1 files changed, 10 insertions, 11 deletions

diff --git a/qmail-smtpd.c b/qmail-smtpd.c
index fe33249..19e7c9b 100644
--- a/qmail-smtpd.c
+++ b/qmail-smtpd.c
@@ -57,9 +57,13 @@ char *local;
 char *relayclient;
 
 #ifdef TLS
-#include <sys/stat.h>
-#include "tls.h"
-#include "ssl_timeoutio.h"
+# include <sys/stat.h>
+# include "tls.h"
+# include "ssl_timeoutio.h"
+
+# define CLIENTCA "control/clientca.pem"
+# define CLIENTCRL "control/clientcrl.pem"
+# define SERVERCERT "control/servercert.pem"
 
 void tls_init();
 int tls_verify();
@@ -591,7 +595,9 @@ void smtp_ehlo(arg) char *arg;
   if(!spp_helo(arg)) return;
   smtp_greet("250-");
 #ifdef TLS
-  if (!ssl && (stat("control/servercert.pem",&st) == 0))
+  const char *servercert = env_get("SMTP_SERVERCERT");
+  if (!servercert) servercert = SERVERCERT;
+  if (!ssl && (stat(servercert, &st) == 0))
     out("\r\n250-STARTTLS");
 #endif
   out("\r\n250-PIPELINING\r\n250-8BITMIME\r\n");
@@ -1262,10 +1268,6 @@ void tls_out(const char *s1, const char *s2)
 }
 void tls_err(const char *s) { tls_out(s, ssl_error()); if (smtps) die_read(); }
 
-# define CLIENTCA "control/clientca.pem"
-# define CLIENTCRL "control/clientcrl.pem"
-# define SERVERCERT "control/servercert.pem"
-
 int tls_verify()
 {
   stralloc clients = {0};
@@ -1460,9 +1462,6 @@ void tls_init()
   dohelo(remotehost);
 }
 
-# undef SERVERCERT
-# undef CLIENTCA
-
 #endif
 
 struct commands smtpcommands[] = {