1 diff -Nur b/configuration-file/pure-config.pl.in n/configuration-file/pure-config.pl.in
2 --- b/configuration-file/pure-config.pl.in 2004-02-29 12:17:00.000000000 +0100
3 +++ n/configuration-file/pure-config.pl.in 2004-09-15 17:02:28.545013000 +0200
11 my %numeric_switch_for = (
12 diff -Nur b/configuration-file/pure-config.py.in n/configuration-file/pure-config.py.in
13 --- b/configuration-file/pure-config.py.in 2004-02-29 12:17:14.000000000 +0100
14 +++ n/configuration-file/pure-config.py.in 2004-09-15 17:02:28.546012000 +0200
17 ["IPV4Only[\s]+yes", "-4" ],
18 ["IPV6Only[\s]+yes", "-6" ],
19 + ["SSLCertFile\s+(\S+)", "-7", None ],
20 ["ChrootEveryone[\s]+yes", "-A" ],
21 ["TrustedGID[\s]+([\d]+)", "-a", None ],
22 ["BrokenClientsCompatibility[\s]+yes", "-b" ],
23 diff -Nur b/configuration-file/pure-ftpd.conf.in n/configuration-file/pure-ftpd.conf.in
24 --- b/configuration-file/pure-ftpd.conf.in 2004-09-15 17:03:04.281580000 +0200
25 +++ n/configuration-file/pure-ftpd.conf.in 2004-09-15 17:02:28.547012000 +0200
27 # 3) Only compatible clients will log in.
31 +# SSLCertFile /etc/ssl/private/pure-ftpd.pem
32 +# or /var/lib/openssl/certs/ftpd.pem (current location in PLD)
35 # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
36 diff -Nur b/man/pure-ftpd.8 n/man/pure-ftpd.8
37 --- b/man/pure-ftpd.8 2004-02-29 21:10:06.000000000 +0100
38 +++ n/man/pure-ftpd.8 2004-09-15 17:02:28.548012000 +0200
40 pure\-ftpd \- simple File Transfer Protocol server
43 -.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
44 +.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-7 certificate file] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
56 \-A \-\-chrooteveryone
59 Listen only to IPv6 connections.
62 +Path to SSL certificate file.
65 Regular users will be chrooted to their home directories, unless
66 they belong to the specified gid. Note that root is always trusted,
67 diff -Nur b/src/ftpd.c n/src/ftpd.c
68 --- b/src/ftpd.c 2004-09-15 18:05:29.951069216 +0200
69 +++ n/src/ftpd.c 2004-09-15 18:03:14.172710664 +0200
76 #ifdef PROBE_RANDOM_AT_RUNTIME
79 @@ -5097,6 +5097,16 @@
80 enforce_tls_auth > 2) {
81 die(421, LOG_ERR, MSG_CONF_ERR ": TLS");
84 + if ((tlscert_file = strdup(TLS_CERTIFICATE_FILE)) == NULL)
91 + if ((tlscert_file = strdup(optarg)) == NULL)
96 diff -Nur b/src/ftpd_p.h n/src/ftpd_p.h
97 --- b/src/ftpd_p.h 2004-02-29 22:49:28.000000000 +0100
98 +++ n/src/ftpd_p.h 2004-09-15 17:02:28.561010000 +0200
110 { "tls", 1, NULL, 'Y' },
111 + { "sslcertfile", 1, NULL, '7'},
113 { "allowdotfiles", 0, NULL, 'z' },
114 { "customerproof", 0, NULL, 'Z' },
115 diff -Nur b/src/globals.h n/src/globals.h
116 --- b/src/globals.h 2004-02-29 22:49:28.000000000 +0100
117 +++ n/src/globals.h 2004-09-15 17:02:28.561010000 +0200
121 GLOBAL0(signed char enforce_tls_auth);
122 +GLOBAL0(char *tlscert_file);
125 GLOBAL0(char *atomic_prefix);
126 diff -Nur b/src/tls.c n/src/tls.c
127 --- b/src/tls.c 2004-02-29 22:49:27.000000000 +0100
128 +++ n/src/tls.c 2004-09-15 17:02:28.562010000 +0200
131 # include "ftpwho-update.h"
132 # include "messages.h"
133 +# include "globals.h"
135 static void tls_error(void)
137 logfile(LOG_ERR, "SSL/TLS [%s]: %s",
138 - TLS_CERTIFICATE_FILE,
140 ERR_error_string(ERR_get_error(), NULL));
147 - if ((bio = BIO_new_file(TLS_CERTIFICATE_FILE, "r")) == NULL) {
148 + if ((bio = BIO_new_file(tlscert_file, "r")) == NULL) {
151 if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL
154 SSL_CTX_set_options(tls_ctx, SSL_OP_ALL);
155 if (SSL_CTX_use_certificate_chain_file
156 - (tls_ctx, TLS_CERTIFICATE_FILE) != 1) {
157 + (tls_ctx, tlscert_file) != 1) {
159 - MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE);
160 + MSG_FILE_DOESNT_EXIST ": [%s]", tlscert_file);
162 - if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE,
163 + if (SSL_CTX_use_PrivateKey_file(tls_ctx, tlscert_file,
164 SSL_FILETYPE_PEM) != 1) {