pure-ftpd-path_to_ssl_cert_in_config.patch

   1 diff -Nur b/configuration-file/pure-config.pl.in n/configuration-file/pure-config.pl.in
   2 --- b/configuration-file/pure-config.pl.in      2004-02-29 12:17:00.000000000 +0100
   3 +++ n/configuration-file/pure-config.pl.in      2004-09-15 17:02:28.545013000 +0200
   4 @@ -57,6 +57,7 @@
   5         TrustedIP               => "-V",
   6         AltLog                  => "-O",
   7         PIDFile                 => "-g",
   8 +       SSLCertFile             => "-7",
   9  );
  10
  11  my %numeric_switch_for = (
  12 diff -Nur b/configuration-file/pure-config.py.in n/configuration-file/pure-config.py.in
  13 --- b/configuration-file/pure-config.py.in      2004-02-29 12:17:14.000000000 +0100
  14 +++ n/configuration-file/pure-config.py.in      2004-09-15 17:02:28.546012000 +0200
  15 @@ -55,6 +55,7 @@
  16  option_tuple = (
  17      ["IPV4Only[\s]+yes",                   "-4"                  ],
  18      ["IPV6Only[\s]+yes",                   "-6"                  ],
  19 +    ["SSLCertFile\s+(\S+)",                "-7", None            ],
  20      ["ChrootEveryone[\s]+yes",             "-A"                  ],
  21      ["TrustedGID[\s]+([\d]+)",             "-a", None            ],
  22      ["BrokenClientsCompatibility[\s]+yes", "-b"                  ],
  23 diff -Nur b/configuration-file/pure-ftpd.conf.in n/configuration-file/pure-ftpd.conf.in
  24 --- b/configuration-file/pure-ftpd.conf.in      2004-09-15 17:03:04.281580000 +0200
  25 +++ n/configuration-file/pure-ftpd.conf.in      2004-09-15 17:02:28.547012000 +0200
  26 @@ -420,7 +420,8 @@
  27  # 3) Only compatible clients will log in.
  28
  29  # TLS                      1
  30 -
  31 +# SSLCertFile  /etc/ssl/private/pure-ftpd.pem
  32 +#              or /var/lib/openssl/certs/ftpd.pem (current location in PLD)
  33
  34
  35  # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
  36 diff -Nur b/man/pure-ftpd.8 n/man/pure-ftpd.8
  37 --- b/man/pure-ftpd.8   2004-02-29 21:10:06.000000000 +0100
  38 +++ n/man/pure-ftpd.8   2004-09-15 17:02:28.548012000 +0200
  39 @@ -9,7 +9,7 @@
  40  pure\-ftpd \- simple File Transfer Protocol server
  41
  42  .SH "SYNOPSIS"
  43 -.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
  44 +.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-7 certificate file] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
  45
  46  .br
  47  Alternative style :
  48 @@ -22,6 +22,8 @@
  49  .br
  50  \-6 \-\-ipv6only
  51  .br
  52 +\-7 \-\-sslcertfile
  53 +.br
  54  \-a \-\-trustedgid
  55  .br
  56  \-A \-\-chrooteveryone
  57 @@ -157,6 +159,9 @@
  58  .B \-6
  59  Listen only to IPv6 connections.
  60  .TP
  61 +.B \-7 file
  62 +Path to SSL certificate file.
  63 +.TP
  64  .B \-a gid
  65  Regular users will be chrooted to their home directories, unless
  66  they belong to the specified gid. Note that root is always trusted,
  67 diff -Nur b/src/ftpd.c n/src/ftpd.c
  68 --- b/src/ftpd.c        2004-09-15 18:05:29.951069216 +0200
  69 +++ n/src/ftpd.c        2004-09-15 18:03:14.172710664 +0200
  70 @@ -4830,7 +4830,7 @@
  71      int fodder;
  72      int bypass_ipv6 = 0;
  73      struct passwd *pw;
  74 -
  75 +
  76  #ifdef PROBE_RANDOM_AT_RUNTIME
  77      pw_zrand_probe();
  78  #endif
  79 @@ -5097,6 +5097,16 @@
  80                  enforce_tls_auth > 2) {
  81                  die(421, LOG_ERR, MSG_CONF_ERR ": TLS");
  82              }
  83 +           if (!tlscert_file)
  84 +                if ((tlscert_file = strdup(TLS_CERTIFICATE_FILE)) == NULL)
  85 +                    die_mem();
  86 +            break;
  87 +        }
  88 +       case '7': {
  89 +            if (tlscert_file)
  90 +                free(tlscert_file);
  91 +            if ((tlscert_file = strdup(optarg)) == NULL)
  92 +                die_mem();
  93              break;
  94          }
  95  #endif
  96 diff -Nur b/src/ftpd_p.h n/src/ftpd_p.h
  97 --- b/src/ftpd_p.h      2004-02-29 22:49:28.000000000 +0100
  98 +++ n/src/ftpd_p.h      2004-09-15 17:02:28.561010000 +0200
  99 @@ -101,6 +101,7 @@
 100  #endif
 101  #ifdef WITH_TLS
 102      "Y:"
 103 +    "7:"
 104  #endif
 105      "zZ";
 106
 107 @@ -180,6 +181,7 @@
 108  # endif
 109  # ifdef WITH_TLS
 110      { "tls", 1, NULL, 'Y' },
 111 +    { "sslcertfile", 1, NULL, '7'},
 112  # endif
 113      { "allowdotfiles", 0, NULL, 'z' },
 114      { "customerproof", 0, NULL, 'Z' },
 115 diff -Nur b/src/globals.h n/src/globals.h
 116 --- b/src/globals.h     2004-02-29 22:49:28.000000000 +0100
 117 +++ n/src/globals.h     2004-09-15 17:02:28.561010000 +0200
 118 @@ -167,6 +167,7 @@
 119
 120  #ifdef WITH_TLS
 121  GLOBAL0(signed char enforce_tls_auth);
 122 +GLOBAL0(char *tlscert_file);
 123  #endif
 124
 125  GLOBAL0(char *atomic_prefix);
 126 diff -Nur b/src/tls.c n/src/tls.c
 127 --- b/src/tls.c 2004-02-29 22:49:27.000000000 +0100
 128 +++ n/src/tls.c 2004-09-15 17:02:28.562010000 +0200
 129 @@ -9,11 +9,12 @@
 130  # include "tls.h"
 131  # include "ftpwho-update.h"
 132  # include "messages.h"
 133 +# include "globals.h"
 134
 135  static void tls_error(void)
 136  {
 137      logfile(LOG_ERR, "SSL/TLS [%s]: %s",
 138 -            TLS_CERTIFICATE_FILE,
 139 +            tlscert_file,
 140              ERR_error_string(ERR_get_error(), NULL));
 141      _EXIT(EXIT_FAILURE);
 142  }
 143 @@ -23,7 +24,7 @@
 144      DH *dh;
 145      BIO *bio;
 146
 147 -    if ((bio = BIO_new_file(TLS_CERTIFICATE_FILE, "r")) == NULL) {
 148 +    if ((bio = BIO_new_file(tlscert_file, "r")) == NULL) {
 149          return -1;
 150      }
 151      if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL
 152 @@ -65,11 +66,11 @@
 153      tls_init_cache();
 154      SSL_CTX_set_options(tls_ctx, SSL_OP_ALL);
 155      if (SSL_CTX_use_certificate_chain_file
 156 -        (tls_ctx, TLS_CERTIFICATE_FILE) != 1) {
 157 +        (tls_ctx, tlscert_file) != 1) {
 158          die(421, LOG_ERR,
 159 -            MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE);
 160 +            MSG_FILE_DOESNT_EXIST ": [%s]", tlscert_file);
 161      }
 162 -    if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE,
 163 +    if (SSL_CTX_use_PrivateKey_file(tls_ctx, tlscert_file,
 164                                      SSL_FILETYPE_PEM) != 1) {
 165          tls_error();
 166      }