1 diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-config.pl.in pure-ftpd-1.0.18.work/configuration-file/pure-config.pl.in
2 --- pure-ftpd-1.0.18.bef/configuration-file/pure-config.pl.in 2004-04-27 20:32:42.000000000 +0200
3 +++ pure-ftpd-1.0.18.work/configuration-file/pure-config.pl.in 2004-04-28 09:42:30.000000000 +0200
11 my %numeric_switch_for = (
12 diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-config.py.in pure-ftpd-1.0.18.work/configuration-file/pure-config.py.in
13 --- pure-ftpd-1.0.18.bef/configuration-file/pure-config.py.in 2004-04-27 20:32:42.000000000 +0200
14 +++ pure-ftpd-1.0.18.work/configuration-file/pure-config.py.in 2004-04-28 09:43:30.000000000 +0200
17 ["IPV4Only[\s]+yes", "-4" ],
18 ["IPV6Only[\s]+yes", "-6" ],
19 + ["SSLCertFile\s+(\S+)", "-7", None ],
20 ["ChrootEveryone[\s]+yes", "-A" ],
21 ["TrustedGID[\s]+([\d]+)", "-a", None ],
22 ["BrokenClientsCompatibility[\s]+yes", "-b" ],
23 diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-ftpd.conf.in pure-ftpd-1.0.18.work/configuration-file/pure-ftpd.conf.in
24 --- pure-ftpd-1.0.18.bef/configuration-file/pure-ftpd.conf.in 2004-04-27 20:32:42.000000000 +0200
25 +++ pure-ftpd-1.0.18.work/configuration-file/pure-ftpd.conf.in 2004-04-27 21:55:08.000000000 +0200
27 # 3) Only compatible clients will log in.
31 +# SSLCertFile /etc/ssl/private/pure-ftpd.pem
32 +# or /var/lib/openssl/certs/ftpd.pem (current location in PLD)
35 # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
36 diff -Nura pure-ftpd-1.0.18.bef/configure.ac pure-ftpd-1.0.18.work/configure.ac
37 --- pure-ftpd-1.0.18.bef/configure.ac 2004-04-27 20:32:42.000000000 +0200
38 +++ pure-ftpd-1.0.18.work/configure.ac 2004-04-27 20:49:46.000000000 +0200
39 @@ -1226,17 +1226,6 @@
40 AC_DEFINE(WITH_TLS,,[Enable TLS])
43 -AC_ARG_WITH(certfile,
44 -[AS_HELP_STRING(--with-certfile=,certificate file (default: /etc/ssl/private/pure-ftpd.pem))],
45 -[ if test "x$withval" != "x" ; then
48 - CPPFLAGS="$CPPFLAGS -DTLS_CERTIFICATE_FILE='\"$certfile\"'"
49 - if test -e "$certfile"; then
50 - AC_MSG_WARN(No certificate is installed in $certfile yet)
54 AC_ARG_WITH(rendezvous,
55 [AS_HELP_STRING(--with-rendezvous,Enable Rendezvous support on MacOS X (experimental))],
56 [ if test "x$withval" = "xyes" ; then
57 diff -Nura pure-ftpd-1.0.18.bef/man/pure-ftpd.8 pure-ftpd-1.0.18.work/man/pure-ftpd.8
58 --- pure-ftpd-1.0.18.bef/man/pure-ftpd.8 2004-04-27 20:32:42.000000000 +0200
59 +++ pure-ftpd-1.0.18.work/man/pure-ftpd.8 2004-04-28 10:04:54.000000000 +0200
61 pure\-ftpd \- simple File Transfer Protocol server
64 -.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
65 +.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-7 certificate file] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
77 \-A \-\-chrooteveryone
80 Listen only to IPv6 connections.
83 +Path to SSL certificate file.
86 Regular users will be chrooted to their home directories, unless
87 they belong to the specified gid. Note that root is always trusted,
88 diff -Nura pure-ftpd-1.0.18.bef/src/ftpd.c pure-ftpd-1.0.18.work/src/ftpd.c
89 --- pure-ftpd-1.0.18.bef/src/ftpd.c 2004-04-27 20:32:42.000000000 +0200
90 +++ pure-ftpd-1.0.18.work/src/ftpd.c 2004-04-27 22:46:14.000000000 +0200
91 @@ -5092,7 +5092,11 @@
92 die(421, LOG_ERR, MSG_CONF_ERR ": TLS");
98 + tlscert_file = strdup(optarg);
104 diff -Nura pure-ftpd-1.0.18.bef/src/ftpd.h pure-ftpd-1.0.18.work/src/ftpd.h
105 --- pure-ftpd-1.0.18.bef/src/ftpd.h 2004-04-27 20:32:42.000000000 +0200
106 +++ pure-ftpd-1.0.18.work/src/ftpd.h 2004-04-28 09:20:03.000000000 +0200
108 # define VHOST_PATH CONFDIR "/pure-ftpd"
112 -# ifndef TLS_CERTIFICATE_FILE
113 -# define TLS_CERTIFICATE_FILE "/etc/ssl/private/pure-ftpd.pem"
117 #define FAKE_SHELL "ftp"
120 diff -Nura pure-ftpd-1.0.18.bef/src/ftpd_p.h pure-ftpd-1.0.18.work/src/ftpd_p.h
121 --- pure-ftpd-1.0.18.bef/src/ftpd_p.h 2004-04-27 20:32:42.000000000 +0200
122 +++ pure-ftpd-1.0.18.work/src/ftpd_p.h 2004-04-27 21:55:58.000000000 +0200
134 { "tls", 1, NULL, 'Y' },
135 + { "sslcertfile", 1, NULL, '7'},
137 { "allowdotfiles", 0, NULL, 'z' },
138 { "customerproof", 0, NULL, 'Z' },
139 diff -Nura pure-ftpd-1.0.18.bef/src/globals.h pure-ftpd-1.0.18.work/src/globals.h
140 --- pure-ftpd-1.0.18.bef/src/globals.h 2004-04-27 20:32:42.000000000 +0200
141 +++ pure-ftpd-1.0.18.work/src/globals.h 2004-04-27 22:48:38.000000000 +0200
145 GLOBAL0(signed char enforce_tls_auth);
146 +GLOBAL0(char *tlscert_file);
149 GLOBAL0(char *atomic_prefix);
150 diff -Nura pure-ftpd-1.0.18.bef/src/tls.c pure-ftpd-1.0.18.work/src/tls.c
151 --- pure-ftpd-1.0.18.bef/src/tls.c 2004-04-27 20:32:42.000000000 +0200
152 +++ pure-ftpd-1.0.18.work/src/tls.c 2004-04-27 22:56:00.000000000 +0200
155 # include "ftpwho-update.h"
156 # include "messages.h"
157 +# include "globals.h"
159 static void tls_error(void)
161 logfile(LOG_ERR, "SSL/TLS [%s]: %s",
162 - TLS_CERTIFICATE_FILE,
164 ERR_error_string(ERR_get_error(), NULL));
171 - if ((bio = BIO_new_file(TLS_CERTIFICATE_FILE, "r")) == NULL) {
172 + if ((bio = BIO_new_file(tlscert_file, "r")) == NULL) {
175 if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL
178 SSL_CTX_set_options(tls_ctx, SSL_OP_ALL);
179 if (SSL_CTX_use_certificate_chain_file
180 - (tls_ctx, TLS_CERTIFICATE_FILE) != 1) {
181 + (tls_ctx, tlscert_file) != 1) {
183 - MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE);
184 + MSG_FILE_DOESNT_EXIST ": [%s]", tlscert_file);
186 - if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE,
187 + if (SSL_CTX_use_PrivateKey_file(tls_ctx, tlscert_file,
188 SSL_FILETYPE_PEM) != 1) {