f69d285399
Archiveopteryx is a mail server system optimised for long-term storage and heavy access. It comprises a set of server programs that provide access to mail stored in a relational database (PostgreSQL). With feedback from ajacoutot@ and JG Pailloncy, reads ok to ajacoutot@
80 lines
3.0 KiB
Plaintext
80 lines
3.0 KiB
Plaintext
$OpenBSD: patch-aox_servers_cpp,v 1.1.1.1 2011/01/09 09:36:21 landry Exp $
|
|
--- aox/servers.cpp.orig Fri Mar 12 07:25:36 2010
|
|
+++ aox/servers.cpp Sun Apr 11 11:16:55 2010
|
|
@@ -27,6 +27,7 @@
|
|
#include <pwd.h>
|
|
#include <grp.h>
|
|
|
|
+#include <err.h>
|
|
|
|
static const char * buildinfo[] = {
|
|
#include "buildinfo.inc"
|
|
@@ -316,8 +317,7 @@ static void checkFilePermissions()
|
|
EString c = Configuration::text( Configuration::TlsCertFile );
|
|
#if !defined(USE_CRYPTLIB)
|
|
if ( c.isEmpty() ) {
|
|
- c = Configuration::compiledIn( Configuration::LibDir );
|
|
- c.append( "/automatic-key.pem" );
|
|
+ c = "/etc/ssl/archiveopteryx.pem";
|
|
}
|
|
#endif
|
|
addPath( Path::ReadableFile, Configuration::TlsCertFile );
|
|
@@ -1092,54 +1092,14 @@ static void selfSignCertificate()
|
|
EString keyFile( Configuration::text( Configuration::TlsCertFile ) );
|
|
|
|
if ( keyFile.isEmpty() ) {
|
|
- keyFile = Configuration::compiledIn( Configuration::LibDir );
|
|
- keyFile.append( "/automatic-key.pem" );
|
|
+ keyFile = "/etc/ssl/archiveopteryx.pem";
|
|
}
|
|
|
|
File key( keyFile );
|
|
if ( !key.contents().isEmpty() )
|
|
return; // could verify here, for the expiry date
|
|
-
|
|
- File osslcf( "/tmp/aox-ossl.conf", File::Write );
|
|
- osslcf.write( "[ req ]\n"
|
|
- " default_bits = 1024\n"
|
|
- " default_keyfile = privkey.pem\n"
|
|
- " distinguished_name = req_distinguished_name\n"
|
|
- " attributes = req_attributes\n"
|
|
- " x509_extensions = v3_ca\n"
|
|
- " prompt = no\n"
|
|
- "\n"
|
|
- " dirstring_type = nobmp\n"
|
|
- "\n"
|
|
- "[ req_distinguished_name ]\n"
|
|
- " CN=" + Configuration::hostname() + "\n"
|
|
- "\n"
|
|
- "[ req_attributes ]\n"
|
|
- " challengePassword = \"\"\n"
|
|
- "\n"
|
|
- " [ v3_ca ]\n"
|
|
- "\n"
|
|
- " nsCertType = server\n"
|
|
- " nsComment = \"Automatically generated self-signed certificate\"\n"
|
|
- " subjectKeyIdentifier=hash\n"
|
|
- " authorityKeyIdentifier=keyid:always,issuer:always\n"
|
|
- " basicConstraints = CA:true\n" );
|
|
-
|
|
-
|
|
-
|
|
- system( "openssl req -config /tmp/aox-ossl.conf -x509 -days 1764 -newkey rsa: -nodes -keyout /tmp/aox-ossl.pem -out /tmp/aox-ossl.pem" );
|
|
-
|
|
- // one one hand, File::write() does no checking. On the other,
|
|
- // this does at least not pass user-supplied data to the shell.
|
|
- File ossl( "/tmp/aox-ossl.pem" );
|
|
- File result( keyFile, File::Write );
|
|
- result.write( ossl.contents() );
|
|
- File::unlink( "/tmp/aox-ossl.pem" );
|
|
-
|
|
- printf( "Created self-signed certificate for %s in %s.\n"
|
|
- "Please verify that file's permissions.\n",
|
|
- Configuration::hostname().cstr(),
|
|
- keyFile.cstr() );
|
|
+ else
|
|
+ errx(1, "Didn't found certificate in %s, exiting\n", keyFile.cstr());
|
|
#endif
|
|
}
|
|
|