ucspi-ssl-cc-patch

This is a cc patch for ucspi-ssl:

http://www.netdevice.com/qmail/patch/ucspi-ssl-cc-patch

See http://www.superscript.com/ucspi-ssl/intro.html.

The version of patch in Solaris is broken, use gpatch or GNU patch instead.

Instructions for implementing secure pop3d:

# gzip -cd openssl-0.9.7d.tar.gz | tar -xf -

# cd openssl-0.9.7d

# ./config

# make

# make test

# make install

# cd /package

# gzip -cd ucspi-ssl-0.67.tar.gz | tar -xf -

# cd host/superscript.com/net/ucspi-ssl-0.67

# patch -p1 < /path/to/ucspi-ssl-cc.patch

# package/compile

# package/rts

# package/install

# package/report

# mkdir /usr/local/ssl/pem

# mkdir /usr/local/ssl/private

# openssl dhparam -check -text -5 1024 -out /usr/local/ssl/pem/dh1024.pem

# openssl req -new -x509 -nodes -days 730 -newkey rsa:1024 -keyout /usr/local/ssl/private/pop3s.key -out /usr/local/ssl/certs/pop3s.cert

# mkdir /var/qmail/supervise/qmail-pop3s

# mkdir /var/qmail/supervise/qmail-pop3s/log

# mkdir /var/log/pop3s

# chown qmaill /var/log/pop3s

# vi /var/qmail/supervise/qmail-pop3s/run

#!/bin/sh

CERTFILE="/usr/local/ssl/certs/pop3s.cert"

KEYFILE="/usr/local/ssl/private/pop3s.key"

DHFILE="/usr/local/ssl/pem/dh1024.pem"

export CERTFILE KEYFILE DHFILE

LOCAL="pop3s.example.com"

exec /usr/local/bin/softlimit -m 5000000 /usr/local/bin/sslserver -v -R -l \

"$LOCAL" 0 pop3s /var/qmail/bin/qmail-popup "$LOCAL" /bin/checkpassword \

/var/qmail/bin/qmail-pop3d Maildir 2>&1

# vi /var/qmail/supervise/qmail-pop3s/log/run

#!/bin/sh

exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t \

s16777214 n1000 /var/log/pop3s

# chmod 755 /var/qmail/supervise/qmail-pop3s/run

# chmod 755 /var/qmail/supervise/qmail-pop3s/log/run

# ln -s /var/qmail/supervise/qmail-pop3s /service

# sslconnect pop3s.example.com 995 -a /usr/local/ssl/certs/pop3s.cert

+OK <24015.1077736920@pop3s.example.com>

user mary

+OK

pass jane

+OK

list

+OK

quit

+OK

# tail /var/log/pop3s/current | tai64nlocal

Patch:

diff -ur ucspi-ssl.orig/src/conf-cc ucspi-ssl/src/conf-cc

--- ucspi-ssl.orig/src/conf-cc Tue Mar 16 23:30:05 2004

+++ ucspi-ssl/src/conf-cc Wed Mar 17 13:14:38 2004

@@ -1,3 +1,3 @@

-auto

+cc -I/usr/local/ssl/include

This will be used to compile .c files.

diff -ur ucspi-ssl.orig/src/conf-ld ucspi-ssl/src/conf-ld

--- ucspi-ssl.orig/src/conf-ld Tue Mar 16 23:30:05 2004

+++ ucspi-ssl/src/conf-ld Wed Mar 17 13:14:17 2004

@@ -1,3 +1,3 @@

-gcc -s

+cc -L/usr/local/ssl/lib -R/usr/local/ssl/lib

This will be used to link .o files into an executable.