[packages/pure-ftpd.git] / pure-ftpd-path_to_ssl_cert_in_config.patch

diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-config.pl.in pure-ftpd-1.0.18.work/configuration-file/pure-config.pl.in
--- pure-ftpd-1.0.18.bef/configuration-file/pure-config.pl.in	2004-04-27 20:32:42.000000000 +0200
+++ pure-ftpd-1.0.18.work/configuration-file/pure-config.pl.in	2004-04-27 21:55:08.000000000 +0200
@@ -10,9 +10,6 @@
 my $PUREFTPD;
 -x && ($PUREFTPD=$_, last) for qw(
 	${exec_prefix}/sbin/pure-ftpd
-	/usr/local/pure-ftpd/sbin/pure-ftpd
-	/usr/local/pureftpd/sbin/pure-ftpd
-	/usr/local/sbin/pure-ftpd
 	/usr/sbin/pure-ftpd
 );
 
@@ -57,6 +54,7 @@
 	TrustedIP		=> "-V",
 	AltLog			=> "-O",
 	PIDFile			=> "-g",
+	SSLCertFile		=> "-7",
 );
 
 my %numeric_switch_for = (
diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-config.py.in pure-ftpd-1.0.18.work/configuration-file/pure-config.py.in
--- pure-ftpd-1.0.18.bef/configuration-file/pure-config.py.in	2004-04-27 20:32:42.000000000 +0200
+++ pure-ftpd-1.0.18.work/configuration-file/pure-config.py.in	2004-04-27 21:55:08.000000000 +0200
@@ -111,7 +111,8 @@
     ["NoTruncate\s+yes",                   "-0"                  ],    
     ["PIDFile\s+(\S+)",                    "-g", None            ],
     ["PerUserLimits\s+([:0-9]+)",          "-y", None            ],
-    ["TLSAuth\s+yes",                      "-Y", None            ])
+    ["TLSAuth\s+yes",                      "-Y", None            ],
+    ["SSLCertFile\s+(\S+)",                 "-7", None            ])
 
 for option in option_tuple:
     option[0] = re.compile(option[0], re.IGNORECASE)
diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-ftpd.conf.in pure-ftpd-1.0.18.work/configuration-file/pure-ftpd.conf.in
--- pure-ftpd-1.0.18.bef/configuration-file/pure-ftpd.conf.in	2004-04-27 20:32:42.000000000 +0200
+++ pure-ftpd-1.0.18.work/configuration-file/pure-ftpd.conf.in	2004-04-27 21:55:08.000000000 +0200
@@ -420,7 +420,8 @@
 # 3) Only compatible clients will log in.
 
 # TLS                      1
-
+# SSLCertFile	/etc/ssl/private/pure-ftpd.pem 
+#		or /var/lib/openssl/certs/ftpd.pem (current location in PLD)
 
 
 # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
diff -Nura pure-ftpd-1.0.18.bef/configure.ac pure-ftpd-1.0.18.work/configure.ac
--- pure-ftpd-1.0.18.bef/configure.ac	2004-04-27 20:32:42.000000000 +0200
+++ pure-ftpd-1.0.18.work/configure.ac	2004-04-27 20:49:46.000000000 +0200
@@ -1226,17 +1226,6 @@
   AC_DEFINE(WITH_TLS,,[Enable TLS])
 fi
 
-AC_ARG_WITH(certfile,
-[AS_HELP_STRING(--with-certfile=,certificate file (default: /etc/ssl/private/pure-ftpd.pem))],
-[ if test "x$withval" != "x" ; then
-    certfile="$withval"
-    AC_SUBST(certfile)
-    CPPFLAGS="$CPPFLAGS -DTLS_CERTIFICATE_FILE='\"$certfile\"'"
-    if test -e "$certfile"; then
-      AC_MSG_WARN(No certificate is installed in $certfile yet)
-    fi
-  fi ])
-  
 AC_ARG_WITH(rendezvous,
 [AS_HELP_STRING(--with-rendezvous,Enable Rendezvous support on MacOS X (experimental))],
 [ if test "x$withval" = "xyes" ; then
diff -Nura pure-ftpd-1.0.18.bef/src/ftpd.c pure-ftpd-1.0.18.work/src/ftpd.c
--- pure-ftpd-1.0.18.bef/src/ftpd.c	2004-04-27 20:32:42.000000000 +0200
+++ pure-ftpd-1.0.18.work/src/ftpd.c	2004-04-27 22:46:14.000000000 +0200
@@ -5092,7 +5092,11 @@
                 die(421, LOG_ERR, MSG_CONF_ERR ": TLS");
             }
             break;
-        }            
+        }
+	case '7': {
+	    tlscert_file = strdup(optarg);
+	    break;
+        }
 #endif
         case 'e': {
             anon_only = 1;
diff -Nura pure-ftpd-1.0.18.bef/src/ftpd_p.h pure-ftpd-1.0.18.work/src/ftpd_p.h
--- pure-ftpd-1.0.18.bef/src/ftpd_p.h	2004-04-27 20:32:42.000000000 +0200
+++ pure-ftpd-1.0.18.work/src/ftpd_p.h	2004-04-27 21:55:58.000000000 +0200
@@ -101,6 +101,7 @@
 #endif
 #ifdef WITH_TLS
     "Y:"
+    "7:"
 #endif    
     "zZ";
 
@@ -180,6 +181,7 @@
 # endif
 # ifdef WITH_TLS
     { "tls", 1, NULL, 'Y' },
+    { "sslcertfile", 1, NULL, '7'},
 # endif
     { "allowdotfiles", 0, NULL, 'z' },
     { "customerproof", 0, NULL, 'Z' },
diff -Nura pure-ftpd-1.0.18.bef/src/globals.h pure-ftpd-1.0.18.work/src/globals.h
--- pure-ftpd-1.0.18.bef/src/globals.h	2004-04-27 20:32:42.000000000 +0200
+++ pure-ftpd-1.0.18.work/src/globals.h	2004-04-27 22:48:38.000000000 +0200
@@ -167,6 +167,7 @@
 
 #ifdef WITH_TLS
 GLOBAL0(signed char enforce_tls_auth);
+GLOBAL0(char *tlscert_file);
 #endif
 
 GLOBAL0(char *atomic_prefix);
diff -Nura pure-ftpd-1.0.18.bef/src/tls.c pure-ftpd-1.0.18.work/src/tls.c
--- pure-ftpd-1.0.18.bef/src/tls.c	2004-04-27 20:32:42.000000000 +0200
+++ pure-ftpd-1.0.18.work/src/tls.c	2004-04-27 22:56:00.000000000 +0200
@@ -9,11 +9,12 @@
 # include "tls.h"
 # include "ftpwho-update.h"
 # include "messages.h"
+# include "globals.h"
 
 static void tls_error(void) 
 {
     logfile(LOG_ERR, "SSL/TLS [%s]: %s", 
-            TLS_CERTIFICATE_FILE,
+            tlscert_file,
             ERR_error_string(ERR_get_error(), NULL));
     _EXIT(EXIT_FAILURE);
 }
@@ -23,7 +24,7 @@
     DH *dh;
     BIO *bio;
 
-    if ((bio = BIO_new_file(TLS_CERTIFICATE_FILE, "r")) == NULL) {
+    if ((bio = BIO_new_file(tlscert_file, "r")) == NULL) {
         return -1;
     }
     if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL
@@ -65,11 +66,11 @@
     tls_init_cache();
     SSL_CTX_set_options(tls_ctx, SSL_OP_ALL);    
     if (SSL_CTX_use_certificate_chain_file
-        (tls_ctx, TLS_CERTIFICATE_FILE) != 1) {
+        (tls_ctx, tlscert_file) != 1) {
         die(421, LOG_ERR,
-            MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE);
+            MSG_FILE_DOESNT_EXIST ": [%s]", tlscert_file);
     }
-    if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE,
+    if (SSL_CTX_use_PrivateKey_file(tls_ctx, tlscert_file,
                                     SSL_FILETYPE_PEM) != 1) {
         tls_error();
     }
Commit	Line	Data
6eed5aa7	1	diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-config.pl.in pure-ftpd-1.0.18.work/configuration-file/pure-config.pl.in
	2	--- pure-ftpd-1.0.18.bef/configuration-file/pure-config.pl.in 2004-04-27 20:32:42.000000000 +0200
	3	+++ pure-ftpd-1.0.18.work/configuration-file/pure-config.pl.in 2004-04-27 21:55:08.000000000 +0200
	4	@@ -10,9 +10,6 @@
	5	my $PUREFTPD;
	6	-x && ($PUREFTPD=$_, last) for qw(
	7	${exec_prefix}/sbin/pure-ftpd
	8	- /usr/local/pure-ftpd/sbin/pure-ftpd
	9	- /usr/local/pureftpd/sbin/pure-ftpd
	10	- /usr/local/sbin/pure-ftpd
	11	/usr/sbin/pure-ftpd
	12	);
	13
	14	@@ -57,6 +54,7 @@
	15	TrustedIP => "-V",
	16	AltLog => "-O",
	17	PIDFile => "-g",
	18	+ SSLCertFile => "-7",
	19	);
	20
	21	my %numeric_switch_for = (
	22	diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-config.py.in pure-ftpd-1.0.18.work/configuration-file/pure-config.py.in
	23	--- pure-ftpd-1.0.18.bef/configuration-file/pure-config.py.in 2004-04-27 20:32:42.000000000 +0200
	24	+++ pure-ftpd-1.0.18.work/configuration-file/pure-config.py.in 2004-04-27 21:55:08.000000000 +0200
	25	@@ -111,7 +111,8 @@
	26	["NoTruncate\s+yes", "-0" ],
	27	["PIDFile\s+(\S+)", "-g", None ],
	28	["PerUserLimits\s+([:0-9]+)", "-y", None ],
	29	- ["TLSAuth\s+yes", "-Y", None ])
	30	+ ["TLSAuth\s+yes", "-Y", None ],
	31	+ ["SSLCertFile\s+(\S+)", "-7", None ])
	32
	33	for option in option_tuple:
	34	option[0] = re.compile(option[0], re.IGNORECASE)
	35	diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-ftpd.conf.in pure-ftpd-1.0.18.work/configuration-file/pure-ftpd.conf.in
	36	--- pure-ftpd-1.0.18.bef/configuration-file/pure-ftpd.conf.in 2004-04-27 20:32:42.000000000 +0200
	37	+++ pure-ftpd-1.0.18.work/configuration-file/pure-ftpd.conf.in 2004-04-27 21:55:08.000000000 +0200
	38	@@ -420,7 +420,8 @@
	39	# 3) Only compatible clients will log in.
	40
	41	# TLS 1
	42	-
	43	+# SSLCertFile /etc/ssl/private/pure-ftpd.pem
	44	+# or /var/lib/openssl/certs/ftpd.pem (current location in PLD)
	45
	46
	47	# Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
	48	diff -Nura pure-ftpd-1.0.18.bef/configure.ac pure-ftpd-1.0.18.work/configure.ac
	49	--- pure-ftpd-1.0.18.bef/configure.ac 2004-04-27 20:32:42.000000000 +0200
	50	+++ pure-ftpd-1.0.18.work/configure.ac 2004-04-27 20:49:46.000000000 +0200
	51	@@ -1226,17 +1226,6 @@
	52	AC_DEFINE(WITH_TLS,,[Enable TLS])
	53	fi
	54
	55	-AC_ARG_WITH(certfile,
	56	-[AS_HELP_STRING(--with-certfile=,certificate file (default: /etc/ssl/private/pure-ftpd.pem))],
	57	-[ if test "x$withval" != "x" ; then
	58	- certfile="$withval"
	59	- AC_SUBST(certfile)
	60	- CPPFLAGS="$CPPFLAGS -DTLS_CERTIFICATE_FILE='\"$certfile\"'"
	61	- if test -e "$certfile"; then
	62	- AC_MSG_WARN(No certificate is installed in $certfile yet)
	63	- fi
	64	- fi ])
65	-
66	AC_ARG_WITH(rendezvous,
67	[AS_HELP_STRING(--with-rendezvous,Enable Rendezvous support on MacOS X (experimental))],
68	[ if test "x$withval" = "xyes" ; then
69	diff -Nura pure-ftpd-1.0.18.bef/src/ftpd.c pure-ftpd-1.0.18.work/src/ftpd.c
70	--- pure-ftpd-1.0.18.bef/src/ftpd.c 2004-04-27 20:32:42.000000000 +0200
71	+++ pure-ftpd-1.0.18.work/src/ftpd.c 2004-04-27 22:46:14.000000000 +0200
72	@@ -5092,7 +5092,11 @@
73	die(421, LOG_ERR, MSG_CONF_ERR ": TLS");
74	}
75	break;
76	- }
77	+ }
78	+ case '7': {
79	+ tlscert_file = strdup(optarg);
80	+ break;
81	+ }
82	#endif
83	case 'e': {
84	anon_only = 1;
85	diff -Nura pure-ftpd-1.0.18.bef/src/ftpd_p.h pure-ftpd-1.0.18.work/src/ftpd_p.h
86	--- pure-ftpd-1.0.18.bef/src/ftpd_p.h 2004-04-27 20:32:42.000000000 +0200
87	+++ pure-ftpd-1.0.18.work/src/ftpd_p.h 2004-04-27 21:55:58.000000000 +0200
88	@@ -101,6 +101,7 @@
89	#endif
90	#ifdef WITH_TLS
91	"Y:"
92	+ "7:"
93	#endif
94	"zZ";
95
96	@@ -180,6 +181,7 @@
97	# endif
98	# ifdef WITH_TLS
99	{ "tls", 1, NULL, 'Y' },
100	+ { "sslcertfile", 1, NULL, '7'},
101	# endif
102	{ "allowdotfiles", 0, NULL, 'z' },
103	{ "customerproof", 0, NULL, 'Z' },
104	diff -Nura pure-ftpd-1.0.18.bef/src/globals.h pure-ftpd-1.0.18.work/src/globals.h
105	--- pure-ftpd-1.0.18.bef/src/globals.h 2004-04-27 20:32:42.000000000 +0200
106	+++ pure-ftpd-1.0.18.work/src/globals.h 2004-04-27 22:48:38.000000000 +0200
107	@@ -167,6 +167,7 @@
108
109	#ifdef WITH_TLS
110	GLOBAL0(signed char enforce_tls_auth);
111	+GLOBAL0(char *tlscert_file);
112	#endif
113
114	GLOBAL0(char *atomic_prefix);
115	diff -Nura pure-ftpd-1.0.18.bef/src/tls.c pure-ftpd-1.0.18.work/src/tls.c
116	--- pure-ftpd-1.0.18.bef/src/tls.c 2004-04-27 20:32:42.000000000 +0200
117	+++ pure-ftpd-1.0.18.work/src/tls.c 2004-04-27 22:56:00.000000000 +0200
118	@@ -9,11 +9,12 @@
119	# include "tls.h"
120	# include "ftpwho-update.h"
121	# include "messages.h"
122	+# include "globals.h"
123
124	static void tls_error(void)
125	{
126	logfile(LOG_ERR, "SSL/TLS [%s]: %s",
127	- TLS_CERTIFICATE_FILE,
128	+ tlscert_file,
129	ERR_error_string(ERR_get_error(), NULL));
130	_EXIT(EXIT_FAILURE);
131	}
132	@@ -23,7 +24,7 @@
133	DH *dh;
134	BIO *bio;
135
136	- if ((bio = BIO_new_file(TLS_CERTIFICATE_FILE, "r")) == NULL) {
137	+ if ((bio = BIO_new_file(tlscert_file, "r")) == NULL) {
138	return -1;
139	}
140	if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL
141	@@ -65,11 +66,11 @@
142	tls_init_cache();
143	SSL_CTX_set_options(tls_ctx, SSL_OP_ALL);
144	if (SSL_CTX_use_certificate_chain_file
145	- (tls_ctx, TLS_CERTIFICATE_FILE) != 1) {
146	+ (tls_ctx, tlscert_file) != 1) {
147	die(421, LOG_ERR,
148	- MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE);
149	+ MSG_FILE_DOESNT_EXIST ": [%s]", tlscert_file);
150	}
151	- if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE,
152	+ if (SSL_CTX_use_PrivateKey_file(tls_ctx, tlscert_file,
153	SSL_FILETYPE_PEM) != 1) {
154	tls_error();
155	}