]>
Commit | Line | Data |
---|---|---|
7797313a | 1 | diff -Nur pure-ftpd-1.0.20.bef/configuration-file/pure-config.pl.in pure-ftpd-1.0.20.new/configuration-file/pure-config.pl.in |
2 | --- pure-ftpd-1.0.20.bef/configuration-file/pure-config.pl.in 2004-02-29 12:17:00.000000000 +0100 | |
3 | +++ pure-ftpd-1.0.20.new/configuration-file/pure-config.pl.in 2004-08-17 02:00:46.000000000 +0200 | |
fe6666d1 | 4 | @@ -57,6 +57,7 @@ |
6eed5aa7 | 5 | TrustedIP => "-V", |
6 | AltLog => "-O", | |
7 | PIDFile => "-g", | |
8 | + SSLCertFile => "-7", | |
9 | ); | |
10 | ||
11 | my %numeric_switch_for = ( | |
7797313a | 12 | diff -Nur pure-ftpd-1.0.20.bef/configuration-file/pure-config.py.in pure-ftpd-1.0.20.new/configuration-file/pure-config.py.in |
13 | --- pure-ftpd-1.0.20.bef/configuration-file/pure-config.py.in 2004-02-29 12:17:14.000000000 +0100 | |
14 | +++ pure-ftpd-1.0.20.new/configuration-file/pure-config.py.in 2004-08-17 02:00:46.000000000 +0200 | |
fe6666d1 | 15 | @@ -55,6 +55,7 @@ |
16 | option_tuple = ( | |
17 | ["IPV4Only[\s]+yes", "-4" ], | |
18 | ["IPV6Only[\s]+yes", "-6" ], | |
19 | + ["SSLCertFile\s+(\S+)", "-7", None ], | |
20 | ["ChrootEveryone[\s]+yes", "-A" ], | |
21 | ["TrustedGID[\s]+([\d]+)", "-a", None ], | |
22 | ["BrokenClientsCompatibility[\s]+yes", "-b" ], | |
7797313a | 23 | diff -Nur pure-ftpd-1.0.20.bef/configuration-file/pure-ftpd.conf.in pure-ftpd-1.0.20.new/configuration-file/pure-ftpd.conf.in |
24 | --- pure-ftpd-1.0.20.bef/configuration-file/pure-ftpd.conf.in 2004-08-17 02:01:13.000000000 +0200 | |
25 | +++ pure-ftpd-1.0.20.new/configuration-file/pure-ftpd.conf.in 2004-08-17 02:00:46.000000000 +0200 | |
6eed5aa7 | 26 | @@ -420,7 +420,8 @@ |
27 | # 3) Only compatible clients will log in. | |
28 | ||
29 | # TLS 1 | |
30 | - | |
31 | +# SSLCertFile /etc/ssl/private/pure-ftpd.pem | |
32 | +# or /var/lib/openssl/certs/ftpd.pem (current location in PLD) | |
33 | ||
34 | ||
35 | # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6) | |
7797313a | 36 | diff -Nur pure-ftpd-1.0.20.bef/configure.ac pure-ftpd-1.0.20.new/configure.ac |
37 | --- pure-ftpd-1.0.20.bef/configure.ac 2004-06-20 19:41:27.000000000 +0200 | |
38 | +++ pure-ftpd-1.0.20.new/configure.ac 2004-08-17 02:00:46.000000000 +0200 | |
6eed5aa7 | 39 | @@ -1226,17 +1226,6 @@ |
40 | AC_DEFINE(WITH_TLS,,[Enable TLS]) | |
41 | fi | |
42 | ||
43 | -AC_ARG_WITH(certfile, | |
44 | -[AS_HELP_STRING(--with-certfile=,certificate file (default: /etc/ssl/private/pure-ftpd.pem))], | |
45 | -[ if test "x$withval" != "x" ; then | |
46 | - certfile="$withval" | |
47 | - AC_SUBST(certfile) | |
48 | - CPPFLAGS="$CPPFLAGS -DTLS_CERTIFICATE_FILE='\"$certfile\"'" | |
49 | - if test -e "$certfile"; then | |
50 | - AC_MSG_WARN(No certificate is installed in $certfile yet) | |
51 | - fi | |
52 | - fi ]) | |
53 | - | |
54 | AC_ARG_WITH(rendezvous, | |
55 | [AS_HELP_STRING(--with-rendezvous,Enable Rendezvous support on MacOS X (experimental))], | |
56 | [ if test "x$withval" = "xyes" ; then | |
7797313a | 57 | diff -Nur pure-ftpd-1.0.20.bef/man/pure-ftpd.8 pure-ftpd-1.0.20.new/man/pure-ftpd.8 |
58 | --- pure-ftpd-1.0.20.bef/man/pure-ftpd.8 2004-02-29 21:10:06.000000000 +0100 | |
59 | +++ pure-ftpd-1.0.20.new/man/pure-ftpd.8 2004-08-17 02:00:46.000000000 +0200 | |
fe6666d1 | 60 | @@ -9,7 +9,7 @@ |
61 | pure\-ftpd \- simple File Transfer Protocol server | |
62 | ||
63 | .SH "SYNOPSIS" | |
64 | -.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z] | |
65 | +.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-7 certificate file] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z] | |
66 | ||
67 | .br | |
68 | Alternative style : | |
69 | @@ -22,6 +22,8 @@ | |
70 | .br | |
71 | \-6 \-\-ipv6only | |
72 | .br | |
73 | +\-7 \-\-sslcertfile | |
74 | +.br | |
75 | \-a \-\-trustedgid | |
76 | .br | |
77 | \-A \-\-chrooteveryone | |
78 | @@ -157,6 +159,9 @@ | |
79 | .B \-6 | |
80 | Listen only to IPv6 connections. | |
81 | .TP | |
82 | +.B \-7 file | |
83 | +Path to SSL certificate file. | |
84 | +.TP | |
85 | .B \-a gid | |
86 | Regular users will be chrooted to their home directories, unless | |
87 | they belong to the specified gid. Note that root is always trusted, | |
7797313a | 88 | diff -Nur pure-ftpd-1.0.20.bef/src/ftpd.c pure-ftpd-1.0.20.new/src/ftpd.c |
89 | --- pure-ftpd-1.0.20.bef/src/ftpd.c 2004-07-17 15:28:22.000000000 +0200 | |
90 | +++ pure-ftpd-1.0.20.new/src/ftpd.c 2004-08-17 02:46:00.000000000 +0200 | |
91 | @@ -5097,8 +5097,15 @@ | |
92 | enforce_tls_auth > 2) { | |
6eed5aa7 | 93 | die(421, LOG_ERR, MSG_CONF_ERR ": TLS"); |
94 | } | |
7797313a | 95 | + if ((tlscert_file = strdup("")) == NULL) |
96 | + die_mem(); | |
6eed5aa7 | 97 | break; |
98 | - } | |
99 | + } | |
100 | + case '7': { | |
7797313a | 101 | + if ((tlscert_file = strdup(optarg)) == NULL) |
102 | + die_mem(); | |
6eed5aa7 | 103 | + break; |
104 | + } | |
105 | #endif | |
106 | case 'e': { | |
107 | anon_only = 1; | |
7797313a | 108 | diff -Nur pure-ftpd-1.0.20.bef/src/ftpd.h pure-ftpd-1.0.20.new/src/ftpd.h |
109 | --- pure-ftpd-1.0.20.bef/src/ftpd.h 2004-03-02 20:08:59.000000000 +0100 | |
110 | +++ pure-ftpd-1.0.20.new/src/ftpd.h 2004-08-17 02:00:46.000000000 +0200 | |
fe6666d1 | 111 | @@ -396,12 +396,6 @@ |
112 | # define VHOST_PATH CONFDIR "/pure-ftpd" | |
113 | #endif | |
114 | ||
115 | -#ifdef WITH_TLS | |
116 | -# ifndef TLS_CERTIFICATE_FILE | |
117 | -# define TLS_CERTIFICATE_FILE "/etc/ssl/private/pure-ftpd.pem" | |
118 | -# endif | |
119 | -#endif | |
120 | - | |
121 | #define FAKE_SHELL "ftp" | |
122 | ||
123 | #ifndef PID_FILE | |
7797313a | 124 | diff -Nur pure-ftpd-1.0.20.bef/src/ftpd_p.h pure-ftpd-1.0.20.new/src/ftpd_p.h |
125 | --- pure-ftpd-1.0.20.bef/src/ftpd_p.h 2004-02-29 22:49:28.000000000 +0100 | |
126 | +++ pure-ftpd-1.0.20.new/src/ftpd_p.h 2004-08-17 02:00:46.000000000 +0200 | |
6eed5aa7 | 127 | @@ -101,6 +101,7 @@ |
128 | #endif | |
129 | #ifdef WITH_TLS | |
130 | "Y:" | |
131 | + "7:" | |
132 | #endif | |
133 | "zZ"; | |
134 | ||
135 | @@ -180,6 +181,7 @@ | |
136 | # endif | |
137 | # ifdef WITH_TLS | |
138 | { "tls", 1, NULL, 'Y' }, | |
139 | + { "sslcertfile", 1, NULL, '7'}, | |
140 | # endif | |
141 | { "allowdotfiles", 0, NULL, 'z' }, | |
142 | { "customerproof", 0, NULL, 'Z' }, | |
7797313a | 143 | diff -Nur pure-ftpd-1.0.20.bef/src/globals.h pure-ftpd-1.0.20.new/src/globals.h |
144 | --- pure-ftpd-1.0.20.bef/src/globals.h 2004-02-29 22:49:28.000000000 +0100 | |
145 | +++ pure-ftpd-1.0.20.new/src/globals.h 2004-08-17 02:00:46.000000000 +0200 | |
6eed5aa7 | 146 | @@ -167,6 +167,7 @@ |
147 | ||
148 | #ifdef WITH_TLS | |
149 | GLOBAL0(signed char enforce_tls_auth); | |
150 | +GLOBAL0(char *tlscert_file); | |
151 | #endif | |
152 | ||
153 | GLOBAL0(char *atomic_prefix); | |
7797313a | 154 | diff -Nur pure-ftpd-1.0.20.bef/src/tls.c pure-ftpd-1.0.20.new/src/tls.c |
155 | --- pure-ftpd-1.0.20.bef/src/tls.c 2004-02-29 22:49:27.000000000 +0100 | |
156 | +++ pure-ftpd-1.0.20.new/src/tls.c 2004-08-17 02:00:46.000000000 +0200 | |
6eed5aa7 | 157 | @@ -9,11 +9,12 @@ |
158 | # include "tls.h" | |
159 | # include "ftpwho-update.h" | |
160 | # include "messages.h" | |
161 | +# include "globals.h" | |
162 | ||
163 | static void tls_error(void) | |
164 | { | |
165 | logfile(LOG_ERR, "SSL/TLS [%s]: %s", | |
166 | - TLS_CERTIFICATE_FILE, | |
167 | + tlscert_file, | |
168 | ERR_error_string(ERR_get_error(), NULL)); | |
169 | _EXIT(EXIT_FAILURE); | |
170 | } | |
171 | @@ -23,7 +24,7 @@ | |
172 | DH *dh; | |
173 | BIO *bio; | |
174 | ||
175 | - if ((bio = BIO_new_file(TLS_CERTIFICATE_FILE, "r")) == NULL) { | |
176 | + if ((bio = BIO_new_file(tlscert_file, "r")) == NULL) { | |
177 | return -1; | |
178 | } | |
179 | if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL | |
180 | @@ -65,11 +66,11 @@ | |
181 | tls_init_cache(); | |
182 | SSL_CTX_set_options(tls_ctx, SSL_OP_ALL); | |
183 | if (SSL_CTX_use_certificate_chain_file | |
184 | - (tls_ctx, TLS_CERTIFICATE_FILE) != 1) { | |
185 | + (tls_ctx, tlscert_file) != 1) { | |
186 | die(421, LOG_ERR, | |
187 | - MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE); | |
188 | + MSG_FILE_DOESNT_EXIST ": [%s]", tlscert_file); | |
189 | } | |
190 | - if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE, | |
191 | + if (SSL_CTX_use_PrivateKey_file(tls_ctx, tlscert_file, | |
192 | SSL_FILETYPE_PEM) != 1) { | |
193 | tls_error(); | |
194 | } |