summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSunil Nimmagadda <sunil@esdenera.com>2017-01-09 15:30:35 +0500
committerSunil Nimmagadda <sunil@esdenera.com>2017-01-09 15:30:35 +0500
commit44593728dbb10317a8ec0ca60e1ca7bbb8989d98 (patch)
treea68852b6a7cb9b9800abee51a2782874df02d763
parentcccc2eb125674423d902d77a4abd6e30fd0ace67 (diff)
Provide an option to specify cert/key on commandline.
While here, document new options and fix mandoc lint warnings.
-rw-r--r--pop3d.816
-rw-r--r--pop3d.c16
-rw-r--r--pop3d.h2
-rw-r--r--pop3e.c4
-rw-r--r--ssl.c12
-rw-r--r--ssl.h2
6 files changed, 32 insertions, 20 deletions
diff --git a/pop3d.8 b/pop3d.8
index 344316c..d43a7ee 100644
--- a/pop3d.8
+++ b/pop3d.8
@@ -20,7 +20,9 @@
.Nd Post Office Protocol (POP3) daemon.
.Sh SYNOPSIS
.Nm
+.Op Fl c Ar certfile
.Op Fl d
+.Op Fl k Ar keyfile
.Op Fl p Ar path
.Op Fl t Ar type
.Sh DESCRIPTION
@@ -34,13 +36,17 @@ behalf of its remote users.
.Pp
The options are as follows:
.Bl -tag -width Ds
+.It Fl c Ar certfile
+Specify the certificate file. Defaults to /etc/ssl/server.crt.
.It Fl d
Do not daemonize. If this option is specified,
.Nm
will run in foreground and log to
.Em stderr .
+.It Fl k Ar keyfile
+Specify the key file. Defaults to /etc/ssl/private.key.
.It Fl p
-Path to the maildrop. Defaults to /var/mail/%u in case of mbox and
+Path to the maildrop. Defaults to /var/mail/%u in case of mbox and
~/Maildir in case of maildir.
.Nm
expands '~' to user's home dir
@@ -49,14 +55,11 @@ and '%u' to user's name if specified in the path.
Specify maildrop type. Options are mbox and maildir. Defaults to mbox.
.El
.Sh FILES
-.Bl -tag -width "/etc/ssl/private/server.key" -compact
+.Bl -tag -width Ds -compact
.It Pa ~/maildir
.It Pa /var/mail/%u
User maildrops
-.Pp
-.It /etc/ssl/server.crt
-.It /etc/ssl/private/server.key
-Location of SSL certificate and key
+.El
.Sh SEE ALSO
.Xr smtpd 8 ,
.Xr ssl 8
@@ -82,5 +85,6 @@ Location of SSL certificate and key
.%A M. Yevstifeyev
.%D August 2011
.%R draft-melnikov-pop3-over-tls-02
+.Re
.Sh CAVEATS
POP3 authenticates using cleartext passwords on 110(POP3) port.
diff --git a/pop3d.c b/pop3d.c
index f16b0cd..e24f24b 100644
--- a/pop3d.c
+++ b/pop3d.c
@@ -38,6 +38,8 @@
#define MBOX_PATH "/var/mail/%u"
#define MAILDIR_PATH "~/Maildir"
#define POP3D_USER "_pop3d"
+#define CERTFILE "/etc/ssl/server.crt"
+#define KEYFILE "/etc/ssl/private/server.key"
static void authenticate(struct imsgev *, struct imsg *);
static void pop3e_imsgev(struct imsgev *, int , struct imsg *);
@@ -56,13 +58,20 @@ main(int argc, char *argv[])
struct passwd *pw;
struct event ev_sigint, ev_sigterm, ev_sighup, ev_sigchld;
const char *path = NULL, *mtype_str = "mbox";
+ const char *cert = CERTFILE, *key = KEYFILE;
int ch, d = 0, pair[2];
- while ((ch = getopt(argc, argv, "dp:t:")) != -1) {
+ while ((ch = getopt(argc, argv, "c:dk:p:t:")) != -1) {
switch (ch) {
+ case 'c':
+ cert = optarg;
+ break;
case 'd':
d = 1;
break;
+ case 'k':
+ key = optarg;
+ break;
case 'p':
path = optarg;
break;
@@ -101,7 +110,7 @@ main(int argc, char *argv[])
if ((pw = getpwnam(POP3D_USER)) == NULL)
fatalx("main: getpwnam " POP3D_USER);
- pop3_main(pair, pw);
+ pop3_main(pair, pw, cert, key);
close(pair[1]);
setproctitle("[priv]");
logit(LOG_INFO, "pop3d ready; type:%s, path:%s", mtype_str, mpath);
@@ -233,7 +242,8 @@ usage(void)
{
extern char *__progname;
- fprintf(stderr, "usage: %s [-d] [-p path] [-t type]\n", __progname);
+ fprintf(stderr, "usage: %s [-c certfile] [-d] "
+ "[-k keyfile] [-p path] [-t type]\n", __progname);
exit(EXIT_FAILURE);
}
diff --git a/pop3d.h b/pop3d.h
index 7e3b47f..cbe9f9b 100644
--- a/pop3d.h
+++ b/pop3d.h
@@ -143,7 +143,7 @@ struct session {
};
/* pop3e.c */
-void pop3_main(int [2], struct passwd *);
+void pop3_main(int [2], struct passwd *, const char *, const char *);
/* session.c */
void session_init(struct listener *, int, const struct sockaddr_storage *);
diff --git a/pop3e.c b/pop3e.c
index 1bd8635..88e3c33 100644
--- a/pop3e.c
+++ b/pop3e.c
@@ -48,7 +48,7 @@ struct imsgev iev_pop3d;
void *ssl_ctx;
void
-pop3_main(int pair[2], struct passwd *pw)
+pop3_main(int pair[2], struct passwd *pw, const char *cert, const char *key)
{
extern struct session_tree sessions;
struct event ev_sigint, ev_sigterm;
@@ -73,7 +73,7 @@ pop3_main(int pair[2], struct passwd *pw)
pop3_listen("pop3");
ssl_init();
- if ((ssl_ctx = ssl_setup()) == NULL)
+ if ((ssl_ctx = ssl_setup(cert, key)) == NULL)
fatal("ssl_setup failed");
pop3_listen("pop3s");
diff --git a/ssl.c b/ssl.c
index fce300f..9d1af2a 100644
--- a/ssl.c
+++ b/ssl.c
@@ -33,8 +33,6 @@
#define SSL_CIPHERS "HIGH"
#define SSL_SESSION_TIMEOUT 300
-#define CERTFILE "/etc/ssl/server.crt"
-#define KEYFILE "/etc/ssl/private/server.key"
static char *ssl_load_file(const char *, off_t *);
@@ -52,7 +50,7 @@ ssl_init(void)
}
void *
-ssl_setup(void)
+ssl_setup(const char *certfile, const char *keyfile)
{
SSL_CTX *ctx = NULL;
char *cert, *key;
@@ -73,13 +71,13 @@ ssl_setup(void)
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
/* SSL certificate, key loading */
- cert = ssl_load_file(CERTFILE, &cert_len);
+ cert = ssl_load_file(certfile, &cert_len);
if (cert == NULL)
- fatal("ssl_load_file: Unable to load " CERTFILE);
+ fatal("ssl_load_file: certificate");
- key = ssl_load_file(KEYFILE, &key_len);
+ key = ssl_load_file(keyfile, &key_len);
if (key == NULL)
- fatal("ssl_load_file: Unable to load " KEYFILE);
+ fatal("ssl_load_file: key");
if (!SSL_CTX_set_cipher_list(ctx, SSL_CIPHERS))
goto err;
diff --git a/ssl.h b/ssl.h
index b52d626..3da7b6f 100644
--- a/ssl.h
+++ b/ssl.h
@@ -2,7 +2,7 @@
/* ssl.c */
void ssl_init(void);
-void *ssl_setup(void);
+void *ssl_setup(const char *, const char *);
void *pop3s_init(SSL_CTX *, int);
void ssl_error(const char *);