]>
Commit | Line | Data |
---|---|---|
6eed5aa7 | 1 | diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-config.pl.in pure-ftpd-1.0.18.work/configuration-file/pure-config.pl.in |
2 | --- pure-ftpd-1.0.18.bef/configuration-file/pure-config.pl.in 2004-04-27 20:32:42.000000000 +0200 | |
3 | +++ pure-ftpd-1.0.18.work/configuration-file/pure-config.pl.in 2004-04-27 21:55:08.000000000 +0200 | |
4 | @@ -10,9 +10,6 @@ | |
5 | my $PUREFTPD; | |
6 | -x && ($PUREFTPD=$_, last) for qw( | |
7 | ${exec_prefix}/sbin/pure-ftpd | |
8 | - /usr/local/pure-ftpd/sbin/pure-ftpd | |
9 | - /usr/local/pureftpd/sbin/pure-ftpd | |
10 | - /usr/local/sbin/pure-ftpd | |
11 | /usr/sbin/pure-ftpd | |
12 | ); | |
13 | ||
14 | @@ -57,6 +54,7 @@ | |
15 | TrustedIP => "-V", | |
16 | AltLog => "-O", | |
17 | PIDFile => "-g", | |
18 | + SSLCertFile => "-7", | |
19 | ); | |
20 | ||
21 | my %numeric_switch_for = ( | |
22 | diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-config.py.in pure-ftpd-1.0.18.work/configuration-file/pure-config.py.in | |
23 | --- pure-ftpd-1.0.18.bef/configuration-file/pure-config.py.in 2004-04-27 20:32:42.000000000 +0200 | |
24 | +++ pure-ftpd-1.0.18.work/configuration-file/pure-config.py.in 2004-04-27 21:55:08.000000000 +0200 | |
25 | @@ -111,7 +111,8 @@ | |
26 | ["NoTruncate\s+yes", "-0" ], | |
27 | ["PIDFile\s+(\S+)", "-g", None ], | |
28 | ["PerUserLimits\s+([:0-9]+)", "-y", None ], | |
29 | - ["TLSAuth\s+yes", "-Y", None ]) | |
30 | + ["TLSAuth\s+yes", "-Y", None ], | |
31 | + ["SSLCertFile\s+(\S+)", "-7", None ]) | |
32 | ||
33 | for option in option_tuple: | |
34 | option[0] = re.compile(option[0], re.IGNORECASE) | |
35 | diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-ftpd.conf.in pure-ftpd-1.0.18.work/configuration-file/pure-ftpd.conf.in | |
36 | --- pure-ftpd-1.0.18.bef/configuration-file/pure-ftpd.conf.in 2004-04-27 20:32:42.000000000 +0200 | |
37 | +++ pure-ftpd-1.0.18.work/configuration-file/pure-ftpd.conf.in 2004-04-27 21:55:08.000000000 +0200 | |
38 | @@ -420,7 +420,8 @@ | |
39 | # 3) Only compatible clients will log in. | |
40 | ||
41 | # TLS 1 | |
42 | - | |
43 | +# SSLCertFile /etc/ssl/private/pure-ftpd.pem | |
44 | +# or /var/lib/openssl/certs/ftpd.pem (current location in PLD) | |
45 | ||
46 | ||
47 | # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6) | |
48 | diff -Nura pure-ftpd-1.0.18.bef/configure.ac pure-ftpd-1.0.18.work/configure.ac | |
49 | --- pure-ftpd-1.0.18.bef/configure.ac 2004-04-27 20:32:42.000000000 +0200 | |
50 | +++ pure-ftpd-1.0.18.work/configure.ac 2004-04-27 20:49:46.000000000 +0200 | |
51 | @@ -1226,17 +1226,6 @@ | |
52 | AC_DEFINE(WITH_TLS,,[Enable TLS]) | |
53 | fi | |
54 | ||
55 | -AC_ARG_WITH(certfile, | |
56 | -[AS_HELP_STRING(--with-certfile=,certificate file (default: /etc/ssl/private/pure-ftpd.pem))], | |
57 | -[ if test "x$withval" != "x" ; then | |
58 | - certfile="$withval" | |
59 | - AC_SUBST(certfile) | |
60 | - CPPFLAGS="$CPPFLAGS -DTLS_CERTIFICATE_FILE='\"$certfile\"'" | |
61 | - if test -e "$certfile"; then | |
62 | - AC_MSG_WARN(No certificate is installed in $certfile yet) | |
63 | - fi | |
64 | - fi ]) | |
65 | - | |
66 | AC_ARG_WITH(rendezvous, | |
67 | [AS_HELP_STRING(--with-rendezvous,Enable Rendezvous support on MacOS X (experimental))], | |
68 | [ if test "x$withval" = "xyes" ; then | |
69 | diff -Nura pure-ftpd-1.0.18.bef/src/ftpd.c pure-ftpd-1.0.18.work/src/ftpd.c | |
70 | --- pure-ftpd-1.0.18.bef/src/ftpd.c 2004-04-27 20:32:42.000000000 +0200 | |
71 | +++ pure-ftpd-1.0.18.work/src/ftpd.c 2004-04-27 22:46:14.000000000 +0200 | |
72 | @@ -5092,7 +5092,11 @@ | |
73 | die(421, LOG_ERR, MSG_CONF_ERR ": TLS"); | |
74 | } | |
75 | break; | |
76 | - } | |
77 | + } | |
78 | + case '7': { | |
79 | + tlscert_file = strdup(optarg); | |
80 | + break; | |
81 | + } | |
82 | #endif | |
83 | case 'e': { | |
84 | anon_only = 1; | |
85 | diff -Nura pure-ftpd-1.0.18.bef/src/ftpd_p.h pure-ftpd-1.0.18.work/src/ftpd_p.h | |
86 | --- pure-ftpd-1.0.18.bef/src/ftpd_p.h 2004-04-27 20:32:42.000000000 +0200 | |
87 | +++ pure-ftpd-1.0.18.work/src/ftpd_p.h 2004-04-27 21:55:58.000000000 +0200 | |
88 | @@ -101,6 +101,7 @@ | |
89 | #endif | |
90 | #ifdef WITH_TLS | |
91 | "Y:" | |
92 | + "7:" | |
93 | #endif | |
94 | "zZ"; | |
95 | ||
96 | @@ -180,6 +181,7 @@ | |
97 | # endif | |
98 | # ifdef WITH_TLS | |
99 | { "tls", 1, NULL, 'Y' }, | |
100 | + { "sslcertfile", 1, NULL, '7'}, | |
101 | # endif | |
102 | { "allowdotfiles", 0, NULL, 'z' }, | |
103 | { "customerproof", 0, NULL, 'Z' }, | |
104 | diff -Nura pure-ftpd-1.0.18.bef/src/globals.h pure-ftpd-1.0.18.work/src/globals.h | |
105 | --- pure-ftpd-1.0.18.bef/src/globals.h 2004-04-27 20:32:42.000000000 +0200 | |
106 | +++ pure-ftpd-1.0.18.work/src/globals.h 2004-04-27 22:48:38.000000000 +0200 | |
107 | @@ -167,6 +167,7 @@ | |
108 | ||
109 | #ifdef WITH_TLS | |
110 | GLOBAL0(signed char enforce_tls_auth); | |
111 | +GLOBAL0(char *tlscert_file); | |
112 | #endif | |
113 | ||
114 | GLOBAL0(char *atomic_prefix); | |
115 | diff -Nura pure-ftpd-1.0.18.bef/src/tls.c pure-ftpd-1.0.18.work/src/tls.c | |
116 | --- pure-ftpd-1.0.18.bef/src/tls.c 2004-04-27 20:32:42.000000000 +0200 | |
117 | +++ pure-ftpd-1.0.18.work/src/tls.c 2004-04-27 22:56:00.000000000 +0200 | |
118 | @@ -9,11 +9,12 @@ | |
119 | # include "tls.h" | |
120 | # include "ftpwho-update.h" | |
121 | # include "messages.h" | |
122 | +# include "globals.h" | |
123 | ||
124 | static void tls_error(void) | |
125 | { | |
126 | logfile(LOG_ERR, "SSL/TLS [%s]: %s", | |
127 | - TLS_CERTIFICATE_FILE, | |
128 | + tlscert_file, | |
129 | ERR_error_string(ERR_get_error(), NULL)); | |
130 | _EXIT(EXIT_FAILURE); | |
131 | } | |
132 | @@ -23,7 +24,7 @@ | |
133 | DH *dh; | |
134 | BIO *bio; | |
135 | ||
136 | - if ((bio = BIO_new_file(TLS_CERTIFICATE_FILE, "r")) == NULL) { | |
137 | + if ((bio = BIO_new_file(tlscert_file, "r")) == NULL) { | |
138 | return -1; | |
139 | } | |
140 | if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL | |
141 | @@ -65,11 +66,11 @@ | |
142 | tls_init_cache(); | |
143 | SSL_CTX_set_options(tls_ctx, SSL_OP_ALL); | |
144 | if (SSL_CTX_use_certificate_chain_file | |
145 | - (tls_ctx, TLS_CERTIFICATE_FILE) != 1) { | |
146 | + (tls_ctx, tlscert_file) != 1) { | |
147 | die(421, LOG_ERR, | |
148 | - MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE); | |
149 | + MSG_FILE_DOESNT_EXIST ": [%s]", tlscert_file); | |
150 | } | |
151 | - if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE, | |
152 | + if (SSL_CTX_use_PrivateKey_file(tls_ctx, tlscert_file, | |
153 | SSL_FILETYPE_PEM) != 1) { | |
154 | tls_error(); | |
155 | } |