1 diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-config.pl.in pure-ftpd-1.0.18.work/configuration-file/pure-config.pl.in
2 --- pure-ftpd-1.0.18.bef/configuration-file/pure-config.pl.in 2004-04-27 20:32:42.000000000 +0200
3 +++ pure-ftpd-1.0.18.work/configuration-file/pure-config.pl.in 2004-04-27 21:55:08.000000000 +0200
6 -x && ($PUREFTPD=$_, last) for qw(
7 ${exec_prefix}/sbin/pure-ftpd
8 - /usr/local/pure-ftpd/sbin/pure-ftpd
9 - /usr/local/pureftpd/sbin/pure-ftpd
10 - /usr/local/sbin/pure-ftpd
18 + SSLCertFile => "-7",
21 my %numeric_switch_for = (
22 diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-config.py.in pure-ftpd-1.0.18.work/configuration-file/pure-config.py.in
23 --- pure-ftpd-1.0.18.bef/configuration-file/pure-config.py.in 2004-04-27 20:32:42.000000000 +0200
24 +++ pure-ftpd-1.0.18.work/configuration-file/pure-config.py.in 2004-04-27 21:55:08.000000000 +0200
26 ["NoTruncate\s+yes", "-0" ],
27 ["PIDFile\s+(\S+)", "-g", None ],
28 ["PerUserLimits\s+([:0-9]+)", "-y", None ],
29 - ["TLSAuth\s+yes", "-Y", None ])
30 + ["TLSAuth\s+yes", "-Y", None ],
31 + ["SSLCertFile\s+(\S+)", "-7", None ])
33 for option in option_tuple:
34 option[0] = re.compile(option[0], re.IGNORECASE)
35 diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-ftpd.conf.in pure-ftpd-1.0.18.work/configuration-file/pure-ftpd.conf.in
36 --- pure-ftpd-1.0.18.bef/configuration-file/pure-ftpd.conf.in 2004-04-27 20:32:42.000000000 +0200
37 +++ pure-ftpd-1.0.18.work/configuration-file/pure-ftpd.conf.in 2004-04-27 21:55:08.000000000 +0200
39 # 3) Only compatible clients will log in.
43 +# SSLCertFile /etc/ssl/private/pure-ftpd.pem
44 +# or /var/lib/openssl/certs/ftpd.pem (current location in PLD)
47 # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
48 diff -Nura pure-ftpd-1.0.18.bef/configure.ac pure-ftpd-1.0.18.work/configure.ac
49 --- pure-ftpd-1.0.18.bef/configure.ac 2004-04-27 20:32:42.000000000 +0200
50 +++ pure-ftpd-1.0.18.work/configure.ac 2004-04-27 20:49:46.000000000 +0200
51 @@ -1226,17 +1226,6 @@
52 AC_DEFINE(WITH_TLS,,[Enable TLS])
55 -AC_ARG_WITH(certfile,
56 -[AS_HELP_STRING(--with-certfile=,certificate file (default: /etc/ssl/private/pure-ftpd.pem))],
57 -[ if test "x$withval" != "x" ; then
60 - CPPFLAGS="$CPPFLAGS -DTLS_CERTIFICATE_FILE='\"$certfile\"'"
61 - if test -e "$certfile"; then
62 - AC_MSG_WARN(No certificate is installed in $certfile yet)
66 AC_ARG_WITH(rendezvous,
67 [AS_HELP_STRING(--with-rendezvous,Enable Rendezvous support on MacOS X (experimental))],
68 [ if test "x$withval" = "xyes" ; then
69 diff -Nura pure-ftpd-1.0.18.bef/src/ftpd.c pure-ftpd-1.0.18.work/src/ftpd.c
70 --- pure-ftpd-1.0.18.bef/src/ftpd.c 2004-04-27 20:32:42.000000000 +0200
71 +++ pure-ftpd-1.0.18.work/src/ftpd.c 2004-04-27 22:46:14.000000000 +0200
72 @@ -5092,7 +5092,11 @@
73 die(421, LOG_ERR, MSG_CONF_ERR ": TLS");
79 + tlscert_file = strdup(optarg);
85 diff -Nura pure-ftpd-1.0.18.bef/src/ftpd_p.h pure-ftpd-1.0.18.work/src/ftpd_p.h
86 --- pure-ftpd-1.0.18.bef/src/ftpd_p.h 2004-04-27 20:32:42.000000000 +0200
87 +++ pure-ftpd-1.0.18.work/src/ftpd_p.h 2004-04-27 21:55:58.000000000 +0200
99 { "tls", 1, NULL, 'Y' },
100 + { "sslcertfile", 1, NULL, '7'},
102 { "allowdotfiles", 0, NULL, 'z' },
103 { "customerproof", 0, NULL, 'Z' },
104 diff -Nura pure-ftpd-1.0.18.bef/src/globals.h pure-ftpd-1.0.18.work/src/globals.h
105 --- pure-ftpd-1.0.18.bef/src/globals.h 2004-04-27 20:32:42.000000000 +0200
106 +++ pure-ftpd-1.0.18.work/src/globals.h 2004-04-27 22:48:38.000000000 +0200
110 GLOBAL0(signed char enforce_tls_auth);
111 +GLOBAL0(char *tlscert_file);
114 GLOBAL0(char *atomic_prefix);
115 diff -Nura pure-ftpd-1.0.18.bef/src/tls.c pure-ftpd-1.0.18.work/src/tls.c
116 --- pure-ftpd-1.0.18.bef/src/tls.c 2004-04-27 20:32:42.000000000 +0200
117 +++ pure-ftpd-1.0.18.work/src/tls.c 2004-04-27 22:56:00.000000000 +0200
120 # include "ftpwho-update.h"
121 # include "messages.h"
122 +# include "globals.h"
124 static void tls_error(void)
126 logfile(LOG_ERR, "SSL/TLS [%s]: %s",
127 - TLS_CERTIFICATE_FILE,
129 ERR_error_string(ERR_get_error(), NULL));
136 - if ((bio = BIO_new_file(TLS_CERTIFICATE_FILE, "r")) == NULL) {
137 + if ((bio = BIO_new_file(tlscert_file, "r")) == NULL) {
140 if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL
143 SSL_CTX_set_options(tls_ctx, SSL_OP_ALL);
144 if (SSL_CTX_use_certificate_chain_file
145 - (tls_ctx, TLS_CERTIFICATE_FILE) != 1) {
146 + (tls_ctx, tlscert_file) != 1) {
148 - MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE);
149 + MSG_FILE_DOESNT_EXIST ": [%s]", tlscert_file);
151 - if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE,
152 + if (SSL_CTX_use_PrivateKey_file(tls_ctx, tlscert_file,
153 SSL_FILETYPE_PEM) != 1) {