1 diff -Nur pure-ftpd-1.0.20.bef/configuration-file/pure-config.pl.in pure-ftpd-1.0.20.new/configuration-file/pure-config.pl.in
2 --- pure-ftpd-1.0.20.bef/configuration-file/pure-config.pl.in 2004-02-29 12:17:00.000000000 +0100
3 +++ pure-ftpd-1.0.20.new/configuration-file/pure-config.pl.in 2004-08-17 02:00:46.000000000 +0200
11 my %numeric_switch_for = (
12 diff -Nur pure-ftpd-1.0.20.bef/configuration-file/pure-config.py.in pure-ftpd-1.0.20.new/configuration-file/pure-config.py.in
13 --- pure-ftpd-1.0.20.bef/configuration-file/pure-config.py.in 2004-02-29 12:17:14.000000000 +0100
14 +++ pure-ftpd-1.0.20.new/configuration-file/pure-config.py.in 2004-08-17 02:00:46.000000000 +0200
17 ["IPV4Only[\s]+yes", "-4" ],
18 ["IPV6Only[\s]+yes", "-6" ],
19 + ["SSLCertFile\s+(\S+)", "-7", None ],
20 ["ChrootEveryone[\s]+yes", "-A" ],
21 ["TrustedGID[\s]+([\d]+)", "-a", None ],
22 ["BrokenClientsCompatibility[\s]+yes", "-b" ],
23 diff -Nur pure-ftpd-1.0.20.bef/configuration-file/pure-ftpd.conf.in pure-ftpd-1.0.20.new/configuration-file/pure-ftpd.conf.in
24 --- pure-ftpd-1.0.20.bef/configuration-file/pure-ftpd.conf.in 2004-08-17 02:01:13.000000000 +0200
25 +++ pure-ftpd-1.0.20.new/configuration-file/pure-ftpd.conf.in 2004-08-17 02:00:46.000000000 +0200
27 # 3) Only compatible clients will log in.
31 +# SSLCertFile /etc/ssl/private/pure-ftpd.pem
32 +# or /var/lib/openssl/certs/ftpd.pem (current location in PLD)
35 # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
36 diff -Nur pure-ftpd-1.0.20.bef/configure.ac pure-ftpd-1.0.20.new/configure.ac
37 --- pure-ftpd-1.0.20.bef/configure.ac 2004-06-20 19:41:27.000000000 +0200
38 +++ pure-ftpd-1.0.20.new/configure.ac 2004-08-17 02:00:46.000000000 +0200
39 @@ -1226,17 +1226,6 @@
40 AC_DEFINE(WITH_TLS,,[Enable TLS])
43 -AC_ARG_WITH(certfile,
44 -[AS_HELP_STRING(--with-certfile=,certificate file (default: /etc/ssl/private/pure-ftpd.pem))],
45 -[ if test "x$withval" != "x" ; then
48 - CPPFLAGS="$CPPFLAGS -DTLS_CERTIFICATE_FILE='\"$certfile\"'"
49 - if test -e "$certfile"; then
50 - AC_MSG_WARN(No certificate is installed in $certfile yet)
54 AC_ARG_WITH(rendezvous,
55 [AS_HELP_STRING(--with-rendezvous,Enable Rendezvous support on MacOS X (experimental))],
56 [ if test "x$withval" = "xyes" ; then
57 diff -Nur pure-ftpd-1.0.20.bef/man/pure-ftpd.8 pure-ftpd-1.0.20.new/man/pure-ftpd.8
58 --- pure-ftpd-1.0.20.bef/man/pure-ftpd.8 2004-02-29 21:10:06.000000000 +0100
59 +++ pure-ftpd-1.0.20.new/man/pure-ftpd.8 2004-08-17 02:00:46.000000000 +0200
61 pure\-ftpd \- simple File Transfer Protocol server
64 -.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
65 +.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-7 certificate file] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
77 \-A \-\-chrooteveryone
80 Listen only to IPv6 connections.
83 +Path to SSL certificate file.
86 Regular users will be chrooted to their home directories, unless
87 they belong to the specified gid. Note that root is always trusted,
88 diff -Nur pure-ftpd-1.0.20.bef/src/ftpd.c pure-ftpd-1.0.20.new/src/ftpd.c
89 --- pure-ftpd-1.0.20.bef/src/ftpd.c 2004-07-17 15:28:22.000000000 +0200
90 +++ pure-ftpd-1.0.20.new/src/ftpd.c 2004-08-17 02:46:00.000000000 +0200
91 @@ -5097,8 +5097,15 @@
92 enforce_tls_auth > 2) {
93 die(421, LOG_ERR, MSG_CONF_ERR ": TLS");
95 + if ((tlscert_file = strdup("")) == NULL)
101 + if ((tlscert_file = strdup(optarg)) == NULL)
108 diff -Nur pure-ftpd-1.0.20.bef/src/ftpd.h pure-ftpd-1.0.20.new/src/ftpd.h
109 --- pure-ftpd-1.0.20.bef/src/ftpd.h 2004-03-02 20:08:59.000000000 +0100
110 +++ pure-ftpd-1.0.20.new/src/ftpd.h 2004-08-17 02:00:46.000000000 +0200
112 # define VHOST_PATH CONFDIR "/pure-ftpd"
116 -# ifndef TLS_CERTIFICATE_FILE
117 -# define TLS_CERTIFICATE_FILE "/etc/ssl/private/pure-ftpd.pem"
121 #define FAKE_SHELL "ftp"
124 diff -Nur pure-ftpd-1.0.20.bef/src/ftpd_p.h pure-ftpd-1.0.20.new/src/ftpd_p.h
125 --- pure-ftpd-1.0.20.bef/src/ftpd_p.h 2004-02-29 22:49:28.000000000 +0100
126 +++ pure-ftpd-1.0.20.new/src/ftpd_p.h 2004-08-17 02:00:46.000000000 +0200
138 { "tls", 1, NULL, 'Y' },
139 + { "sslcertfile", 1, NULL, '7'},
141 { "allowdotfiles", 0, NULL, 'z' },
142 { "customerproof", 0, NULL, 'Z' },
143 diff -Nur pure-ftpd-1.0.20.bef/src/globals.h pure-ftpd-1.0.20.new/src/globals.h
144 --- pure-ftpd-1.0.20.bef/src/globals.h 2004-02-29 22:49:28.000000000 +0100
145 +++ pure-ftpd-1.0.20.new/src/globals.h 2004-08-17 02:00:46.000000000 +0200
149 GLOBAL0(signed char enforce_tls_auth);
150 +GLOBAL0(char *tlscert_file);
153 GLOBAL0(char *atomic_prefix);
154 diff -Nur pure-ftpd-1.0.20.bef/src/tls.c pure-ftpd-1.0.20.new/src/tls.c
155 --- pure-ftpd-1.0.20.bef/src/tls.c 2004-02-29 22:49:27.000000000 +0100
156 +++ pure-ftpd-1.0.20.new/src/tls.c 2004-08-17 02:00:46.000000000 +0200
159 # include "ftpwho-update.h"
160 # include "messages.h"
161 +# include "globals.h"
163 static void tls_error(void)
165 logfile(LOG_ERR, "SSL/TLS [%s]: %s",
166 - TLS_CERTIFICATE_FILE,
168 ERR_error_string(ERR_get_error(), NULL));
175 - if ((bio = BIO_new_file(TLS_CERTIFICATE_FILE, "r")) == NULL) {
176 + if ((bio = BIO_new_file(tlscert_file, "r")) == NULL) {
179 if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL
182 SSL_CTX_set_options(tls_ctx, SSL_OP_ALL);
183 if (SSL_CTX_use_certificate_chain_file
184 - (tls_ctx, TLS_CERTIFICATE_FILE) != 1) {
185 + (tls_ctx, tlscert_file) != 1) {
187 - MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE);
188 + MSG_FILE_DOESNT_EXIST ": [%s]", tlscert_file);
190 - if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE,
191 + if (SSL_CTX_use_PrivateKey_file(tls_ctx, tlscert_file,
192 SSL_FILETYPE_PEM) != 1) {