diff options
| author | Dirk Meyer <dinoex@FreeBSD.org> | 2002-10-20 14:05:47 +0000 |
|---|---|---|
| committer | Dirk Meyer <dinoex@FreeBSD.org> | 2002-10-20 14:05:47 +0000 |
| commit | ce29408741e75abe71e4ab7e44d5989ba2046fa1 (patch) | |
| tree | 3f74402a80a812ca32be171001771f09534149e6 /mail | |
| parent | Add a line for myself and a line for ftp.at.FreeBSD.org (diff) | |
update tls-install.sh
Reviewed by: gshapiro
Notes
Notes:
svn path=/head/; revision=68415
Diffstat (limited to 'mail')
| -rw-r--r-- | mail/sendmail/Makefile | 1 | ||||
| -rw-r--r-- | mail/sendmail/files/tls-install.sh | 43 | ||||
| -rw-r--r-- | mail/sendmail812/Makefile | 1 | ||||
| -rw-r--r-- | mail/sendmail812/files/tls-install.sh | 43 |
4 files changed, 50 insertions, 38 deletions
diff --git a/mail/sendmail/Makefile b/mail/sendmail/Makefile index 0e67da015f50..5428aa6af268 100644 --- a/mail/sendmail/Makefile +++ b/mail/sendmail/Makefile @@ -225,6 +225,7 @@ ${DESTDIR}/etc/mail/submit.cf: ${DESTDIR}/etc/mail/submit.mc root-sasldb: @${ECHO_CMD} "# Links:" @${ECHO_CMD} "#" + @${ECHO_CMD} "# http://www.sendmail.org/~gshapiro/ @${ECHO_CMD} "# http://www.sendmail.org/~ca/email/auth.html" @${ECHO_CMD} "# http://www.asp.ogi.edu/people/paja/linux/sendmail/" @${ECHO_CMD} "# http://blue-labs.org/clue/sendmail.php" diff --git a/mail/sendmail/files/tls-install.sh b/mail/sendmail/files/tls-install.sh index 1157bab95c54..1efa8c570a16 100644 --- a/mail/sendmail/files/tls-install.sh +++ b/mail/sendmail/files/tls-install.sh @@ -1,18 +1,18 @@ #!/bin/sh # -CADIR="${CADIR-${DESTDIR}/etc/mail/certs}" +CADIR="${CADIR-${DESTDIR}/etc/mail/certs/CA}" FILSEDIR="${FILESDIR-/usr/ports/mail/sendmail/files}" REALM=`hostname` echo "creating: ${CADIR} on ${REALM}" -for i in certs crl newcerts private +for i in certs crl newcerts private ../private do if test ! -d "${CADIR}/${i}" then mkdir -p "${CADIR}/${i}" fi done -chmod 0600 "${CADIR}/private" +chmod 0700 "${CADIR}/private" "${CADIR}/../private" cd "${CADIR}" || exit 65 if test ! -f openssl.cnf @@ -24,47 +24,50 @@ fi if test ! -f "serial" then echo "generating: serial" + umask 0022 echo "01" > "serial" fi if test ! -f "index.txt" then echo "generating: index.txt" + umask 0022 cp /dev/null "index.txt" fi if test ! -f "cacert.pem" then echo "generating CA" + umask 0077 openssl req -new -x509 -config openssl.cnf \ -keyout private/cakey.pem \ -out cacert.pem - chmod 0600 "private/cakey.pem" fi -if test ! -f "sendmailcert.pem" +if test ! -f "../sendmailcert.pem" then - if test ! -f "private/sendmailkey.pem" + if test ! -f "../private/sendmailkey.pem" then - echo "generating server CERT" + echo "creating cert signing request" umask 0066 openssl req -nodes -new -x509 -config openssl.cnf \ - -keyout private/sendmailkey.pem \ - -out private/sendmailkey.pem + -keyout ../private/sendmailkey.pem \ + -out ../private/sendmailkey.pem fi if test ! -f "newcsr.pem" then - echo "signing CERT1" + echo "self signing cert" + umask 0066 openssl x509 -x509toreq \ - -in private/sendmailkey.pem \ - -signkey private/sendmailkey.pem \ + -in ../private/sendmailkey.pem \ + -signkey ../private/sendmailkey.pem \ -out newcsr.pem fi if test ! -f "sendmailcert.pem" then - echo "signing CERT2" + echo "signing cert" openssl ca -config openssl.cnf -policy policy_anything \ - -out sendmailcert.pem \ + -out ../sendmailcert.pem \ -infiles newcsr.pem rm -f newcsr.pem fi @@ -72,16 +75,18 @@ fi sed 's/^X//' << 'END-of-files/tls.m4' X# links: +X# http://www.sendmail.org/~gshapiro/ X# http://www.sendmail.org/~ca/email/starttls.html X# http://www.ofb.net/~jheiss/sendmail/tlsandrelay.shtml X# X# You may need to add this to your sendmail.mc file: X -Xdefine(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl -Xdefine(`confCACERT_PATH', `CERT_DIR')dnl -Xdefine(`confCACERT', `CERT_DIR/cacert.pem')dnl -Xdefine(`confSERVER_CERT', `CERT_DIR/sendmailcert.pem')dnl -Xdefine(`confSERVER_KEY', `CERT_DIR/private/sendmailkey.pem')dnl +Xdefine(`confCACERT_PATH', `MAIL_SETTINGS_DIR`'certs')dnl +Xdefine(`confCACERT', `confCACERT_PATH/CA/cacert.pem')dnl +Xdefine(`confSERVER_CERT', `confCACERT_PATH/sendmailcert.pem')dnl +Xdefine(`confSERVER_KEY', `confCACERT_PATH/private/sendmailkey.pem')dnl +Xdefine(`confCLIENT_CERT', `confCACERT_PATH/sendmailcert.pem')dnl +Xdefine(`confCLIENT_KEY', `confCACERT_PATH/private/sendmailkey.pem')dnl X END-of-files/tls.m4 exit diff --git a/mail/sendmail812/Makefile b/mail/sendmail812/Makefile index 0e67da015f50..5428aa6af268 100644 --- a/mail/sendmail812/Makefile +++ b/mail/sendmail812/Makefile @@ -225,6 +225,7 @@ ${DESTDIR}/etc/mail/submit.cf: ${DESTDIR}/etc/mail/submit.mc root-sasldb: @${ECHO_CMD} "# Links:" @${ECHO_CMD} "#" + @${ECHO_CMD} "# http://www.sendmail.org/~gshapiro/ @${ECHO_CMD} "# http://www.sendmail.org/~ca/email/auth.html" @${ECHO_CMD} "# http://www.asp.ogi.edu/people/paja/linux/sendmail/" @${ECHO_CMD} "# http://blue-labs.org/clue/sendmail.php" diff --git a/mail/sendmail812/files/tls-install.sh b/mail/sendmail812/files/tls-install.sh index 1157bab95c54..1efa8c570a16 100644 --- a/mail/sendmail812/files/tls-install.sh +++ b/mail/sendmail812/files/tls-install.sh @@ -1,18 +1,18 @@ #!/bin/sh # -CADIR="${CADIR-${DESTDIR}/etc/mail/certs}" +CADIR="${CADIR-${DESTDIR}/etc/mail/certs/CA}" FILSEDIR="${FILESDIR-/usr/ports/mail/sendmail/files}" REALM=`hostname` echo "creating: ${CADIR} on ${REALM}" -for i in certs crl newcerts private +for i in certs crl newcerts private ../private do if test ! -d "${CADIR}/${i}" then mkdir -p "${CADIR}/${i}" fi done -chmod 0600 "${CADIR}/private" +chmod 0700 "${CADIR}/private" "${CADIR}/../private" cd "${CADIR}" || exit 65 if test ! -f openssl.cnf @@ -24,47 +24,50 @@ fi if test ! -f "serial" then echo "generating: serial" + umask 0022 echo "01" > "serial" fi if test ! -f "index.txt" then echo "generating: index.txt" + umask 0022 cp /dev/null "index.txt" fi if test ! -f "cacert.pem" then echo "generating CA" + umask 0077 openssl req -new -x509 -config openssl.cnf \ -keyout private/cakey.pem \ -out cacert.pem - chmod 0600 "private/cakey.pem" fi -if test ! -f "sendmailcert.pem" +if test ! -f "../sendmailcert.pem" then - if test ! -f "private/sendmailkey.pem" + if test ! -f "../private/sendmailkey.pem" then - echo "generating server CERT" + echo "creating cert signing request" umask 0066 openssl req -nodes -new -x509 -config openssl.cnf \ - -keyout private/sendmailkey.pem \ - -out private/sendmailkey.pem + -keyout ../private/sendmailkey.pem \ + -out ../private/sendmailkey.pem fi if test ! -f "newcsr.pem" then - echo "signing CERT1" + echo "self signing cert" + umask 0066 openssl x509 -x509toreq \ - -in private/sendmailkey.pem \ - -signkey private/sendmailkey.pem \ + -in ../private/sendmailkey.pem \ + -signkey ../private/sendmailkey.pem \ -out newcsr.pem fi if test ! -f "sendmailcert.pem" then - echo "signing CERT2" + echo "signing cert" openssl ca -config openssl.cnf -policy policy_anything \ - -out sendmailcert.pem \ + -out ../sendmailcert.pem \ -infiles newcsr.pem rm -f newcsr.pem fi @@ -72,16 +75,18 @@ fi sed 's/^X//' << 'END-of-files/tls.m4' X# links: +X# http://www.sendmail.org/~gshapiro/ X# http://www.sendmail.org/~ca/email/starttls.html X# http://www.ofb.net/~jheiss/sendmail/tlsandrelay.shtml X# X# You may need to add this to your sendmail.mc file: X -Xdefine(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl -Xdefine(`confCACERT_PATH', `CERT_DIR')dnl -Xdefine(`confCACERT', `CERT_DIR/cacert.pem')dnl -Xdefine(`confSERVER_CERT', `CERT_DIR/sendmailcert.pem')dnl -Xdefine(`confSERVER_KEY', `CERT_DIR/private/sendmailkey.pem')dnl +Xdefine(`confCACERT_PATH', `MAIL_SETTINGS_DIR`'certs')dnl +Xdefine(`confCACERT', `confCACERT_PATH/CA/cacert.pem')dnl +Xdefine(`confSERVER_CERT', `confCACERT_PATH/sendmailcert.pem')dnl +Xdefine(`confSERVER_KEY', `confCACERT_PATH/private/sendmailkey.pem')dnl +Xdefine(`confCLIENT_CERT', `confCACERT_PATH/sendmailcert.pem')dnl +Xdefine(`confCLIENT_KEY', `confCACERT_PATH/private/sendmailkey.pem')dnl X END-of-files/tls.m4 exit |