--- imap-2001a/src/osdep/unix/Makefile.ssl-include Mon Dec 3 22:28:32 2001 +++ imap-2001a/src/osdep/unix/Makefile Mon Dec 3 22:29:50 2001 @@ -44,7 +44,7 @@ # use RSAREF. SSLRSA= # -lRSAglue -lrsaref -SSLCFLAGS= -I$(SSLINCLUDE) -I$(SSLINCLUDE)/openssl\ +SSLCFLAGS= -I$(SSLINCLUDE)/openssl -I$(SSLINCLUDE)\ -DSSL_CERT_DIRECTORY=\"$(SSLCERTS)\" SSLLDFLAGS= -L$(SSLLIB) -lssl $(SSLCRYPTO) $(SSLRSA) --- imap/docs/SSLBUILD.ssl Thu Oct 4 05:59:40 2001 +++ imap/docs/SSLBUILD Thu Nov 22 23:28:10 2001 @@ -7,10 +7,10 @@ 2) Obtain a copy of OpenSSL. OpenSSL is available from third parties. We do not provide OpenSSL. 3) Make sure that you know how to build OpenSSL properly on the standard - /usr/local/ssl directory. In particular, /usr/local/ssl/include (and - /usr/local/ssl/include/openssl) and /usr/local/ssl/lib must be set up + /var/lib/ssl directory. In particular, /usr/include (and + /usr/include/openssl) and /usr/lib must be set up from the OpenSSL build. If you have a non-standard installation, then - you must modify the imap-2001/src/osdep/unixMakefile.ssl file to point + you must modify the imap-2001/src/osdep/unix/Makefile file to point to the appropriate locations. 4) Make sure that you know how to obtain appropriate certificates on your system. @@ -30,7 +30,7 @@ imap-2001/src/osdep/unix/Makefile The most important of these are SSLDIR, SSLCRYPTO, and SSLRSA. - SSLDIR is set to /usr/local/ssl by default. This is the normal + SSLDIR is set to /var/lib/ssl by default. This is the normal installation directory for OpenSSL. If your system uses a different directory you will need to change this. @@ -111,16 +111,16 @@ install proper certificates! It is NOT supported to run SSL-enabled servers on a system without the proper certificates. - You must set up certificates on /usr/local/ssl/certs. You should install + You must set up certificates on /var/lib/ssl/certs. You should install both the certificate authority certificates from the SSL distribution after building OpenSSL, plus your own certificates. The latter should have been purchased from a certificate authority, although self-signed certificates are permissible. A sample certificate file is at the end of this document. - Install the resulting certificate file on /usr/local/ssl/certs, with a + Install the resulting certificate file on /var/lib/ssl/certs, with a file name consisting of the server name and a suffix of ".pem". For example, -install the imapd certificate on /usr/local/ssl/certs/imapd.pem and the ipop3d -certificate on /usr/local/ssl/certs/ipop3d.pem. These files should be +install the imapd certificate on /var/lib/ssl/certs/imapd.pem and the ipop3d +certificate on /var/lib/ssl/certs/ipop3d.pem. These files should be protected against random people accessing them. It is permissible for imapd.pem and ipop3d.pem to be links to the same file. @@ -142,7 +142,7 @@ If you have a multihomed system with multiple domain names (and hence separate certifications for each domain name), you can append the IP address to the service name. For example, the IMAP certificate for [12.34.56.78] -would be /usr/local/ssl/certs/imapd-12.34.56.78.pem and so on. You only need +would be /var/lib/ssl/certs/imapd-12.34.56.78.pem and so on. You only need to use this feature if you need to use multiple certificates.