--- qmail-1.03.orig/qmail-smtpd.c 2005-05-28 11:37:15.000000000 +0300 +++ qmail-1.03.orig/qmail-smtpd.c 2005-05-28 11:40:18.165723216 +0300 @@ -37,6 +37,7 @@ stralloc clientcert = {0}; stralloc tlsserverciphers = {0}; +stralloc tlsserverlocalcert = {0}; #endif #define BMCHECK_BMF 0 @@ -270,6 +271,14 @@ if (!remoteip) remoteip = "unknown"; local = env_get("TCPLOCALHOST"); if (!local) local = env_get("TCPLOCALIP"); +#ifdef TLS + if(local) { + stralloc_copys(&tlsserverlocalcert, "control/servercert-"); + stralloc_cats(&tlsserverlocalcert, local); + stralloc_cats(&tlsserverlocalcert, ".pem"); + stralloc_0(&tlsserverlocalcert); + } +#endif if (!local) local = "unknown"; remotehost = env_get("TCPREMOTEHOST"); if (!remotehost) remotehost = "unknown"; @@ -794,12 +803,18 @@ if(!(ctx=SSL_CTX_new(SSLv23_server_method()))) {out("454 TLS not available: unable to initialize ctx (#4.3.0)\r\n"); return;} - if(!SSL_CTX_use_RSAPrivateKey_file(ctx, "control/servercert.pem", SSL_FILETYPE_PEM)) - {out("454 TLS not available: missing RSA private key (#4.3.0)\r\n"); - return;} - if(!SSL_CTX_use_certificate_chain_file(ctx, "control/servercert.pem")) - {out("454 TLS not available: missing certificate (#4.3.0)\r\n"); - return;} + if(tlsserverlocalcert.len && SSL_CTX_use_RSAPrivateKey_file(ctx, tlsserverlocalcert.s, SSL_FILETYPE_PEM)) { + if(!SSL_CTX_use_certificate_chain_file(ctx, tlsserverlocalcert.s)) + {out("454 TLS not available: missing certificate (#4.3.0)\r\n"); + return;} + } else { + if(!SSL_CTX_use_RSAPrivateKey_file(ctx, "control/servercert.pem", SSL_FILETYPE_PEM)) + {out("454 TLS not available: missing RSA private key (#4.3.0)\r\n"); + return;} + if(!SSL_CTX_use_certificate_chain_file(ctx, "control/servercert.pem")) + {out("454 TLS not available: missing certificate (#4.3.0)\r\n"); + return;} + } SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb); SSL_CTX_set_cipher_list(ctx,tlsserverciphers.s); SSL_CTX_load_verify_locations(ctx, "control/clientca.pem",NULL);