup
-+rm -f @certsdir@/pop3d.rand
+-cd @mydatadir@
++cd @certsdir@
+ 
+ if test "@ssllib@" = "openssl"
+ then
+-	cp /dev/null @mydatadir@/pop3d.pem
+-	chmod 600 @mydatadir@/pop3d.pem
+-	chown @mailuser@ @mydatadir@/pop3d.pem
++	cp /dev/null @certsdir@/pop3d.pem
++	chmod 600 @certsdir@/pop3d.pem
++	chown @mailuser@ @certsdir@/pop3d.pem
+ 
+-	dd if=@RANDOMV@ of=@mydatadir@/pop3d.rand count=1 2>/dev/null
++	dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null
+ 	@OPENSSL@ req -new -x509 -days 365 -nodes \
+-		  -config @sysconfdir@/pop3d.cnf -out @mydatadir@/pop3d.pem -keyout @mydatadir@/pop3d.pem || cleanup
+-	@OPENSSL@ gendh -rand @mydatadir@/pop3d.rand 512 >>@mydatadir@/pop3d.pem || cleanup
+-	@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @mydatadir@/pop3d.pem || cleanup
+-	rm -f @mydatadir@/pop3d.rand
++		  -config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem || cleanup
++	@OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem || cleanup
++	@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem || cleanup
++	rm -f @certsdir@/pop3d.rand
+ else
+-	cp /dev/null @mydatadir@/pop3d.key
+-	chmod 600 @mydatadir@/pop3d.key
+-	cp /dev/null @mydatadir@/pop3d.cert
+-	chmod 600 @mydatadir@/pop3d.cert
++	cp /dev/null @certsdir@/pop3d.key
++	chmod 600 @certsdir@/pop3d.key
++	cp /dev/null @certsdir@/pop3d.cert
++	chmod 600 @certsdir@/pop3d.cert
+ 
+ 	@CERTTOOL@ --generate-privkey --outfile pop3d.key
+ 	@CERTTOOL@ --generate-self-signed --load-privkey pop3d.key --outfile pop3d.cert --template @sysconfdir@/pop3d.cnf
+diff -urN courier-imap-4.3.0.orig/imap/pop3d.cnf.openssl.in courier-imap-4.3.0/imap/pop3d.cnf.openssl.in
+--- courier-imap-4.3.0.orig/imap/pop3d.cnf.openssl.in	2007-11-04 21:49:58.000000000 +0100
++++ courier-imap-4.3.0/imap/pop3d.cnf.openssl.in	2008-01-19 19:53:07.103458296 +0100
+@@ -1,5 +1,5 @@
+ 
+-RANDFILE = @mydatadir@/pop3d.rand
++RANDFILE = @certsdir@/pop3d.rand
+ 
+ [ req ]
+ default_bits = 1024
+diff -urN courier-imap-4.3.0.orig/imap/pop3d-ssl.dist.in courier-imap-4.3.0/imap/pop3d-ssl.dist.in
+--- courier-imap-4.3.0.orig/imap/pop3d-ssl.dist.in	2007-11-22 15:23:06.000000000 +0100
++++ courier-imap-4.3.0/imap/pop3d-ssl.dist.in	2008-01-19 19:55:43.177977173 +0100
+@@ -241,7 +241,7 @@
+ #
+ # This is an experimental feature.
+ 
+-TLS_CERTFILE=@mydatadir@/pop3d.pem
++TLS_CERTFILE=@certsdir@/pop3d.pem
+ 
+ ##NAME: TLS_TRUSTCERTS:0
+ #
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/courier-imap-certsdir.patch?r1=1.3&r2=1.4&f=u



More information about the pld-cvs-commit mailing list