Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 94257

Summary: mail-mta/qmail TLS enhancement: select servercert through SMTP_SERVERCERT env var
Product: Gentoo Linux Reporter: Alin Năstac (RETIRED) <mrness>
Component: [OLD] ServerAssignee: Qmail Team (OBSOLETE) <qmail-bugs+disabled>
Status: RESOLVED FIXED    
Severity: enhancement CC: gentoo-bugs
Priority: High    
Version: 2005.0   
Hardware: All   
OS: All   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: servercert-by-TCPLOCALHOST-or-TCPLOCALIP.patch
qmail-1.03-env-servercert.patch
qmail-1.03-env-servercert.patch

Description Alin Năstac (RETIRED) gentoo-dev 2005-05-28 02:06:48 UTC 
I've made a patch which enables usage of different TLS certificates depending on TCPLOCALHOST or TCPLOCALIP.
The patch could be safely applied independently of the USE flags.

qmail-smtpd will roughly work as follows:
  CERTFILE = ""
  if $TCPLOCALHOST != "" 
    if "control/servercert-$TCPLOCALHOST.pem" exists
      CERTFILE = "control/servercert-$TCPLOCALHOST.pem"
  else if $TCPLOCALIP != ""
    if "control/servercert-$TCPLOCALIP.pem" exists
      CERTFILE = "control/servercert-$TCPLOCALIP.pem"

  if $CERTFILE == ""
    CERTFILE = "control/servercert.pem"
Comment 1 Alin Năstac (RETIRED) gentoo-dev 2005-05-28 02:09:10 UTC 
Created attachment 60001 [details, diff]
servercert-by-TCPLOCALHOST-or-TCPLOCALIP.patch

This patch works for me on x86 arch - tested for 2 months.
Comment 2 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-06-05 08:00:55 UTC 
Can you please provide a patch that applies to qmail-1.03-r16? Preferably after
the famd-dnotify patch. The TLS patch has been heavily updated for r16, so
things are different. r15 will not be updated because it's the stable version
for all architectures. Thanks!
Comment 3 Alin Năstac (RETIRED) gentoo-dev 2005-06-05 22:29:05 UTC 
Created attachment 60707 [details, diff]
qmail-1.03-env-servercert.patch

this patch is ment to be applied to the current mail-mta/qmail-1.03-r16

it enables configuration of the servercert used by qmail-smtpd daemon through
SMTP_SERVERCERT env var.
Comment 4 Alin Năstac (RETIRED) gentoo-dev 2005-06-05 22:33:21 UTC 
indeed, TLS patch has been redesigned.
it looks better, btw.
Comment 5 Alin Năstac (RETIRED) gentoo-dev 2005-06-05 22:36:53 UTC 
Created attachment 60708 [details, diff]
qmail-1.03-env-servercert.patch

correct the comment
Comment 6 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-06-12 12:54:19 UTC 
Added to qmail-1.03-r16. Can you test it, please?
Comment 7 Alin Năstac (RETIRED) gentoo-dev 2005-06-14 00:15:28 UTC 
TLS part works as expected.
However, AUTH part refuse to work for some strange reason.

I will analyse later, since I do not have the time to do it right now.