1 diff -Nur b/configuration-file/pure-config.pl.in n/configuration-file/pure-config.pl.in
2 --- b/configuration-file/pure-config.pl.in 2004-02-29 12:17:00.000000000 +0100
3 +++ n/configuration-file/pure-config.pl.in 2004-09-15 17:02:28.545013000 +0200
11 my %numeric_switch_for = (
12 diff -Nur b/configuration-file/pure-config.py.in n/configuration-file/pure-config.py.in
13 --- b/configuration-file/pure-config.py.in 2004-02-29 12:17:14.000000000 +0100
14 +++ n/configuration-file/pure-config.py.in 2004-09-15 17:02:28.546012000 +0200
17 ["IPV4Only[\s]+yes", "-4" ],
18 ["IPV6Only[\s]+yes", "-6" ],
19 + ["SSLCertFile\s+(\S+)", "-7", None ],
20 ["ChrootEveryone[\s]+yes", "-A" ],
21 ["TrustedGID[\s]+([\d]+)", "-a", None ],
22 ["BrokenClientsCompatibility[\s]+yes", "-b" ],
23 diff -Nur b/configuration-file/pure-ftpd.conf.in n/configuration-file/pure-ftpd.conf.in
24 --- b/configuration-file/pure-ftpd.conf.in 2004-09-15 17:03:04.281580000 +0200
25 +++ n/configuration-file/pure-ftpd.conf.in 2004-09-15 17:02:28.547012000 +0200
27 # 3) Only compatible clients will log in.
31 +# SSLCertFile /etc/ssl/private/pure-ftpd.pem
32 +# or /var/lib/openssl/certs/ftpd.pem (current location in PLD)
35 # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
36 diff -Nur b/man/pure-ftpd.8 n/man/pure-ftpd.8
37 --- b/man/pure-ftpd.8 2004-02-29 21:10:06.000000000 +0100
38 +++ n/man/pure-ftpd.8 2004-09-15 17:02:28.548012000 +0200
40 pure\-ftpd \- simple File Transfer Protocol server
43 -.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
44 +.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-7 certificate file] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
56 \-A \-\-chrooteveryone
59 Listen only to IPv6 connections.
62 +Path to SSL certificate file.
65 Regular users will be chrooted to their home directories, unless
66 they belong to the specified gid. Note that root is always trusted,
67 diff -Nur b/src/ftpd.c n/src/ftpd.c
68 --- b/src/ftpd.c 2004-09-15 18:05:29.951069216 +0200
69 +++ n/src/ftpd.c 2004-09-15 18:03:14.172710664 +0200
76 #ifdef PROBE_RANDOM_AT_RUNTIME
79 @@ -5097,6 +5097,15 @@
80 enforce_tls_auth > 2) {
81 die(421, LOG_ERR, MSG_CONF_ERR ": TLS");
84 + if ((tlscert_file = strdup(TLS_CERTIFICATE_FILE)) == NULL)
90 + if ((tlscert_file = strdup(optarg)) == NULL)
95 diff -Nur b/src/ftpd_p.h n/src/ftpd_p.h
96 --- b/src/ftpd_p.h 2004-02-29 22:49:28.000000000 +0100
97 +++ n/src/ftpd_p.h 2004-09-15 17:02:28.561010000 +0200
109 { "tls", 1, NULL, 'Y' },
110 + { "sslcertfile", 1, NULL, '7'},
112 { "allowdotfiles", 0, NULL, 'z' },
113 { "customerproof", 0, NULL, 'Z' },
114 diff -Nur b/src/globals.h n/src/globals.h
115 --- b/src/globals.h 2004-02-29 22:49:28.000000000 +0100
116 +++ n/src/globals.h 2004-09-15 17:02:28.561010000 +0200
120 GLOBAL0(signed char enforce_tls_auth);
121 +GLOBAL0(char *tlscert_file);
124 GLOBAL0(char *atomic_prefix);
125 diff -Nur b/src/tls.c n/src/tls.c
126 --- b/src/tls.c 2004-02-29 22:49:27.000000000 +0100
127 +++ n/src/tls.c 2004-09-15 17:02:28.562010000 +0200
130 # include "ftpwho-update.h"
131 # include "messages.h"
132 +# include "globals.h"
134 static void tls_error(void)
136 logfile(LOG_ERR, "SSL/TLS [%s]: %s",
137 - TLS_CERTIFICATE_FILE,
139 ERR_error_string(ERR_get_error(), NULL));
146 - if ((bio = BIO_new_file(TLS_CERTIFICATE_FILE, "r")) == NULL) {
147 + if ((bio = BIO_new_file(tlscert_file, "r")) == NULL) {
150 if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL
153 SSL_CTX_set_options(tls_ctx, SSL_OP_ALL);
154 if (SSL_CTX_use_certificate_chain_file
155 - (tls_ctx, TLS_CERTIFICATE_FILE) != 1) {
156 + (tls_ctx, tlscert_file) != 1) {
158 - MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE);
159 + MSG_FILE_DOESNT_EXIST ": [%s]", tlscert_file);
161 - if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE,
162 + if (SSL_CTX_use_PrivateKey_file(tls_ctx, tlscert_file,
163 SSL_FILETYPE_PEM) != 1) {