Hello list,
I'm using pop3d in my server. To use acme-client certs with pop3d I
have to do this:
# /etc/daily.local
acme-client example.com www.example.com
if [ $? -eq 0 ]; then
# pop3d needs this:
cp /etc/ssl/acme/fullchain.pem /etc/ssl/server.crt
cp /etc/ssl/acme/private/privkey.pem /etc/ssl/private/server.key
/etc/rc.d/httpd restart
/etc/rc.d/smtpd restart
/etc/rc.d/pop3d restart
fi
I thought it'd be nice to have an option to pass pop3d alternative cert
and key files. Despite I'm not skilled in C at all I downloaded the
master branch and did what I could. Surely the patches below are
useless but I made the attempt. :-)
Anyway I couldn't even try them, I couldn't compile pop3d because some
error not related to the modifications I did (uninitialized UINT_MAX in
util.c).
--- pop3d-master/pop3d.c Fri Sep 5 07:23:50 2014
+++ pop3d-modif/pop3d.c Sat Dec 31 10:52:46 2016
@@ -38,6 +38,8 @@
#define MBOX_PATH "/var/mail/%u"
#define MAILDIR_PATH "~/Maildir"
#define POP3D_USER "_pop3d"
+#define CERTFILE "/etc/ssl/server.crt"
+#define KEYFILE "/etc/ssl/private/server.key"
static void authenticate(struct imsgev *, struct imsg *);
static void pop3e_imsgev(struct imsgev *, int , struct imsg *);
@@ -48,6 +50,8 @@
static struct imsgev iev_pop3e;
const char *mpath;
+const char *cpath;
+const char *kpath;
int mtype = M_MBOX;
int
@@ -56,6 +60,8 @@
struct passwd *pw;
struct event ev_sigint, ev_sigterm, ev_sighup, ev_sigchld;
const char *path = NULL, *mtype_str = "mbox";
+ const char *cert = NULL;
+ const char *key = NULL;
int ch, d = 0, pair[2];
while ((ch = getopt(argc, argv, "dp:t:")) != -1) {
@@ -66,6 +72,12 @@
case 'p':
path = optarg;
break;
+ case 'c':
+ cert = optarg;
+ break;
+ case 'k':
+ key = optarg;
+ break;
case 't':
if ((mtype = m_type(optarg)) == -1)
errx(1, "%s invalid argument", optarg);
@@ -87,6 +99,18 @@
mpath = (mtype == M_MAILDIR) ? MAILDIR_PATH : MBOX_PATH;
log_init(d);
+ if (cert)
+ cpath = cert;
+ else
+ cpath = CERTFILE;
+
+ log_init(d);
+ if (key)
+ kpath = key;
+ else
+ kpath = KEYFILE;
+
+ log_init(d);
if (geteuid())
fatalx("need root privileges");
@@ -104,7 +128,8 @@
pop3_main(pair, pw);
close(pair[1]);
setproctitle("[priv]");
- logit(LOG_INFO, "pop3d ready; type:%s, path:%s", mtype_str, mpath);
+ logit(LOG_INFO, "pop3d ready; type:%s, path:%s, cpath:%s, kpath:%s",
+ mtype_str, mpath, cpath, kpath);
event_init();
signal_set(&ev_sigint, SIGINT, sig_handler, NULL);
signal_set(&ev_sighup, SIGHUP, sig_handler, NULL);
--- pop3d-master/ssl.c Fri Sep 5 07:23:50 2014
+++ pop3d-modif/ssl.c Sat Dec 31 10:46:48 2016
@@ -33,14 +33,15 @@
#define SSL_CIPHERS "HIGH"
#define SSL_SESSION_TIMEOUT 300
-#define CERTFILE "/etc/ssl/server.crt"
-#define KEYFILE "/etc/ssl/private/server.key"
static char *ssl_load_file(const char *, off_t *);
void
ssl_init(void)
{
+ extern const char *cpath;
+ extern const char *kpath;
+
/* SSL init */
SSL_library_init();
SSL_load_error_strings();
@@ -73,13 +74,13 @@
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
/* SSL certificate, key loading */
- cert = ssl_load_file(CERTFILE, &cert_len);
+ cert = ssl_load_file(cpath, &cert_len);
if (cert == NULL)
- fatal("ssl_load_file: Unable to load " CERTFILE);
+ fatal("ssl_load_file: Unable to load " cpath);
- key = ssl_load_file(KEYFILE, &key_len);
+ key = ssl_load_file(kpath, &key_len);
if (key == NULL)
- fatal("ssl_load_file: Unable to load " KEYFILE);
+ fatal("ssl_load_file: Unable to load " kpath);
if (!SSL_CTX_set_cipher_list(ctx, SSL_CIPHERS))
goto err;
Happy holidays to everyone!
