1 diff -Nur b/configuration-file/pure-config.pl.in n/configuration-file/pure-config.pl.in
2 --- b/configuration-file/pure-config.pl.in 2004-02-29 12:17:00.000000000 +0100
3 +++ n/configuration-file/pure-config.pl.in 2004-09-15 17:02:28.545013000 +0200
11 my %numeric_switch_for = (
12 diff -Nur b/configuration-file/pure-config.py.in n/configuration-file/pure-config.py.in
13 --- b/configuration-file/pure-config.py.in 2004-02-29 12:17:14.000000000 +0100
14 +++ n/configuration-file/pure-config.py.in 2004-09-15 17:02:28.546012000 +0200
17 ["IPV4Only[\s]+yes", "-4" ],
18 ["IPV6Only[\s]+yes", "-6" ],
19 + ["SSLCertFile\s+(\S+)", "-7", None ],
20 ["ChrootEveryone[\s]+yes", "-A" ],
21 ["TrustedGID[\s]+([\d]+)", "-a", None ],
22 ["BrokenClientsCompatibility[\s]+yes", "-b" ],
23 diff -Nur b/configuration-file/pure-ftpd.conf.in n/configuration-file/pure-ftpd.conf.in
24 --- b/configuration-file/pure-ftpd.conf.in 2004-09-15 17:03:04.281580000 +0200
25 +++ n/configuration-file/pure-ftpd.conf.in 2004-09-15 17:02:28.547012000 +0200
27 # 3) Only compatible clients will log in.
32 +# Path to SSL certificate file. This is non-standard addition
33 +# and it might disappear in the future. If not present
34 +# default is /var/lib/openssl/certs/ftpd.pem for PLD.
36 +# SSLCertFile /etc/ssl/private/pure-ftpd.pem
40 # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
41 diff -Nur b/man/pure-ftpd.8 n/man/pure-ftpd.8
42 --- b/man/pure-ftpd.8 2004-02-29 21:10:06.000000000 +0100
43 +++ n/man/pure-ftpd.8 2004-09-15 17:02:28.548012000 +0200
45 pure\-ftpd \- simple File Transfer Protocol server
48 -.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
49 +.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-7 certificate file] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
61 \-A \-\-chrooteveryone
64 Listen only to IPv6 connections.
66 +.B \-7 SSL certificate file
67 +Path to SSL certificate file. If option \-7 is not present default value is /var/lib/openssl/certs/ftpd.pem for PLD. This is non\-standard addition. It might disappear in the future and meaning of \-7 option is not guaranted.
70 Regular users will be chrooted to their home directories, unless
71 they belong to the specified gid. Note that root is always trusted,
72 diff -Nur b/src/ftpd.c n/src/ftpd.c
73 --- b/src/ftpd.c 2004-09-15 18:05:29.951069216 +0200
74 +++ n/src/ftpd.c 2004-09-15 18:03:14.172710664 +0200
81 #ifdef PROBE_RANDOM_AT_RUNTIME
84 @@ -5097,6 +5097,15 @@
85 enforce_tls_auth > 2) {
86 die(421, LOG_ERR, MSG_CONF_ERR ": TLS");
89 + if ((tlscert_file = strdup(TLS_CERTIFICATE_FILE)) == NULL)
95 + if ((tlscert_file = strdup(optarg)) == NULL)
100 diff -Nur b/src/ftpd_p.h n/src/ftpd_p.h
101 --- b/src/ftpd_p.h 2004-02-29 22:49:28.000000000 +0100
102 +++ n/src/ftpd_p.h 2004-09-15 17:02:28.561010000 +0200
114 { "tls", 1, NULL, 'Y' },
115 + { "sslcertfile", 1, NULL, '7'},
117 { "allowdotfiles", 0, NULL, 'z' },
118 { "customerproof", 0, NULL, 'Z' },
119 diff -Nur b/src/globals.h n/src/globals.h
120 --- b/src/globals.h 2004-02-29 22:49:28.000000000 +0100
121 +++ n/src/globals.h 2004-09-15 17:02:28.561010000 +0200
125 GLOBAL0(signed char enforce_tls_auth);
126 +GLOBAL0(char *tlscert_file);
129 GLOBAL0(char *atomic_prefix);
130 diff -Nur b/src/tls.c n/src/tls.c
131 --- b/src/tls.c 2004-02-29 22:49:27.000000000 +0100
132 +++ n/src/tls.c 2004-09-15 17:02:28.562010000 +0200
135 # include "ftpwho-update.h"
136 # include "messages.h"
137 +# include "globals.h"
139 static void tls_error(void)
141 logfile(LOG_ERR, "SSL/TLS [%s]: %s",
142 - TLS_CERTIFICATE_FILE,
144 ERR_error_string(ERR_get_error(), NULL));
151 - if ((bio = BIO_new_file(TLS_CERTIFICATE_FILE, "r")) == NULL) {
152 + if ((bio = BIO_new_file(tlscert_file, "r")) == NULL) {
155 if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL
158 SSL_CTX_set_options(tls_ctx, SSL_OP_ALL);
159 if (SSL_CTX_use_certificate_chain_file
160 - (tls_ctx, TLS_CERTIFICATE_FILE) != 1) {
161 + (tls_ctx, tlscert_file) != 1) {
163 - MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE);
164 + MSG_FILE_DOESNT_EXIST ": [%s]", tlscert_file);
166 - if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE,
167 + if (SSL_CTX_use_PrivateKey_file(tls_ctx, tlscert_file,
168 SSL_FILETYPE_PEM) != 1) {