1 files changed, 63 insertions, 0 deletions

diff --git a/imap/mkpop3dcert.in b/imap/mkpop3dcert.in
new file mode 100644
index 0000000..9a4c530
--- /dev/null
+++ b/imap/mkpop3dcert.in
@@ -0,0 +1,63 @@
+#! @SHELL@
+#
+#
+# Copyright 2000-2007 Double Precision, Inc.  See COPYING for
+# distribution information.
+#
+# This is a short script to quickly generate a self-signed X.509 key for
+# POP3 over SSL.  Normally this script would get called by an automatic
+# package installation routine.
+
+if test "@ssllib@" = "openssl"
+then
+	test -x @OPENSSL@ || exit 0
+else
+	test -x @CERTTOOL@ || exit 0
+fi
+
+prefix="@prefix@"
+
+if test -f @certsdir@/pop3d.pem
+then
+	echo "@certsdir@/pop3d.pem already exists."
+	exit 1
+fi
+
+umask 077
+
+cleanup() {
+	rm -f @certsdir@/pop3d.pem
+	rm -f @certsdir@/pop3d.rand
+	rm -f @certsdir@/pop3d.key
+	rm -f @certsdir@/pop3d.cert
+	exit 1
+}
+
+cd @certsdir@
+
+if test "@ssllib@" = "openssl"
+then
+	cp /dev/null @certsdir@/pop3d.pem
+	chmod 600 @certsdir@/pop3d.pem
+	chown @mailuser@ @certsdir@/pop3d.pem
+
+	dd if=@RANDOMV@ of=@certsdir@/pop3d.rand count=1 2>/dev/null
+	@OPENSSL@ req -new -x509 -days 365 -nodes \
+		  -config @sysconfdir@/pop3d.cnf -out @certsdir@/pop3d.pem -keyout @certsdir@/pop3d.pem || cleanup
+	@OPENSSL@ gendh -rand @certsdir@/pop3d.rand 512 >>@certsdir@/pop3d.pem || cleanup
+	@OPENSSL@ x509 -subject -dates -fingerprint -noout -in @certsdir@/pop3d.pem || cleanup
+	rm -f @certsdir@/pop3d.rand
+else
+	cp /dev/null @certsdir@/pop3d.key
+	chmod 600 @certsdir@/pop3d.key
+	cp /dev/null @certsdir@/pop3d.cert
+	chmod 600 @certsdir@/pop3d.cert
+	cp /dev/null @certsdir@/pop3d.pem
+	chmod 600 @certsdir@/pop3d.pem
+
+	@CERTTOOL@ --generate-privkey --outfile pop3d.key
+	@CERTTOOL@ --generate-self-signed --load-privkey pop3d.key --outfile pop3d.cert --template @sysconfdir@/pop3d.cnf
+	@CERTTOOL@ --generate-dh-params >>pop3d.cert
+	cat pop3d.key pop3d.cert >pop3d.pem
+	rm -f pop3d.key pop3d.cert
+fi