]>
Commit | Line | Data |
---|---|---|
a9548de7 | 1 | diff -Nur b/configuration-file/pure-config.pl.in n/configuration-file/pure-config.pl.in |
2 | --- b/configuration-file/pure-config.pl.in 2004-02-29 12:17:00.000000000 +0100 | |
3 | +++ n/configuration-file/pure-config.pl.in 2004-09-15 17:02:28.545013000 +0200 | |
fe6666d1 | 4 | @@ -57,6 +57,7 @@ |
6eed5aa7 | 5 | TrustedIP => "-V", |
6 | AltLog => "-O", | |
7 | PIDFile => "-g", | |
8 | + SSLCertFile => "-7", | |
9 | ); | |
10 | ||
11 | my %numeric_switch_for = ( | |
a9548de7 | 12 | diff -Nur b/configuration-file/pure-config.py.in n/configuration-file/pure-config.py.in |
13 | --- b/configuration-file/pure-config.py.in 2004-02-29 12:17:14.000000000 +0100 | |
14 | +++ n/configuration-file/pure-config.py.in 2004-09-15 17:02:28.546012000 +0200 | |
fe6666d1 | 15 | @@ -55,6 +55,7 @@ |
16 | option_tuple = ( | |
17 | ["IPV4Only[\s]+yes", "-4" ], | |
18 | ["IPV6Only[\s]+yes", "-6" ], | |
19 | + ["SSLCertFile\s+(\S+)", "-7", None ], | |
20 | ["ChrootEveryone[\s]+yes", "-A" ], | |
21 | ["TrustedGID[\s]+([\d]+)", "-a", None ], | |
22 | ["BrokenClientsCompatibility[\s]+yes", "-b" ], | |
a9548de7 | 23 | diff -Nur b/configuration-file/pure-ftpd.conf.in n/configuration-file/pure-ftpd.conf.in |
24 | --- b/configuration-file/pure-ftpd.conf.in 2004-09-15 17:03:04.281580000 +0200 | |
25 | +++ n/configuration-file/pure-ftpd.conf.in 2004-09-15 17:02:28.547012000 +0200 | |
6eed5aa7 | 26 | @@ -420,7 +420,8 @@ |
27 | # 3) Only compatible clients will log in. | |
28 | ||
29 | # TLS 1 | |
30 | - | |
31 | +# SSLCertFile /etc/ssl/private/pure-ftpd.pem | |
32 | +# or /var/lib/openssl/certs/ftpd.pem (current location in PLD) | |
33 | ||
34 | ||
35 | # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6) | |
a9548de7 | 36 | diff -Nur b/man/pure-ftpd.8 n/man/pure-ftpd.8 |
37 | --- b/man/pure-ftpd.8 2004-02-29 21:10:06.000000000 +0100 | |
38 | +++ n/man/pure-ftpd.8 2004-09-15 17:02:28.548012000 +0200 | |
fe6666d1 | 39 | @@ -9,7 +9,7 @@ |
40 | pure\-ftpd \- simple File Transfer Protocol server | |
41 | ||
42 | .SH "SYNOPSIS" | |
43 | -.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z] | |
44 | +.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-7 certificate file] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z] | |
45 | ||
46 | .br | |
47 | Alternative style : | |
48 | @@ -22,6 +22,8 @@ | |
49 | .br | |
50 | \-6 \-\-ipv6only | |
51 | .br | |
52 | +\-7 \-\-sslcertfile | |
53 | +.br | |
54 | \-a \-\-trustedgid | |
55 | .br | |
56 | \-A \-\-chrooteveryone | |
57 | @@ -157,6 +159,9 @@ | |
58 | .B \-6 | |
59 | Listen only to IPv6 connections. | |
60 | .TP | |
61 | +.B \-7 file | |
62 | +Path to SSL certificate file. | |
63 | +.TP | |
64 | .B \-a gid | |
65 | Regular users will be chrooted to their home directories, unless | |
66 | they belong to the specified gid. Note that root is always trusted, | |
a9548de7 | 67 | diff -Nur b/src/ftpd.c n/src/ftpd.c |
68 | --- b/src/ftpd.c 2004-09-15 18:05:29.951069216 +0200 | |
69 | +++ n/src/ftpd.c 2004-09-15 18:03:14.172710664 +0200 | |
70 | @@ -4830,7 +4830,7 @@ | |
71 | int fodder; | |
72 | int bypass_ipv6 = 0; | |
73 | struct passwd *pw; | |
74 | - | |
75 | + | |
76 | #ifdef PROBE_RANDOM_AT_RUNTIME | |
77 | pw_zrand_probe(); | |
78 | #endif | |
8066a0bf | 79 | @@ -5097,6 +5097,15 @@ |
7797313a | 80 | enforce_tls_auth > 2) { |
6eed5aa7 | 81 | die(421, LOG_ERR, MSG_CONF_ERR ": TLS"); |
82 | } | |
a9548de7 | 83 | + if (!tlscert_file) |
84 | + if ((tlscert_file = strdup(TLS_CERTIFICATE_FILE)) == NULL) | |
85 | + die_mem(); | |
86 | + break; | |
6eed5aa7 | 87 | + } |
92cc7555 | 88 | + case '7': { |
8066a0bf | 89 | + free(tlscert_file); |
92cc7555 | 90 | + if ((tlscert_file = strdup(optarg)) == NULL) |
7797313a | 91 | + die_mem(); |
a9548de7 | 92 | break; |
93 | } | |
6eed5aa7 | 94 | #endif |
a9548de7 | 95 | diff -Nur b/src/ftpd_p.h n/src/ftpd_p.h |
96 | --- b/src/ftpd_p.h 2004-02-29 22:49:28.000000000 +0100 | |
97 | +++ n/src/ftpd_p.h 2004-09-15 17:02:28.561010000 +0200 | |
6eed5aa7 | 98 | @@ -101,6 +101,7 @@ |
99 | #endif | |
100 | #ifdef WITH_TLS | |
101 | "Y:" | |
102 | + "7:" | |
103 | #endif | |
104 | "zZ"; | |
105 | ||
106 | @@ -180,6 +181,7 @@ | |
107 | # endif | |
108 | # ifdef WITH_TLS | |
109 | { "tls", 1, NULL, 'Y' }, | |
110 | + { "sslcertfile", 1, NULL, '7'}, | |
111 | # endif | |
112 | { "allowdotfiles", 0, NULL, 'z' }, | |
113 | { "customerproof", 0, NULL, 'Z' }, | |
a9548de7 | 114 | diff -Nur b/src/globals.h n/src/globals.h |
115 | --- b/src/globals.h 2004-02-29 22:49:28.000000000 +0100 | |
116 | +++ n/src/globals.h 2004-09-15 17:02:28.561010000 +0200 | |
6eed5aa7 | 117 | @@ -167,6 +167,7 @@ |
118 | ||
119 | #ifdef WITH_TLS | |
120 | GLOBAL0(signed char enforce_tls_auth); | |
121 | +GLOBAL0(char *tlscert_file); | |
122 | #endif | |
123 | ||
124 | GLOBAL0(char *atomic_prefix); | |
a9548de7 | 125 | diff -Nur b/src/tls.c n/src/tls.c |
126 | --- b/src/tls.c 2004-02-29 22:49:27.000000000 +0100 | |
127 | +++ n/src/tls.c 2004-09-15 17:02:28.562010000 +0200 | |
6eed5aa7 | 128 | @@ -9,11 +9,12 @@ |
129 | # include "tls.h" | |
130 | # include "ftpwho-update.h" | |
131 | # include "messages.h" | |
132 | +# include "globals.h" | |
133 | ||
134 | static void tls_error(void) | |
135 | { | |
136 | logfile(LOG_ERR, "SSL/TLS [%s]: %s", | |
137 | - TLS_CERTIFICATE_FILE, | |
138 | + tlscert_file, | |
139 | ERR_error_string(ERR_get_error(), NULL)); | |
140 | _EXIT(EXIT_FAILURE); | |
141 | } | |
142 | @@ -23,7 +24,7 @@ | |
143 | DH *dh; | |
144 | BIO *bio; | |
145 | ||
146 | - if ((bio = BIO_new_file(TLS_CERTIFICATE_FILE, "r")) == NULL) { | |
147 | + if ((bio = BIO_new_file(tlscert_file, "r")) == NULL) { | |
148 | return -1; | |
149 | } | |
150 | if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL | |
151 | @@ -65,11 +66,11 @@ | |
152 | tls_init_cache(); | |
153 | SSL_CTX_set_options(tls_ctx, SSL_OP_ALL); | |
154 | if (SSL_CTX_use_certificate_chain_file | |
155 | - (tls_ctx, TLS_CERTIFICATE_FILE) != 1) { | |
156 | + (tls_ctx, tlscert_file) != 1) { | |
157 | die(421, LOG_ERR, | |
158 | - MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE); | |
159 | + MSG_FILE_DOESNT_EXIST ": [%s]", tlscert_file); | |
160 | } | |
161 | - if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE, | |
162 | + if (SSL_CTX_use_PrivateKey_file(tls_ctx, tlscert_file, | |
163 | SSL_FILETYPE_PEM) != 1) { | |
164 | tls_error(); | |
165 | } |