Quoting from http://bugs.debian.org/621042:
===
With gnutls, the mkesmtpdcert script takes great pains to make sure
esmtpd.key has permissions of 0600, and the same for the .cert file.
But then it creates esmtpd.pem file like this:
cat esmtpd.key esmtpd.cert >esmtpd.pem
This gives it whatever the default umask of the system is, meaning
usually the file will be created wold readable.
===
The proposed patch is attached.
Regards
Racke
--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team
=== modified file 'courier/module.esmtp/mkesmtpdcert.in'
--- courier/module.esmtp/mkesmtpdcert.in 2008-01-15 14:58:21 +0000
+++ courier/module.esmtp/mkesmtpdcert.in 2011-04-06 04:49:47 +0000
@@ -52,6 +52,9 @@
@CERTTOOL@ --generate-privkey --outfile esmtpd.key
@CERTTOOL@ --generate-self-signed --load-privkey esmtpd.key --outfile esmtpd.cert --template @sysconfdir@/esmtpd.cnf
@CERTTOOL@ --generate-dh-params >>esmtpd.cert
+
+ cp /dev/null @mydatadir@/esmtpd.pem
+ chmod 600 @mydatadir@/esmtpd.pem
cat esmtpd.key esmtpd.cert >esmtpd.pem
rm -f esmtpd.key esmtpd.cert
fi
------------------------------------------------------------------------------
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
