[Lunar-commits] CVS: moonbase/mail/imap POST_INSTALL,1.1,1.2
Auke Kok
sofar at lunar-linux.org
Wed Jun 16 12:13:21 GMT 2004
Jeff Hodges wrote:
>On Wed, 2004-06-16 at 08:44 +0200, Jerry Lundström wrote:
>
>
>>Its the other way around, 99% of the people installing imap will WANT
>>ssl. Sending passwords in cleartext is mad.
>>
>>
>Can we get a quick review of what is necessary to use imap with ssl?
>Apparently, I'm missing something.
>
well here's what lead to this:
- download ISO
- install ISO:
* transfer lunar
* build kernel
* reboot
* do a 'lin moonbase ; lin theedge ; lunar rebuild'
* walk away
* come back 3 hours later and see it stopped at module 10 because
openssl module was trying to make a SSL certificate for imap, which
requires you to type in CN etc and will surely baffle any lunar n00b
* shout, swear, smash up computer
my patch (which I fumbled):
- have the imap module build SSL certificates
my idea:
- most users need imap.h for evolution, ssl wrapping for clients using
imap.h is provided by openssl.h directly. They also do not need an SSL
certificate unless they run a imaps server
result:
- generation of ssl certificates can be done by the SA manually and
should not be done automatically at all (not even by default). We don't
make apache certificates as well. Any sane ISP would want to use real
and properly signed certificates anyway.
summary:
- we should remove the SSL certificate generation code completely
there... I'll leave imap up to you guys...
sofar
More information about the Lunar-dev
mailing list