diff options
| author | Sam Varshavchik | 2014-10-11 11:50:06 -0400 |
|---|---|---|
| committer | Sam Varshavchik | 2014-10-11 11:50:06 -0400 |
| commit | 28ae4ee8a5a4a39cf262dd9aa1916e51d2c83bfa (patch) | |
| tree | 1dd416f52a61f5e1a42059ea1cbe1b5d683b9fd8 | |
| parent | f337ca54e2960d03fc22ff2215b5209554761ef6 (diff) | |
| download | courier-libs-28ae4ee8a5a4a39cf262dd9aa1916e51d2c83bfa.tar.bz2 | |
Package default DH parameter file in the RPM.
| -rw-r--r-- | imap/ChangeLog | 9 | ||||
| -rw-r--r-- | imap/mkdhparams.in | 31 |
2 files changed, 28 insertions, 12 deletions
diff --git a/imap/ChangeLog b/imap/ChangeLog index 29542fd..8f14791 100644 --- a/imap/ChangeLog +++ b/imap/ChangeLog @@ -1,3 +1,12 @@ +2014-10-11 Sam Varshavchik <mrsam@courier-mta.com> + + * mkdhparams: TLS_DHPARAMS environmnt variable overrides default + DH parameter file location. + + * courier-imap.spec.in: generate the default DH parameter file and + package it into the rpm, instead of generating one on the first + start. + 2014-10-09 Sam Varshavchik <mrsam@courier-mta.com> * libs/maildir/maildirinfo.c (maildir_info_imapmunge): Fix diff --git a/imap/mkdhparams.in b/imap/mkdhparams.in index cb9bafa..89ed1dd 100644 --- a/imap/mkdhparams.in +++ b/imap/mkdhparams.in @@ -5,9 +5,16 @@ # # Run this script monthly to generate DH parameters. -if test -f @certsdir@/dhparams.pem +# Override from the environment + +if test "$TLS_DHPARAMS" = "" then - if test "`find @certsdir@/dhparams.pem -mtime +25 -print `" = "" + TLS_DHPARAMS="@certsdir@/dhparams.pem" +fi + +if test -f $TLS_DHPARAMS +then + if test "`find $TLS_DHPARAMS -mtime +25 -print `" = "" then # Less than 25 days old exit 0 @@ -16,9 +23,10 @@ fi set -e -cp /dev/null @certsdir@/dhparams.pem.tmp -chmod 600 @certsdir@/dhparams.pem.tmp -chown @mailuser@ @certsdir@/dhparams.pem.tmp +umask 077 +cp /dev/null $TLS_DHPARAMS.tmp +umask 022 +chown @mailuser@ $TLS_DHPARAMS.tmp BITS="$DH_BITS" if test "@ssllib@" = "openssl" @@ -28,17 +36,16 @@ then BITS=2048 fi - dd if=@RANDOMV@ of=@certsdir@/dhparams.rand.tmp count=1 2>/dev/null - @OPENSSL@ dhparam -rand @certsdir@/dhparams.rand.tmp -outform PEM $BITS >@certsdir@/dhparams.pem.tmp - rm -f @certsdir@/dhparams.rand.tmp - mv -f @certsdir@/dhparams.pem.tmp @certsdir@/dhparams.pem + dd if=@RANDOMV@ of=$TLS_DHPARAMS.rand.tmp count=1 2>/dev/null + @OPENSSL@ dhparam -rand $TLS_DHPARAMS.rand.tmp -outform PEM $BITS >$TLS_DHPARAMS.tmp + rm -f $TLS_DHPARAMS.rand.tmp + mv -f $TLS_DHPARAMS.tmp $TLS_DHPARAMS else if test "$BITS" = "" then BITS=high fi - @CERTTOOL@ --generate-dh-params --sec-param $BITS >@certsdir@/dhparams.pem.tmp - mv -f @certsdir@/dhparams.pem.tmp @certsdir@/dhparams.pem + @CERTTOOL@ --generate-dh-params --sec-param $BITS >$TLS_DHPARAMS.tmp + mv -f $TLS_DHPARAMS.tmp $TLS_DHPARAMS fi - |