]>
Commit | Line | Data |
---|---|---|
a9548de7 | 1 | diff -Nur b/configuration-file/pure-config.pl.in n/configuration-file/pure-config.pl.in |
2 | --- b/configuration-file/pure-config.pl.in 2004-02-29 12:17:00.000000000 +0100 | |
3 | +++ n/configuration-file/pure-config.pl.in 2004-09-15 17:02:28.545013000 +0200 | |
fe6666d1 | 4 | @@ -57,6 +57,7 @@ |
6eed5aa7 | 5 | TrustedIP => "-V", |
6 | AltLog => "-O", | |
7 | PIDFile => "-g", | |
8 | + SSLCertFile => "-7", | |
9 | ); | |
10 | ||
11 | my %numeric_switch_for = ( | |
a9548de7 | 12 | diff -Nur b/configuration-file/pure-config.py.in n/configuration-file/pure-config.py.in |
13 | --- b/configuration-file/pure-config.py.in 2004-02-29 12:17:14.000000000 +0100 | |
14 | +++ n/configuration-file/pure-config.py.in 2004-09-15 17:02:28.546012000 +0200 | |
fe6666d1 | 15 | @@ -55,6 +55,7 @@ |
16 | option_tuple = ( | |
17 | ["IPV4Only[\s]+yes", "-4" ], | |
18 | ["IPV6Only[\s]+yes", "-6" ], | |
19 | + ["SSLCertFile\s+(\S+)", "-7", None ], | |
20 | ["ChrootEveryone[\s]+yes", "-A" ], | |
21 | ["TrustedGID[\s]+([\d]+)", "-a", None ], | |
22 | ["BrokenClientsCompatibility[\s]+yes", "-b" ], | |
a9548de7 | 23 | diff -Nur b/configuration-file/pure-ftpd.conf.in n/configuration-file/pure-ftpd.conf.in |
24 | --- b/configuration-file/pure-ftpd.conf.in 2004-09-15 17:03:04.281580000 +0200 | |
25 | +++ n/configuration-file/pure-ftpd.conf.in 2004-09-15 17:02:28.547012000 +0200 | |
92d8f0ec | 26 | @@ -420,7 +420,13 @@ |
6eed5aa7 | 27 | # 3) Only compatible clients will log in. |
28 | ||
29 | # TLS 1 | |
30 | - | |
92d8f0ec | 31 | + |
32 | +# Path to SSL certificate file. This is non-standard addition | |
33 | +# and it might disappear in the future. If not present | |
34 | +# default is /var/lib/openssl/certs/ftpd.pem for PLD. | |
35 | +# | |
36 | +# SSLCertFile /etc/ssl/private/pure-ftpd.pem | |
37 | +# | |
6eed5aa7 | 38 | |
39 | ||
40 | # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6) | |
a9548de7 | 41 | diff -Nur b/man/pure-ftpd.8 n/man/pure-ftpd.8 |
42 | --- b/man/pure-ftpd.8 2004-02-29 21:10:06.000000000 +0100 | |
43 | +++ n/man/pure-ftpd.8 2004-09-15 17:02:28.548012000 +0200 | |
fe6666d1 | 44 | @@ -9,7 +9,7 @@ |
45 | pure\-ftpd \- simple File Transfer Protocol server | |
46 | ||
47 | .SH "SYNOPSIS" | |
48 | -.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z] | |
49 | +.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-7 certificate file] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z] | |
50 | ||
51 | .br | |
52 | Alternative style : | |
53 | @@ -22,6 +22,8 @@ | |
54 | .br | |
55 | \-6 \-\-ipv6only | |
56 | .br | |
57 | +\-7 \-\-sslcertfile | |
58 | +.br | |
59 | \-a \-\-trustedgid | |
60 | .br | |
61 | \-A \-\-chrooteveryone | |
62 | @@ -157,6 +159,9 @@ | |
63 | .B \-6 | |
64 | Listen only to IPv6 connections. | |
65 | .TP | |
92d8f0ec | 66 | +.B \-7 SSL certificate file |
67 | +Path to SSL certificate file. If option \-7 is not present default value is /var/lib/openssl/certs/ftpd.pem for PLD. This is non\-standard addition. It might disappear in the future and meaning of \-7 option is not guaranted. | |
fe6666d1 | 68 | +.TP |
69 | .B \-a gid | |
70 | Regular users will be chrooted to their home directories, unless | |
71 | they belong to the specified gid. Note that root is always trusted, | |
a9548de7 | 72 | diff -Nur b/src/ftpd.c n/src/ftpd.c |
73 | --- b/src/ftpd.c 2004-09-15 18:05:29.951069216 +0200 | |
74 | +++ n/src/ftpd.c 2004-09-15 18:03:14.172710664 +0200 | |
75 | @@ -4830,7 +4830,7 @@ | |
76 | int fodder; | |
77 | int bypass_ipv6 = 0; | |
78 | struct passwd *pw; | |
79 | - | |
80 | + | |
81 | #ifdef PROBE_RANDOM_AT_RUNTIME | |
82 | pw_zrand_probe(); | |
83 | #endif | |
8066a0bf | 84 | @@ -5097,6 +5097,15 @@ |
7797313a | 85 | enforce_tls_auth > 2) { |
6eed5aa7 | 86 | die(421, LOG_ERR, MSG_CONF_ERR ": TLS"); |
87 | } | |
a9548de7 | 88 | + if (!tlscert_file) |
89 | + if ((tlscert_file = strdup(TLS_CERTIFICATE_FILE)) == NULL) | |
90 | + die_mem(); | |
91 | + break; | |
6eed5aa7 | 92 | + } |
92cc7555 | 93 | + case '7': { |
8066a0bf | 94 | + free(tlscert_file); |
92cc7555 | 95 | + if ((tlscert_file = strdup(optarg)) == NULL) |
7797313a | 96 | + die_mem(); |
a9548de7 | 97 | break; |
98 | } | |
6eed5aa7 | 99 | #endif |
a9548de7 | 100 | diff -Nur b/src/ftpd_p.h n/src/ftpd_p.h |
101 | --- b/src/ftpd_p.h 2004-02-29 22:49:28.000000000 +0100 | |
102 | +++ n/src/ftpd_p.h 2004-09-15 17:02:28.561010000 +0200 | |
6eed5aa7 | 103 | @@ -101,6 +101,7 @@ |
104 | #endif | |
105 | #ifdef WITH_TLS | |
106 | "Y:" | |
107 | + "7:" | |
108 | #endif | |
109 | "zZ"; | |
110 | ||
111 | @@ -180,6 +181,7 @@ | |
112 | # endif | |
113 | # ifdef WITH_TLS | |
114 | { "tls", 1, NULL, 'Y' }, | |
115 | + { "sslcertfile", 1, NULL, '7'}, | |
116 | # endif | |
117 | { "allowdotfiles", 0, NULL, 'z' }, | |
118 | { "customerproof", 0, NULL, 'Z' }, | |
a9548de7 | 119 | diff -Nur b/src/globals.h n/src/globals.h |
120 | --- b/src/globals.h 2004-02-29 22:49:28.000000000 +0100 | |
121 | +++ n/src/globals.h 2004-09-15 17:02:28.561010000 +0200 | |
6eed5aa7 | 122 | @@ -167,6 +167,7 @@ |
123 | ||
124 | #ifdef WITH_TLS | |
125 | GLOBAL0(signed char enforce_tls_auth); | |
126 | +GLOBAL0(char *tlscert_file); | |
127 | #endif | |
128 | ||
129 | GLOBAL0(char *atomic_prefix); | |
a9548de7 | 130 | diff -Nur b/src/tls.c n/src/tls.c |
131 | --- b/src/tls.c 2004-02-29 22:49:27.000000000 +0100 | |
132 | +++ n/src/tls.c 2004-09-15 17:02:28.562010000 +0200 | |
6eed5aa7 | 133 | @@ -9,11 +9,12 @@ |
134 | # include "tls.h" | |
135 | # include "ftpwho-update.h" | |
136 | # include "messages.h" | |
137 | +# include "globals.h" | |
138 | ||
139 | static void tls_error(void) | |
140 | { | |
141 | logfile(LOG_ERR, "SSL/TLS [%s]: %s", | |
142 | - TLS_CERTIFICATE_FILE, | |
143 | + tlscert_file, | |
144 | ERR_error_string(ERR_get_error(), NULL)); | |
145 | _EXIT(EXIT_FAILURE); | |
146 | } | |
147 | @@ -23,7 +24,7 @@ | |
148 | DH *dh; | |
149 | BIO *bio; | |
150 | ||
151 | - if ((bio = BIO_new_file(TLS_CERTIFICATE_FILE, "r")) == NULL) { | |
152 | + if ((bio = BIO_new_file(tlscert_file, "r")) == NULL) { | |
153 | return -1; | |
154 | } | |
155 | if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL | |
156 | @@ -65,11 +66,11 @@ | |
157 | tls_init_cache(); | |
158 | SSL_CTX_set_options(tls_ctx, SSL_OP_ALL); | |
159 | if (SSL_CTX_use_certificate_chain_file | |
160 | - (tls_ctx, TLS_CERTIFICATE_FILE) != 1) { | |
161 | + (tls_ctx, tlscert_file) != 1) { | |
162 | die(421, LOG_ERR, | |
163 | - MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE); | |
164 | + MSG_FILE_DOESNT_EXIST ": [%s]", tlscert_file); | |
165 | } | |
166 | - if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE, | |
167 | + if (SSL_CTX_use_PrivateKey_file(tls_ctx, tlscert_file, | |
168 | SSL_FILETYPE_PEM) != 1) { | |
169 | tls_error(); | |
170 | } |