1 diff -Nur pure-ftpd-1.0.20.bef/configuration-file/pure-config.pl.in pure-ftpd-1.0.20.new1/configuration-file/pure-config.pl.in
2 --- pure-ftpd-1.0.20.bef/configuration-file/pure-config.pl.in 2004-02-29 12:17:00.000000000 +0100
3 +++ pure-ftpd-1.0.20.new1/configuration-file/pure-config.pl.in 2004-08-17 10:42:26.000000000 +0200
11 my %numeric_switch_for = (
12 diff -Nur pure-ftpd-1.0.20.bef/configuration-file/pure-config.py.in pure-ftpd-1.0.20.new1/configuration-file/pure-config.py.in
13 --- pure-ftpd-1.0.20.bef/configuration-file/pure-config.py.in 2004-02-29 12:17:14.000000000 +0100
14 +++ pure-ftpd-1.0.20.new1/configuration-file/pure-config.py.in 2004-08-17 10:42:26.000000000 +0200
17 ["IPV4Only[\s]+yes", "-4" ],
18 ["IPV6Only[\s]+yes", "-6" ],
19 + ["SSLCertFile\s+(\S+)", "-7", None ],
20 ["ChrootEveryone[\s]+yes", "-A" ],
21 ["TrustedGID[\s]+([\d]+)", "-a", None ],
22 ["BrokenClientsCompatibility[\s]+yes", "-b" ],
23 diff -Nur pure-ftpd-1.0.20.bef/configuration-file/pure-ftpd.conf.in pure-ftpd-1.0.20.new1/configuration-file/pure-ftpd.conf.in
24 --- pure-ftpd-1.0.20.bef/configuration-file/pure-ftpd.conf.in 2004-08-17 10:27:33.000000000 +0200
25 +++ pure-ftpd-1.0.20.new1/configuration-file/pure-ftpd.conf.in 2004-08-17 10:42:26.000000000 +0200
27 # 3) Only compatible clients will log in.
31 +# SSLCertFile /etc/ssl/private/pure-ftpd.pem
32 +# or /var/lib/openssl/certs/ftpd.pem (current location in PLD)
35 # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
36 diff -Nur pure-ftpd-1.0.20.bef/man/pure-ftpd.8 pure-ftpd-1.0.20.new1/man/pure-ftpd.8
37 --- pure-ftpd-1.0.20.bef/man/pure-ftpd.8 2004-02-29 21:10:06.000000000 +0100
38 +++ pure-ftpd-1.0.20.new1/man/pure-ftpd.8 2004-08-17 10:42:26.000000000 +0200
40 pure\-ftpd \- simple File Transfer Protocol server
43 -.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
44 +.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-7 certificate file] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
56 \-A \-\-chrooteveryone
59 Listen only to IPv6 connections.
62 +Path to SSL certificate file.
65 Regular users will be chrooted to their home directories, unless
66 they belong to the specified gid. Note that root is always trusted,
67 diff -Nur pure-ftpd-1.0.20.bef/src/ftpd.c pure-ftpd-1.0.20.new1/src/ftpd.c
68 --- pure-ftpd-1.0.20.bef/src/ftpd.c 2004-07-17 15:28:22.000000000 +0200
69 +++ pure-ftpd-1.0.20.new1/src/ftpd.c 2004-08-17 12:59:11.000000000 +0200
70 @@ -5097,8 +5097,19 @@
71 enforce_tls_auth > 2) {
72 die(421, LOG_ERR, MSG_CONF_ERR ": TLS");
74 + if ((tlscert_file = strdup(TLS_CERTIFICATE_FILE)) == NULL)
80 + if (tlscert_file != NULL) {
81 + if (strlen(tlscert_file) > 0)
84 + if ((tlscert_file = strdup(optarg)) == NULL)
91 diff -Nur pure-ftpd-1.0.20.bef/src/ftpd_p.h pure-ftpd-1.0.20.new1/src/ftpd_p.h
92 --- pure-ftpd-1.0.20.bef/src/ftpd_p.h 2004-02-29 22:49:28.000000000 +0100
93 +++ pure-ftpd-1.0.20.new1/src/ftpd_p.h 2004-08-17 10:42:26.000000000 +0200
105 { "tls", 1, NULL, 'Y' },
106 + { "sslcertfile", 1, NULL, '7'},
108 { "allowdotfiles", 0, NULL, 'z' },
109 { "customerproof", 0, NULL, 'Z' },
110 diff -Nur pure-ftpd-1.0.20.bef/src/globals.h pure-ftpd-1.0.20.new1/src/globals.h
111 --- pure-ftpd-1.0.20.bef/src/globals.h 2004-02-29 22:49:28.000000000 +0100
112 +++ pure-ftpd-1.0.20.new1/src/globals.h 2004-08-17 10:42:26.000000000 +0200
116 GLOBAL0(signed char enforce_tls_auth);
117 +GLOBAL0(char *tlscert_file);
120 GLOBAL0(char *atomic_prefix);
121 diff -Nur pure-ftpd-1.0.20.bef/src/tls.c pure-ftpd-1.0.20.new1/src/tls.c
122 --- pure-ftpd-1.0.20.bef/src/tls.c 2004-02-29 22:49:27.000000000 +0100
123 +++ pure-ftpd-1.0.20.new1/src/tls.c 2004-08-17 10:42:26.000000000 +0200
126 # include "ftpwho-update.h"
127 # include "messages.h"
128 +# include "globals.h"
130 static void tls_error(void)
132 logfile(LOG_ERR, "SSL/TLS [%s]: %s",
133 - TLS_CERTIFICATE_FILE,
135 ERR_error_string(ERR_get_error(), NULL));
142 - if ((bio = BIO_new_file(TLS_CERTIFICATE_FILE, "r")) == NULL) {
143 + if ((bio = BIO_new_file(tlscert_file, "r")) == NULL) {
146 if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL
149 SSL_CTX_set_options(tls_ctx, SSL_OP_ALL);
150 if (SSL_CTX_use_certificate_chain_file
151 - (tls_ctx, TLS_CERTIFICATE_FILE) != 1) {
152 + (tls_ctx, tlscert_file) != 1) {
154 - MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE);
155 + MSG_FILE_DOESNT_EXIST ": [%s]", tlscert_file);
157 - if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE,
158 + if (SSL_CTX_use_PrivateKey_file(tls_ctx, tlscert_file,
159 SSL_FILETYPE_PEM) != 1) {