Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 94257 - mail-mta/qmail TLS enhancement: select servercert through SMTP_SERVERCERT env var
Summary: mail-mta/qmail TLS enhancement: select servercert through SMTP_SERVERCERT env...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: All All
: High enhancement (vote)
Assignee: Qmail Team (OBSOLETE)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-05-28 02:06 UTC by Alin Năstac (RETIRED)
Modified: 2007-02-07 17:37 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
servercert-by-TCPLOCALHOST-or-TCPLOCALIP.patch (servercert-by-TCPLOCALHOST-or-TCPLOCALIP.patch,2.10 KB, patch)
2005-05-28 02:09 UTC, Alin Năstac (RETIRED)
Details | Diff
qmail-1.03-env-servercert.patch (qmail-1.03-env-servercert.patch,1.27 KB, patch)
2005-06-05 22:29 UTC, Alin Năstac (RETIRED)
Details | Diff
qmail-1.03-env-servercert.patch (qmail-1.03-env-servercert.patch,1.28 KB, patch)
2005-06-05 22:36 UTC, Alin Năstac (RETIRED)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alin Năstac (RETIRED) gentoo-dev 2005-05-28 02:06:48 UTC
I've made a patch which enables usage of different TLS certificates depending on TCPLOCALHOST or TCPLOCALIP.
The patch could be safely applied independently of the USE flags.

qmail-smtpd will roughly work as follows:
  CERTFILE = ""
  if $TCPLOCALHOST != "" 
    if "control/servercert-$TCPLOCALHOST.pem" exists
      CERTFILE = "control/servercert-$TCPLOCALHOST.pem"
  else if $TCPLOCALIP != ""
    if "control/servercert-$TCPLOCALIP.pem" exists
      CERTFILE = "control/servercert-$TCPLOCALIP.pem"

  if $CERTFILE == ""
    CERTFILE = "control/servercert.pem"
Comment 1 Alin Năstac (RETIRED) gentoo-dev 2005-05-28 02:09:10 UTC
Created attachment 60001 [details, diff]
servercert-by-TCPLOCALHOST-or-TCPLOCALIP.patch

This patch works for me on x86 arch - tested for 2 months.
Comment 2 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-06-05 08:00:55 UTC
Can you please provide a patch that applies to qmail-1.03-r16? Preferably after
the famd-dnotify patch. The TLS patch has been heavily updated for r16, so
things are different. r15 will not be updated because it's the stable version
for all architectures. Thanks!
Comment 3 Alin Năstac (RETIRED) gentoo-dev 2005-06-05 22:29:05 UTC
Created attachment 60707 [details, diff]
qmail-1.03-env-servercert.patch

this patch is ment to be applied to the current mail-mta/qmail-1.03-r16

it enables configuration of the servercert used by qmail-smtpd daemon through
SMTP_SERVERCERT env var.
Comment 4 Alin Năstac (RETIRED) gentoo-dev 2005-06-05 22:33:21 UTC
indeed, TLS patch has been redesigned.
it looks better, btw.
Comment 5 Alin Năstac (RETIRED) gentoo-dev 2005-06-05 22:36:53 UTC
Created attachment 60708 [details, diff]
qmail-1.03-env-servercert.patch

correct the comment
Comment 6 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-06-12 12:54:19 UTC
Added to qmail-1.03-r16. Can you test it, please?
Comment 7 Alin Năstac (RETIRED) gentoo-dev 2005-06-14 00:15:28 UTC
TLS part works as expected.
However, AUTH part refuse to work for some strange reason.

I will analyse later, since I do not have the time to do it right now.