--- imap/src/osdep/unix/Makefile.ssl 2002-12-29 23:36:44 +0300 +++ imap/src/osdep/unix/Makefile 2002-12-29 23:36:45 +0300 @@ -44,7 +44,7 @@ # use RSAREF. SSLRSA= # -lRSAglue -lrsaref -SSLCFLAGS= -I$(SSLINCLUDE) -I$(SSLINCLUDE)/openssl\ +SSLCFLAGS= -I$(SSLINCLUDE)/openssl -I$(SSLINCLUDE)\ -DSSL_CERT_DIRECTORY=\"$(SSLCERTS)\" -DSSL_KEY_DIRECTORY=\"$(SSLKEYS)\" SSLLDFLAGS= -L$(SSLLIB) -lssl $(SSLCRYPTO) $(SSLRSA) --- imap/docs/SSLBUILD.ssl 2002-12-11 02:23:16 +0300 +++ imap/docs/SSLBUILD 2002-12-29 23:49:26 +0300 @@ -6,8 +6,8 @@ 2) Obtain a copy of OpenSSL. OpenSSL is available from third parties. We do not provide OpenSSL. 3) Make sure that you know how to build OpenSSL properly on the standard - /usr/local/ssl directory. In particular, /usr/local/ssl/include (and - /usr/local/ssl/include/openssl) and /usr/local/ssl/lib must be set up + /var/lib/ssl directory. In particular, /usr/include (and + /usr/include/openssl) and /usr/lib must be set up from the OpenSSL build. If you have a non-standard installation, then you must modify the imap-2002a/src/osdep/unix/Makefile file to point to the appropriate locations. @@ -33,7 +33,7 @@ imap-2002a/src/osdep/unix/Makefile The most important of these are SSLDIR, SSLCRYPTO, and SSLRSA. - SSLDIR is set to /usr/local/ssl by default. This is the normal + SSLDIR is set to /var/lib/ssl by default. This is the normal installation directory for OpenSSL. If your system uses a different directory you will need to change this. @@ -114,7 +114,7 @@ install proper certificates! It is NOT supported to run SSL-enabled servers on a system without the proper certificates. - You must set up certificates on /usr/local/ssl/certs (this may be + You must set up certificates on /var/lib/ssl/certs (this may be different if you have a non-standard installation of OpenSSL; for example, FreeBSD has modified OpenSSL to use /usr/local/certs). You should install both the certificate authority certificates from the SSL distribution after @@ -122,10 +122,10 @@ purchased from a certificate authority, although self-signed certificates are permissible. A sample certificate file is at the end of this document. - Install the resulting certificate file on /usr/local/ssl/certs, with a + Install the resulting certificate file on /var/lib/ssl/certs, with a file name consisting of the server name and a suffix of ".pem". For example, -install the imapd certificate on /usr/local/ssl/certs/imapd.pem and the ipop3d -certificate on /usr/local/ssl/certs/ipop3d.pem. These files should be +install the imapd certificate on /var/lib/ssl/certs/imapd.pem and the ipop3d +certificate on /var/lib/ssl/certs/ipop3d.pem. These files should be protected against random people accessing them. It is permissible for imapd.pem and ipop3d.pem to be links to the same file. @@ -147,7 +147,7 @@ If you have a multihomed system with multiple domain names (and hence separate certifications for each domain name), you can append the IP address to the service name. For example, the IMAP certificate for [12.34.56.78] -would be /usr/local/ssl/certs/imapd-12.34.56.78.pem and so on. You only need +would be /var/lib/ssl/certs/imapd-12.34.56.78.pem and so on. You only need to use this feature if you need to use multiple certificates.