]>
Commit | Line | Data |
---|---|---|
1 | diff -Nur pure-ftpd-1.0.20.bef/configuration-file/pure-config.pl.in pure-ftpd-1.0.20.new1/configuration-file/pure-config.pl.in | |
2 | --- pure-ftpd-1.0.20.bef/configuration-file/pure-config.pl.in 2004-02-29 12:17:00.000000000 +0100 | |
3 | +++ pure-ftpd-1.0.20.new1/configuration-file/pure-config.pl.in 2004-08-17 10:42:26.000000000 +0200 | |
4 | @@ -57,6 +57,7 @@ | |
5 | TrustedIP => "-V", | |
6 | AltLog => "-O", | |
7 | PIDFile => "-g", | |
8 | + SSLCertFile => "-7", | |
9 | ); | |
10 | ||
11 | my %numeric_switch_for = ( | |
12 | diff -Nur pure-ftpd-1.0.20.bef/configuration-file/pure-config.py.in pure-ftpd-1.0.20.new1/configuration-file/pure-config.py.in | |
13 | --- pure-ftpd-1.0.20.bef/configuration-file/pure-config.py.in 2004-02-29 12:17:14.000000000 +0100 | |
14 | +++ pure-ftpd-1.0.20.new1/configuration-file/pure-config.py.in 2004-08-17 10:42:26.000000000 +0200 | |
15 | @@ -55,6 +55,7 @@ | |
16 | option_tuple = ( | |
17 | ["IPV4Only[\s]+yes", "-4" ], | |
18 | ["IPV6Only[\s]+yes", "-6" ], | |
19 | + ["SSLCertFile\s+(\S+)", "-7", None ], | |
20 | ["ChrootEveryone[\s]+yes", "-A" ], | |
21 | ["TrustedGID[\s]+([\d]+)", "-a", None ], | |
22 | ["BrokenClientsCompatibility[\s]+yes", "-b" ], | |
23 | diff -Nur pure-ftpd-1.0.20.bef/configuration-file/pure-ftpd.conf.in pure-ftpd-1.0.20.new1/configuration-file/pure-ftpd.conf.in | |
24 | --- pure-ftpd-1.0.20.bef/configuration-file/pure-ftpd.conf.in 2004-08-17 10:27:33.000000000 +0200 | |
25 | +++ pure-ftpd-1.0.20.new1/configuration-file/pure-ftpd.conf.in 2004-08-17 10:42:26.000000000 +0200 | |
26 | @@ -420,7 +420,8 @@ | |
27 | # 3) Only compatible clients will log in. | |
28 | ||
29 | # TLS 1 | |
30 | - | |
31 | +# SSLCertFile /etc/ssl/private/pure-ftpd.pem | |
32 | +# or /var/lib/openssl/certs/ftpd.pem (current location in PLD) | |
33 | ||
34 | ||
35 | # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6) | |
36 | diff -Nur pure-ftpd-1.0.20.bef/man/pure-ftpd.8 pure-ftpd-1.0.20.new1/man/pure-ftpd.8 | |
37 | --- pure-ftpd-1.0.20.bef/man/pure-ftpd.8 2004-02-29 21:10:06.000000000 +0100 | |
38 | +++ pure-ftpd-1.0.20.new1/man/pure-ftpd.8 2004-08-17 10:42:26.000000000 +0200 | |
39 | @@ -9,7 +9,7 @@ | |
40 | pure\-ftpd \- simple File Transfer Protocol server | |
41 | ||
42 | .SH "SYNOPSIS" | |
43 | -.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z] | |
44 | +.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-7 certificate file] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z] | |
45 | ||
46 | .br | |
47 | Alternative style : | |
48 | @@ -22,6 +22,8 @@ | |
49 | .br | |
50 | \-6 \-\-ipv6only | |
51 | .br | |
52 | +\-7 \-\-sslcertfile | |
53 | +.br | |
54 | \-a \-\-trustedgid | |
55 | .br | |
56 | \-A \-\-chrooteveryone | |
57 | @@ -157,6 +159,9 @@ | |
58 | .B \-6 | |
59 | Listen only to IPv6 connections. | |
60 | .TP | |
61 | +.B \-7 file | |
62 | +Path to SSL certificate file. | |
63 | +.TP | |
64 | .B \-a gid | |
65 | Regular users will be chrooted to their home directories, unless | |
66 | they belong to the specified gid. Note that root is always trusted, | |
67 | diff -Nur pure-ftpd-1.0.20.bef/src/ftpd.c pure-ftpd-1.0.20.new1/src/ftpd.c | |
68 | --- pure-ftpd-1.0.20.bef/src/ftpd.c 2004-07-17 15:28:22.000000000 +0200 | |
69 | +++ pure-ftpd-1.0.20.new1/src/ftpd.c 2004-08-17 12:59:11.000000000 +0200 | |
70 | @@ -5097,8 +5097,19 @@ | |
71 | enforce_tls_auth > 2) { | |
72 | die(421, LOG_ERR, MSG_CONF_ERR ": TLS"); | |
73 | } | |
74 | + if ((tlscert_file = strdup(TLS_CERTIFICATE_FILE)) == NULL) | |
75 | + die_mem(); | |
76 | break; | |
77 | - } | |
78 | + } | |
79 | + case '7': { | |
80 | + if (tlscert_file != NULL) { | |
81 | + if (strlen(tlscert_file) > (size_t)0) | |
82 | + free(tlscert_file); | |
83 | + } | |
84 | + if ((tlscert_file = strdup(optarg)) == NULL) | |
85 | + die_mem(); | |
86 | + break; | |
87 | + } | |
88 | #endif | |
89 | case 'e': { | |
90 | anon_only = 1; | |
91 | diff -Nur pure-ftpd-1.0.20.bef/src/ftpd_p.h pure-ftpd-1.0.20.new1/src/ftpd_p.h | |
92 | --- pure-ftpd-1.0.20.bef/src/ftpd_p.h 2004-02-29 22:49:28.000000000 +0100 | |
93 | +++ pure-ftpd-1.0.20.new1/src/ftpd_p.h 2004-08-17 10:42:26.000000000 +0200 | |
94 | @@ -101,6 +101,7 @@ | |
95 | #endif | |
96 | #ifdef WITH_TLS | |
97 | "Y:" | |
98 | + "7:" | |
99 | #endif | |
100 | "zZ"; | |
101 | ||
102 | @@ -180,6 +181,7 @@ | |
103 | # endif | |
104 | # ifdef WITH_TLS | |
105 | { "tls", 1, NULL, 'Y' }, | |
106 | + { "sslcertfile", 1, NULL, '7'}, | |
107 | # endif | |
108 | { "allowdotfiles", 0, NULL, 'z' }, | |
109 | { "customerproof", 0, NULL, 'Z' }, | |
110 | diff -Nur pure-ftpd-1.0.20.bef/src/globals.h pure-ftpd-1.0.20.new1/src/globals.h | |
111 | --- pure-ftpd-1.0.20.bef/src/globals.h 2004-02-29 22:49:28.000000000 +0100 | |
112 | +++ pure-ftpd-1.0.20.new1/src/globals.h 2004-08-17 10:42:26.000000000 +0200 | |
113 | @@ -167,6 +167,7 @@ | |
114 | ||
115 | #ifdef WITH_TLS | |
116 | GLOBAL0(signed char enforce_tls_auth); | |
117 | +GLOBAL0(char *tlscert_file); | |
118 | #endif | |
119 | ||
120 | GLOBAL0(char *atomic_prefix); | |
121 | diff -Nur pure-ftpd-1.0.20.bef/src/tls.c pure-ftpd-1.0.20.new1/src/tls.c | |
122 | --- pure-ftpd-1.0.20.bef/src/tls.c 2004-02-29 22:49:27.000000000 +0100 | |
123 | +++ pure-ftpd-1.0.20.new1/src/tls.c 2004-08-17 10:42:26.000000000 +0200 | |
124 | @@ -9,11 +9,12 @@ | |
125 | # include "tls.h" | |
126 | # include "ftpwho-update.h" | |
127 | # include "messages.h" | |
128 | +# include "globals.h" | |
129 | ||
130 | static void tls_error(void) | |
131 | { | |
132 | logfile(LOG_ERR, "SSL/TLS [%s]: %s", | |
133 | - TLS_CERTIFICATE_FILE, | |
134 | + tlscert_file, | |
135 | ERR_error_string(ERR_get_error(), NULL)); | |
136 | _EXIT(EXIT_FAILURE); | |
137 | } | |
138 | @@ -23,7 +24,7 @@ | |
139 | DH *dh; | |
140 | BIO *bio; | |
141 | ||
142 | - if ((bio = BIO_new_file(TLS_CERTIFICATE_FILE, "r")) == NULL) { | |
143 | + if ((bio = BIO_new_file(tlscert_file, "r")) == NULL) { | |
144 | return -1; | |
145 | } | |
146 | if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL | |
147 | @@ -65,11 +66,11 @@ | |
148 | tls_init_cache(); | |
149 | SSL_CTX_set_options(tls_ctx, SSL_OP_ALL); | |
150 | if (SSL_CTX_use_certificate_chain_file | |
151 | - (tls_ctx, TLS_CERTIFICATE_FILE) != 1) { | |
152 | + (tls_ctx, tlscert_file) != 1) { | |
153 | die(421, LOG_ERR, | |
154 | - MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE); | |
155 | + MSG_FILE_DOESNT_EXIST ": [%s]", tlscert_file); | |
156 | } | |
157 | - if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE, | |
158 | + if (SSL_CTX_use_PrivateKey_file(tls_ctx, tlscert_file, | |
159 | SSL_FILETYPE_PEM) != 1) { | |
160 | tls_error(); | |
161 | } |