Author: hawk Date: Sat Jan 19 19:07:34 2008 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- updated for 4.3.0
---- Files affected:
SOURCES:
courier-imap-certsdir.patch (1.3 -> 1.4)
---- Diffs:
================================================================
Index: SOURCES/courier-imap-certsdir.patch
diff -u SOURCES/courier-imap-certsdir.patch:1.3
SOURCES/courier-imap-certsdir.patch:1.4
--- SOURCES/courier-imap-certsdir.patch:1.3 Thu Sep 1 16:04:16 2005
+++ SOURCES/courier-imap-certsdir.patch Sat Jan 19 20:07:29 2008
@@ -1,9 +1,9 @@
-diff -Nur old/configure.in new/configure.in
---- old/configure.in 2004-06-12 01:38:04.000000000 +0000
-+++ new/configure.in 2004-07-08 16:53:13.000000000 +0000
-@@ -97,6 +97,11 @@
- eval "exec_prefix=$exec_prefix"
- eval "libexecdir=$libexecdir"
+diff -urN courier-imap-4.3.0.orig/configure.in courier-imap-4.3.0/configure.in
+--- courier-imap-4.3.0.orig/configure.in 2007-11-24 04:20:18.000000000
+0100
++++ courier-imap-4.3.0/configure.in 2008-01-19 19:53:07.090124292 +0100
+@@ -222,6 +222,11 @@
+
+ # Neither does it use the change password feature
+AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
+certsdir="$withval", certsdir=$datadir)
@@ -11,12 +11,12 @@
+AC_SUBST(certsdir)
+
AC_ARG_WITH(authchangepwdir, [], ,
- ac_configure_args="$ac_configure_args
--with-authchangepwdir=$libexecdir/authlib")
+ ac_configure_args="$ac_configure_args
--with-authchangepwdir=/var/tmp/dev/null")
-diff -Nur old/imap/configure.in new/imap/configure.in
---- old/imap/configure.in 2004-06-12 01:38:04.000000000 +0000
-+++ new/imap/configure.in 2004-07-08 16:53:44.000000000 +0000
-@@ -35,6 +35,11 @@
+diff -urN courier-imap-4.3.0.orig/imap/configure.in
courier-imap-4.3.0/imap/configure.in
+--- courier-imap-4.3.0.orig/imap/configure.in 2007-11-24 04:20:18.000000000
+0100
++++ courier-imap-4.3.0/imap/configure.in 2008-01-19 19:53:07.090124292
+0100
+@@ -52,6 +52,11 @@
eval "exec_prefix=$exec_prefix"
eval "bindir=$bindir"
@@ -28,281 +28,303 @@
AC_ARG_WITH(mailer,
[ --with-mailer=prog Your mail submission program],
SENDMAIL="$withval",
-diff -Nur old/imap/imapd.cnf.in new/imap/imapd.cnf.in
---- old/imap/imapd.cnf.in 2001-03-24 04:59:55.000000000 +0000
-+++ new/imap/imapd.cnf.in 2004-07-08 16:54:18.000000000 +0000
+diff -urN courier-imap-4.3.0.orig/imap/imapd.cnf.openssl.in
courier-imap-4.3.0/imap/imapd.cnf.openssl.in
+--- courier-imap-4.3.0.orig/imap/imapd.cnf.openssl.in 2007-11-04
21:49:58.000000000 +0100
++++ courier-imap-4.3.0/imap/imapd.cnf.openssl.in 2008-01-19
19:53:07.090124292 +0100
@@ -1,5 +1,5 @@
--RANDFILE = @datadir@/imapd.rand
+-RANDFILE = @mydatadir@/imapd.rand
+RANDFILE = @certsdir@/imapd.rand
[ req ]
default_bits = 1024
-diff -Nur old/imap/imapd-ssl.dist.in new/imap/imapd-ssl.dist.in
---- old/imap/imapd-ssl.dist.in 2004-01-24 20:09:26.000000000 +0000
-+++ new/imap/imapd-ssl.dist.in 2004-07-08 16:54:04.000000000 +0000
-@@ -146,7 +146,7 @@
- # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
- # treated as confidential, and must not be world-readable.
+diff -urN courier-imap-4.3.0.orig/imap/imapd-ssl.dist.in
courier-imap-4.3.0/imap/imapd-ssl.dist.in
+--- courier-imap-4.3.0.orig/imap/imapd-ssl.dist.in 2007-11-22
15:23:05.000000000 +0100
++++ courier-imap-4.3.0/imap/imapd-ssl.dist.in 2008-01-19 19:53:22.977590279
+0100
+@@ -254,7 +254,7 @@
#
[EMAIL PROTECTED]@/imapd.pem
+ # This is an experimental feature.
+
[EMAIL PROTECTED]@/imapd.pem
[EMAIL PROTECTED]@/imapd.pem
##NAME: TLS_TRUSTCERTS:0
#
-diff -Nur old/imap/mkimapdcert.8.in new/imap/mkimapdcert.8.in
---- old/imap/mkimapdcert.8.in 2004-02-08 04:12:08.000000000 +0000
-+++ new/imap/mkimapdcert.8.in 2004-07-08 17:01:04.000000000 +0000
-@@ -18,7 +18,7 @@
+diff -urN courier-imap-4.3.0.orig/imap/mkimapdcert.8.in
courier-imap-4.3.0/imap/mkimapdcert.8.in
+--- courier-imap-4.3.0.orig/imap/mkimapdcert.8.in 2007-04-22
17:33:32.000000000 +0200
++++ courier-imap-4.3.0/imap/mkimapdcert.8.in 2008-01-19 19:53:58.669385973
+0100
+@@ -21,18 +21,18 @@
+ .SH "DESCRIPTION"
.PP
- IMAP over SSL requires a valid, signed, X.509 certificate. The default
- location for the certificate file is
[EMAIL PROTECTED]@/imapd.pem\fR\&.
[EMAIL PROTECTED]@/imapd.pem\fR\&.
- \fBmkimapdcert\fR generates a self-signed X.509 certificate,
- mainly for
- testing.
-@@ -26,19 +26,19 @@
- recognized certificate authority, in order for mail clients to accept the
- certificate.
- .PP
[EMAIL PROTECTED]@/imapd.pem\fR must be owned by the
[EMAIL PROTECTED]@/imapd.pem\fR must be owned by the
- @mailuser@ user and
- have no group or world permissions.
- The \fBmkimapdcert\fR command will
- enforce this. To prevent an unfortunate accident,
+ IMAP over SSL requires a valid, signed, X.509 certificate. The default
location for the certificate file is
[EMAIL PROTECTED]@/imapd.pem\fR.
[EMAIL PROTECTED]@/imapd.pem\fR.
\fBmkimapdcert\fR
--will not work if [EMAIL PROTECTED]@/imapd.pem\fR already exists.
-+will not work if [EMAIL PROTECTED]@/imapd.pem\fR already exists.
+ generates a self\-signed X.509 certificate, mainly for testing. For
production use the X.509 certificate must be signed by a recognized certificate
authority, in order for mail clients to accept the certificate.
.PP
- \fBmkimapdcert\fR requires
- \fBOpenSSL\fR to be installed.
- .SH "FILES"
- .TP
+
[EMAIL PROTECTED]@/imapd.pem\fR
[EMAIL PROTECTED]@/imapd.pem\fR
+ must be owned by the @mailuser@ user and have no group or world permissions.
The
+ \fBmkimapdcert\fR
+ command will enforce this. To prevent an unfortunate accident,
+ \fBmkimapdcert\fR
+ will not work if
[EMAIL PROTECTED]@/imapd.pem\fR
[EMAIL PROTECTED]@/imapd.pem\fR
- X.509 certificate.
- .TP
- [EMAIL PROTECTED]@/imapd.cnf\fR
-diff -Nur old/imap/mkimapdcert.html.in new/imap/mkimapdcert.html.in
---- old/imap/mkimapdcert.html.in 2004-02-08 04:12:12.000000000 +0000
-+++ new/imap/mkimapdcert.html.in 2004-07-08 17:00:45.000000000 +0000
-@@ -57,7 +57,7 @@
- location for the certificate file is
- <TT
- CLASS="FILENAME"
-->@datadir@/imapd.pem</TT
-+>@certsdir@/imapd.pem</TT
- >.
- <B
- CLASS="COMMAND"
-@@ -71,7 +71,7 @@
- ><P
- ><TT
- CLASS="FILENAME"
-->@datadir@/imapd.pem</TT
-+>@certsdir@/imapd.pem</TT
- > must be owned by the
- @mailuser@ user and
- have no group or world permissions.
-@@ -86,7 +86,7 @@
- >
- will not work if <B
- CLASS="COMMAND"
-->@datadir@/imapd.pem</B
-+>@certsdir@/imapd.pem</B
- > already exists.</P
- ><P
- ><B
-@@ -111,7 +111,7 @@
- CLASS="VARIABLELIST"
- ><DL
- ><DT
-->@datadir@/imapd.pem</DT
-+>@certsdir@/imapd.pem</DT
- ><DD
- ><P
- >X.509 certificate.</P
-diff -Nur old/imap/mkpop3dcert.8.in new/imap/mkpop3dcert.8.in
---- old/imap/mkpop3dcert.8.in 2004-02-08 04:12:10.000000000 +0000
-+++ new/imap/mkpop3dcert.8.in 2004-07-08 17:00:01.000000000 +0000
-@@ -18,7 +18,7 @@
+ already exists.
.PP
- POP3 over SSL requires a valid, signed, X.509 certificate. The default
+
+@@ -42,7 +42,7 @@
+ to be installed.
+ .SH "FILES"
+ .PP
[EMAIL PROTECTED]@/imapd.pem
[EMAIL PROTECTED]@/imapd.pem
+ .RS 4
+ X.509 certificate.
+ .RE
+diff -urN courier-imap-4.3.0.orig/imap/mkimapdcert.html.in
courier-imap-4.3.0/imap/mkimapdcert.html.in
+--- courier-imap-4.3.0.orig/imap/mkimapdcert.html.in 2007-04-22
17:33:32.000000000 +0200
++++ courier-imap-4.3.0/imap/mkimapdcert.html.in 2008-01-19
19:54:30.834337552 +0100
+@@ -7,22 +7,22 @@
+ --></head><body><div class="refentry" lang="en" xml:lang="en"><a
id="mkimapdcert" shape="rect"> </a><div class="titlepage"/><div
class="refnamediv"><h2>Name</h2><p>mkimapdcert — create a test SSL certificate
for IMAP over SSL</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div
class="cmdsynopsis"><p><code class="command">@sbindir@/mkimapdcert</code>
</p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id281688"
shape="rect"> </a><h2>DESCRIPTION</h2><p>
+ IMAP over SSL requires a valid, signed, X.509 certificate. The default
location for the certificate file is
[EMAIL PROTECTED]@/pop3d.pem\fR\&.
[EMAIL PROTECTED]@/pop3d.pem\fR\&.
- \fBmkpop3dcert\fR generates a self-signed X.509 certificate,
+-<code class="filename">@datadir@/imapd.pem</code>.
++<code class="filename">@certsdir@/imapd.pem</code>.
+ <span><strong class="command">mkimapdcert</strong></span> generates a
self-signed X.509 certificate,
mainly for
testing.
-@@ -26,19 +26,19 @@
+ For production use the X.509 certificate must be signed by a
recognized certificate authority, in order for mail clients to accept the
- certificate.
- .PP
[EMAIL PROTECTED]@/pop3d.pem\fR must be owned by the
[EMAIL PROTECTED]@/pop3d.pem\fR must be owned by the
+ certificate.</p><p>
+-<code class="filename">@datadir@/imapd.pem</code> must be owned by the
++<code class="filename">@certsdir@/imapd.pem</code> must be owned by the
@mailuser@ user and
have no group or world permissions.
- The \fBmkpop3dcert\fR command will
+ The <span><strong class="command">mkimapdcert</strong></span> command will
enforce this. To prevent an unfortunate accident,
- \fBmkpop3dcert\fR
--will not work if [EMAIL PROTECTED]@/pop3d.pem\fR already exists.
-+will not work if [EMAIL PROTECTED]@/pop3d.pem\fR already exists.
- .PP
- \fBmkpop3dcert\fR requires
- \fBOpenSSL\fR to be installed.
- .SH "FILES"
- .TP
[EMAIL PROTECTED]@/pop3d.pem\fR
[EMAIL PROTECTED]@/pop3d.pem\fR
+ <span><strong class="command">mkimapdcert</strong></span>
+-will not work if <span><strong
class="command">@datadir@/imapd.pem</strong></span> already exists.</p><p>
++will not work if <span><strong
class="command">@certsdir@/imapd.pem</strong></span> already exists.</p><p>
+ <span><strong class="command">mkimapdcert</strong></span> requires
+-<span class="application">OpenSSL</span> to be installed.</p></div><div
class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect">
</a><h2>FILES</h2><div class="variablelist"><dl><dt><span
class="term">@datadir@/imapd.pem</span></dt><dd>
++<span class="application">OpenSSL</span> to be installed.</p></div><div
class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect">
</a><h2>FILES</h2><div class="variablelist"><dl><dt><span
class="term">@certsdir@/imapd.pem</span></dt><dd>
X.509 certificate.
- .TP
- [EMAIL PROTECTED]@/pop3d.cnf\fR
-diff -Nur old/imap/mkpop3dcert.html.in new/imap/mkpop3dcert.html.in
---- old/imap/mkpop3dcert.html.in 2004-02-08 04:12:11.000000000 +0000
-+++ new/imap/mkpop3dcert.html.in 2004-07-08 16:59:29.000000000 +0000
-@@ -57,7 +57,7 @@
- location for the certificate file is
- <TT
- CLASS="FILENAME"
-->@datadir@/pop3d.pem</TT
-+>@certsdir@/pop3d.pem</TT
- >.
- <B
- CLASS="COMMAND"
-@@ -71,7 +71,7 @@
- ><P
- ><TT
- CLASS="FILENAME"
-->@datadir@/pop3d.pem</TT
-+>@certsdir@/pop3d.pem</TT
- > must be owned by the
- @mailuser@ user and
- have no group or world permissions.
-@@ -86,7 +86,7 @@
- >
- will not work if <B
- CLASS="COMMAND"
-->@datadir@/pop3d.pem</B
-+>@certsdir@/pop3d.pem</B
- > already exists.</P
- ><P
- ><B
-@@ -111,7 +111,7 @@
- CLASS="VARIABLELIST"
- ><DL
- ><DT
-->@datadir@/pop3d.pem</DT
-+>@certsdir@/pop3d.pem</DT
- ><DD
- ><P
- >X.509 certificate.</P
-diff -Nur old/imap/pop3d.cnf.in new/imap/pop3d.cnf.in
---- old/imap/pop3d.cnf.in 2001-03-24 04:59:55.000000000 +0000
-+++ new/imap/pop3d.cnf.in 2004-07-08 16:54:38.000000000 +0000
-@@ -1,5 +1,5 @@
-
--RANDFILE = @datadir@/pop3d.rand
-+RANDFILE = @certsdir@/pop3d.rand
-
- [ req ]
- default_bits = 1024
-diff -Nur old/imap/pop3d-ssl.dist.in new/imap/pop3d-ssl.dist.in
---- old/imap/pop3d-ssl.dist.in 2004-01-24 20:09:31.000000000 +0000
-+++ new/imap/pop3d-ssl.dist.in 2004-07-08 16:54:31.000000000 +0000
-@@ -135,7 +135,7 @@
- # servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
- # treated as confidential, and must not be world-readable.
- #
[EMAIL PROTECTED]@/pop3d.pem
[EMAIL PROTECTED]@/pop3d.pem
-
- ##NAME: TLS_TRUSTCERTS:0
- #
-diff -Nur old/imap/mkimapdcert.in new/imap/mkimapdcert.in
---- old/imap/mkimapdcert.in 2005-06-29 18:01:17.000000000 +0000
-+++ new/imap/mkimapdcert.in 2005-08-31 21:49:26.142362544 +0000
-@@ -13,27 +13,27 @@
+ </dd><dt><span class="term">@sysconfdir@/imapd.cnf</span></dt><dd>
+ Parameters used by OpenSSL to
+diff -urN courier-imap-4.3.0.orig/imap/mkimapdcert.in
courier-imap-4.3.0/imap/mkimapdcert.in
+--- courier-imap-4.3.0.orig/imap/mkimapdcert.in 2007-11-04
21:50:15.000000000 +0100
++++ courier-imap-4.3.0/imap/mkimapdcert.in 2008-01-19 19:58:50.290723918
+0100
+@@ -18,41 +18,41 @@
prefix="@prefix@"
--if test -f @datadir@/imapd.pem
+-if test -f @mydatadir@/imapd.pem
+if test -f @certsdir@/imapd.pem
then
-- echo "@datadir@/imapd.pem already exists."
+- echo "@mydatadir@/imapd.pem already exists."
+ echo "@certsdir@/imapd.pem already exists."
exit 1
fi
umask 077
--cp /dev/null @datadir@/imapd.pem
--chmod 600 @datadir@/imapd.pem
--chown @mailuser@ @datadir@/imapd.pem
-+cp /dev/null @certsdir@/imapd.pem
-+chmod 600 @certsdir@/imapd.pem
-+chown @mailuser@ @certsdir@/imapd.pem
cleanup() {
-- rm -f @datadir@/imapd.pem
-- rm -f @datadir@/imapd.rand
+- rm -f @mydatadir@/imapd.pem
+- rm -f @mydatadir@/imapd.rand
+- rm -f @mydatadir@/imapd.key
+- rm -f @mydatadir@/imapd.cert
+ rm -f @certsdir@/imapd.pem
+ rm -f @certsdir@/imapd.rand
++ rm -f @certsdir@/imapd.key
++ rm -f @certsdir@/imapd.cert
exit 1
}
--cd @datadir@
--dd [EMAIL PROTECTED]@ [EMAIL PROTECTED]@/imapd.rand count=1 2>/dev/null
+-cd @mydatadir@
+cd @certsdir@
-+dd [EMAIL PROTECTED]@ [EMAIL PROTECTED]@/imapd.rand count=1 2>/dev/null
- @OPENSSL@ req -new -x509 -days 365 -nodes \
-- -config @sysconfdir@/imapd.cnf -out @datadir@/imapd.pem -keyout
@datadir@/imapd.pem || cleanup
[EMAIL PROTECTED]@ gendh -rand @datadir@/imapd.rand 512 >>@datadir@/imapd.pem
|| cleanup
[EMAIL PROTECTED]@ x509 -subject -dates -fingerprint -noout -in
@datadir@/imapd.pem || cleanup
--rm -f @datadir@/imapd.rand
-+ -config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem -keyout
@certsdir@/imapd.pem || cleanup
[EMAIL PROTECTED]@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem
|| cleanup
[EMAIL PROTECTED]@ x509 -subject -dates -fingerprint -noout -in
@certsdir@/imapd.pem || cleanup
-+rm -f @certsdir@/imapd.rand
-diff -Nur old/imap/mkpop3dcert.in new/imap/mkpop3dcert.in
---- old/imap/mkpop3dcert.in 2005-06-29 18:01:17.000000000 +0000
-+++ new/imap/mkpop3dcert.in 2005-08-31 21:49:26.143362392 +0000
-@@ -13,26 +13,26 @@
+
+ if test "@ssllib@" = "openssl"
+ then
+- cp /dev/null @mydatadir@/imapd.pem
+- chmod 600 @mydatadir@/imapd.pem
+- chown @mailuser@ @mydatadir@/imapd.pem
++ cp /dev/null @certsdir@/imapd.pem
++ chmod 600 @certsdir@/imapd.pem
++ chown @mailuser@ @certsdir@/imapd.pem
+
+- dd [EMAIL PROTECTED]@ [EMAIL PROTECTED]@/imapd.rand count=1 2>/dev/null
++ dd [EMAIL PROTECTED]@ [EMAIL PROTECTED]@/imapd.rand count=1 2>/dev/null
+ @OPENSSL@ req -new -x509 -days 365 -nodes \
+- -config @sysconfdir@/imapd.cnf -out @mydatadir@/imapd.pem
-keyout @mydatadir@/imapd.pem || cleanup
+- @OPENSSL@ gendh -rand @mydatadir@/imapd.rand 512
>>@mydatadir@/imapd.pem || cleanup
+- @OPENSSL@ x509 -subject -dates -fingerprint -noout -in
@mydatadir@/imapd.pem || cleanup
+- rm -f @mydatadir@/imapd.rand
++ -config @sysconfdir@/imapd.cnf -out @certsdir@/imapd.pem
-keyout @certsdir@/imapd.pem || cleanup
++ @OPENSSL@ gendh -rand @certsdir@/imapd.rand 512 >>@certsdir@/imapd.pem
|| cleanup
++ @OPENSSL@ x509 -subject -dates -fingerprint -noout -in
@certsdir@/imapd.pem || cleanup
++ rm -f @certsdir@/imapd.rand
+ else
+- cp /dev/null @mydatadir@/imapd.key
+- chmod 600 @mydatadir@/imapd.key
+- cp /dev/null @mydatadir@/imapd.cert
+- chmod 600 @mydatadir@/imapd.cert
++ cp /dev/null @certsdir@/imapd.key
++ chmod 600 @certsdir@/imapd.key
++ cp /dev/null @certsdir@/imapd.cert
++ chmod 600 @certsdir@/imapd.cert
+
+ @CERTTOOL@ --generate-privkey --outfile imapd.key
+ @CERTTOOL@ --generate-self-signed --load-privkey imapd.key --outfile
imapd.cert --template @sysconfdir@/imapd.cnf
+diff -urN courier-imap-4.3.0.orig/imap/mkpop3dcert.8.in
courier-imap-4.3.0/imap/mkpop3dcert.8.in
+--- courier-imap-4.3.0.orig/imap/mkpop3dcert.8.in 2007-04-22
17:33:36.000000000 +0200
++++ courier-imap-4.3.0/imap/mkpop3dcert.8.in 2008-01-19 19:55:01.929235273
+0100
+@@ -21,18 +21,18 @@
+ .SH "DESCRIPTION"
+ .PP
+ POP3 over SSL requires a valid, signed, X.509 certificate. The default
location for the certificate file is
[EMAIL PROTECTED]@/pop3d.pem\fR.
[EMAIL PROTECTED]@/pop3d.pem\fR.
+ \fBmkpop3dcert\fR
+ generates a self\-signed X.509 certificate, mainly for testing. For
production use the X.509 certificate must be signed by a recognized certificate
authority, in order for mail clients to accept the certificate.
+ .PP
+
[EMAIL PROTECTED]@/pop3d.pem\fR
[EMAIL PROTECTED]@/pop3d.pem\fR
+ must be owned by the @mailuser@ user and have no group or world permissions.
The
+ \fBmkpop3dcert\fR
+ command will enforce this. To prevent an unfortunate accident,
+ \fBmkpop3dcert\fR
+ will not work if
[EMAIL PROTECTED]@/pop3d.pem\fR
[EMAIL PROTECTED]@/pop3d.pem\fR
+ already exists.
+ .PP
+
+@@ -42,7 +42,7 @@
+ to be installed.
+ .SH "FILES"
+ .PP
[EMAIL PROTECTED]@/pop3d.pem
[EMAIL PROTECTED]@/pop3d.pem
+ .RS 4
+ X.509 certificate.
+ .RE
+diff -urN courier-imap-4.3.0.orig/imap/mkpop3dcert.html.in
courier-imap-4.3.0/imap/mkpop3dcert.html.in
+--- courier-imap-4.3.0.orig/imap/mkpop3dcert.html.in 2007-04-22
17:33:35.000000000 +0200
++++ courier-imap-4.3.0/imap/mkpop3dcert.html.in 2008-01-19
19:55:15.619924063 +0100
+@@ -7,22 +7,22 @@
+ --></head><body><div class="refentry" lang="en" xml:lang="en"><a
id="mkpop3dcert" shape="rect"> </a><div class="titlepage"/><div
class="refnamediv"><h2>Name</h2><p>mkpop3dcert — create a test SSL certificate
for POP3 over SSL</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div
class="cmdsynopsis"><p><code class="command">@sbindir@/mkpop3dcert</code>
</p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id281688"
shape="rect"> </a><h2>DESCRIPTION</h2><p>
+ POP3 over SSL requires a valid, signed, X.509 certificate. The default
+ location for the certificate file is
+-<code class="filename">@datadir@/pop3d.pem</code>.
++<code class="filename">@certsdir@/pop3d.pem</code>.
+ <span><strong class="command">mkpop3dcert</strong></span> generates a
self-signed X.509 certificate,
+ mainly for
+ testing.
+ For production use the X.509 certificate must be signed by a
+ recognized certificate authority, in order for mail clients to accept the
+ certificate.</p><p>
+-<code class="filename">@datadir@/pop3d.pem</code> must be owned by the
++<code class="filename">@certsdir@/pop3d.pem</code> must be owned by the
+ @mailuser@ user and
+ have no group or world permissions.
+ The <span><strong class="command">mkpop3dcert</strong></span> command will
+ enforce this. To prevent an unfortunate accident,
+ <span><strong class="command">mkpop3dcert</strong></span>
+-will not work if <span><strong
class="command">@datadir@/pop3d.pem</strong></span> already exists.</p><p>
++will not work if <span><strong
class="command">@certsdir@/pop3d.pem</strong></span> already exists.</p><p>
+ <span><strong class="command">mkpop3dcert</strong></span> requires
+-<span class="application">OpenSSL</span> to be installed.</p></div><div
class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect">
</a><h2>FILES</h2><div class="variablelist"><dl><dt><span
class="term">@datadir@/pop3d.pem</span></dt><dd>
++<span class="application">OpenSSL</span> to be installed.</p></div><div
class="refsect1" lang="en" xml:lang="en"><a id="id282351" shape="rect">
</a><h2>FILES</h2><div class="variablelist"><dl><dt><span
class="term">@certsdir@/pop3d.pem</span></dt><dd>
+ X.509 certificate.
+ </dd><dt><span class="term">@sysconfdir@/pop3d.cnf</span></dt><dd>
+ Parameters used by OpenSSL to
+diff -urN courier-imap-4.3.0.orig/imap/mkpop3dcert.in
courier-imap-4.3.0/imap/mkpop3dcert.in
+--- courier-imap-4.3.0.orig/imap/mkpop3dcert.in 2007-11-04
21:50:15.000000000 +0100
++++ courier-imap-4.3.0/imap/mkpop3dcert.in 2008-01-19 19:59:17.935447993
+0100
+@@ -18,41 +18,41 @@
prefix="@prefix@"
--if test -f @datadir@/pop3d.pem
+-if test -f @mydatadir@/pop3d.pem
+if test -f @certsdir@/pop3d.pem
then
-- echo "@datadir@/pop3d.pem already exists."
+- echo "@mydatadir@/pop3d.pem already exists."
+ echo "@certsdir@/pop3d.pem already exists."
exit 1
fi
umask 077
--cp /dev/null @datadir@/pop3d.pem
--chmod 600 @datadir@/pop3d.pem
--chown @mailuser@ @datadir@/pop3d.pem
-+cp /dev/null @certsdir@/pop3d.pem
-+chmod 600 @certsdir@/pop3d.pem
-+chown @mailuser@ @certsdir@/pop3d.pem
cleanup() {
-- rm -f @datadir@/pop3d.pem
-- rm -f @datadir@/pop3d.rand
+- rm -f @mydatadir@/pop3d.pem
+- rm -f @mydatadir@/pop3d.rand
+- rm -f @mydatadir@/pop3d.key
+- rm -f @mydatadir@/pop3d.cert
+ rm -f @certsdir@/pop3d.pem
+ rm -f @certsdir@/pop3d.rand
++ rm -f @certsdir@/pop3d.key
++ rm -f @certsdir@/pop3d.cert
exit 1
}
--dd [EMAIL PROTECTED]@ [EMAIL PROTECTED]@/pop3d.rand count=1 2>/dev/null
-+dd [EMAIL PROTECTED]@ [EMAIL PROTECTED]@/pop3d.rand count=1 2>/dev/null
- @OPENSSL@ req -new -x509 -days 365 -nodes \
-- -config @sysconfdir@/pop3d.cnf -out @datadir@/pop3d.pem -keyout
@datadir@/pop3d.pem || cleanup
[EMAIL PROTECTED]@ gendh -rand @datadir@/pop3d.rand 512 >>@datadir@/pop3d.pem
|| cleanup
[EMAIL PROTECTED]@ x509 -subject -dates -fingerprint -noout -in
@datadir@/pop3d.pem || cleanup
--rm -f @datadir@/pop3d.rand
-+ -config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout
@certsdir@/pop3d.pem || cleanup
[EMAIL PROTECTED]@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem
|| cleanup
[EMAIL PROTECTED]@ x509 -subject -dates -fingerprint -noout -in
@certsdir@/pop3d.pem || cleanup
-+rm -f @certsdir@/pop3d.rand
+-cd @mydatadir@
++cd @certsdir@
+
+ if test "@ssllib@" = "openssl"
+ then
+- cp /dev/null @mydatadir@/pop3d.pem
+- chmod 600 @mydatadir@/pop3d.pem
+- chown @mailuser@ @mydatadir@/pop3d.pem
++ cp /dev/null @certsdir@/pop3d.pem
++ chmod 600 @certsdir@/pop3d.pem
++ chown @mailuser@ @certsdir@/pop3d.pem
+
+- dd [EMAIL PROTECTED]@ [EMAIL PROTECTED]@/pop3d.rand count=1 2>/dev/null
++ dd [EMAIL PROTECTED]@ [EMAIL PROTECTED]@/pop3d.rand count=1 2>/dev/null
+ @OPENSSL@ req -new -x509 -days 365 -nodes \
+- -config @sysconfdir@/pop3d.cnf -out @mydatadir@/pop3d.pem
-keyout @mydatadir@/pop3d.pem || cleanup
+- @OPENSSL@ gendh -rand @mydatadir@/pop3d.rand 512
>>@mydatadir@/pop3d.pem || cleanup
+- @OPENSSL@ x509 -subject -dates -fingerprint -noout -in
@mydatadir@/pop3d.pem || cleanup
+- rm -f @mydatadir@/pop3d.rand
++ -config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem
-keyout @certsdir@/pop3d.pem || cleanup
++ @OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem
|| cleanup
++ @OPENSSL@ x509 -subject -dates -fingerprint -noout -in
@certsdir@/pop3d.pem || cleanup
++ rm -f @certsdir@/pop3d.rand
+ else
+- cp /dev/null @mydatadir@/pop3d.key
+- chmod 600 @mydatadir@/pop3d.key
+- cp /dev/null @mydatadir@/pop3d.cert
+- chmod 600 @mydatadir@/pop3d.cert
++ cp /dev/null @certsdir@/pop3d.key
++ chmod 600 @certsdir@/pop3d.key
++ cp /dev/null @certsdir@/pop3d.cert
++ chmod 600 @certsdir@/pop3d.cert
+
+ @CERTTOOL@ --generate-privkey --outfile pop3d.key
+ @CERTTOOL@ --generate-self-signed --load-privkey pop3d.key --outfile
pop3d.cert --template @sysconfdir@/pop3d.cnf
+diff -urN courier-imap-4.3.0.orig/imap/pop3d.cnf.openssl.in
courier-imap-4.3.0/imap/pop3d.cnf.openssl.in
+--- courier-imap-4.3.0.orig/imap/pop3d.cnf.openssl.in 2007-11-04
21:49:58.000000000 +0100
++++ courier-imap-4.3.0/imap/pop3d.cnf.openssl.in 2008-01-19
19:53:07.103458296 +0100
+@@ -1,5 +1,5 @@
+
+-RANDFILE = @mydatadir@/pop3d.rand
++RANDFILE = @certsdir@/pop3d.rand
+
+ [ req ]
+ default_bits = 1024
+diff -urN courier-imap-4.3.0.orig/imap/pop3d-ssl.dist.in
courier-imap-4.3.0/imap/pop3d-ssl.dist.in
+--- courier-imap-4.3.0.orig/imap/pop3d-ssl.dist.in 2007-11-22
15:23:06.000000000 +0100
++++ courier-imap-4.3.0/imap/pop3d-ssl.dist.in 2008-01-19 19:55:43.177977173
+0100
+@@ -241,7 +241,7 @@
+ #
+ # This is an experimental feature.
+
[EMAIL PROTECTED]@/pop3d.pem
[EMAIL PROTECTED]@/pop3d.pem
+
+ ##NAME: TLS_TRUSTCERTS:0
+ #
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/courier-imap-certsdir.patch?r1=1.3&r2=1.4&f=u
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
