pure-ftpd-path_to_ssl_cert_in_config.patch

   1 diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-config.pl.in pure-ftpd-1.0.18.work/configuration-file/pure-config.pl.in
   2 --- pure-ftpd-1.0.18.bef/configuration-file/pure-config.pl.in   2004-04-27 20:32:42.000000000 +0200
   3 +++ pure-ftpd-1.0.18.work/configuration-file/pure-config.pl.in  2004-04-28 09:42:30.000000000 +0200
   4 @@ -57,6 +57,7 @@
   5         TrustedIP               => "-V",
   6         AltLog                  => "-O",
   7         PIDFile                 => "-g",
   8 +       SSLCertFile             => "-7",
   9  );
  10
  11  my %numeric_switch_for = (
  12 diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-config.py.in pure-ftpd-1.0.18.work/configuration-file/pure-config.py.in
  13 --- pure-ftpd-1.0.18.bef/configuration-file/pure-config.py.in   2004-04-27 20:32:42.000000000 +0200
  14 +++ pure-ftpd-1.0.18.work/configuration-file/pure-config.py.in  2004-04-28 09:43:30.000000000 +0200
  15 @@ -55,6 +55,7 @@
  16  option_tuple = (
  17      ["IPV4Only[\s]+yes",                   "-4"                  ],
  18      ["IPV6Only[\s]+yes",                   "-6"                  ],
  19 +    ["SSLCertFile\s+(\S+)",                "-7", None            ],
  20      ["ChrootEveryone[\s]+yes",             "-A"                  ],
  21      ["TrustedGID[\s]+([\d]+)",             "-a", None            ],
  22      ["BrokenClientsCompatibility[\s]+yes", "-b"                  ],
  23 diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-ftpd.conf.in pure-ftpd-1.0.18.work/configuration-file/pure-ftpd.conf.in
  24 --- pure-ftpd-1.0.18.bef/configuration-file/pure-ftpd.conf.in   2004-04-27 20:32:42.000000000 +0200
  25 +++ pure-ftpd-1.0.18.work/configuration-file/pure-ftpd.conf.in  2004-04-27 21:55:08.000000000 +0200
  26 @@ -420,7 +420,8 @@
  27  # 3) Only compatible clients will log in.
  28
  29  # TLS                      1
  30 -
  31 +# SSLCertFile  /etc/ssl/private/pure-ftpd.pem
  32 +#              or /var/lib/openssl/certs/ftpd.pem (current location in PLD)
  33
  34
  35  # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
  36 diff -Nura pure-ftpd-1.0.18.bef/configure.ac pure-ftpd-1.0.18.work/configure.ac
  37 --- pure-ftpd-1.0.18.bef/configure.ac   2004-04-27 20:32:42.000000000 +0200
  38 +++ pure-ftpd-1.0.18.work/configure.ac  2004-04-27 20:49:46.000000000 +0200
  39 @@ -1226,17 +1226,6 @@
  40    AC_DEFINE(WITH_TLS,,[Enable TLS])
  41  fi
  42
  43 -AC_ARG_WITH(certfile,
  44 -[AS_HELP_STRING(--with-certfile=,certificate file (default: /etc/ssl/private/pure-ftpd.pem))],
  45 -[ if test "x$withval" != "x" ; then
  46 -    certfile="$withval"
  47 -    AC_SUBST(certfile)
  48 -    CPPFLAGS="$CPPFLAGS -DTLS_CERTIFICATE_FILE='\"$certfile\"'"
  49 -    if test -e "$certfile"; then
  50 -      AC_MSG_WARN(No certificate is installed in $certfile yet)
  51 -    fi
  52 -  fi ])
  53 -
  54  AC_ARG_WITH(rendezvous,
  55  [AS_HELP_STRING(--with-rendezvous,Enable Rendezvous support on MacOS X (experimental))],
  56  [ if test "x$withval" = "xyes" ; then
  57 diff -Nura pure-ftpd-1.0.18.bef/man/pure-ftpd.8 pure-ftpd-1.0.18.work/man/pure-ftpd.8
  58 --- pure-ftpd-1.0.18.bef/man/pure-ftpd.8        2004-04-27 20:32:42.000000000 +0200
  59 +++ pure-ftpd-1.0.18.work/man/pure-ftpd.8       2004-04-28 10:04:54.000000000 +0200
  60 @@ -9,7 +9,7 @@
  61  pure\-ftpd \- simple File Transfer Protocol server
  62
  63  .SH "SYNOPSIS"
  64 -.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
  65 +.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-7 certificate file] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
  66
  67  .br
  68  Alternative style :
  69 @@ -22,6 +22,8 @@
  70  .br
  71  \-6 \-\-ipv6only
  72  .br
  73 +\-7 \-\-sslcertfile
  74 +.br
  75  \-a \-\-trustedgid
  76  .br
  77  \-A \-\-chrooteveryone
  78 @@ -157,6 +159,9 @@
  79  .B \-6
  80  Listen only to IPv6 connections.
  81  .TP
  82 +.B \-7 file
  83 +Path to SSL certificate file.
  84 +.TP
  85  .B \-a gid
  86  Regular users will be chrooted to their home directories, unless
  87  they belong to the specified gid. Note that root is always trusted,
  88 diff -Nura pure-ftpd-1.0.18.bef/src/ftpd.c pure-ftpd-1.0.18.work/src/ftpd.c
  89 --- pure-ftpd-1.0.18.bef/src/ftpd.c     2004-04-27 20:32:42.000000000 +0200
  90 +++ pure-ftpd-1.0.18.work/src/ftpd.c    2004-04-27 22:46:14.000000000 +0200
  91 @@ -5092,7 +5092,11 @@
  92                  die(421, LOG_ERR, MSG_CONF_ERR ": TLS");
  93              }
  94              break;
  95 -        }
  96 +        }
  97 +       case '7': {
  98 +           tlscert_file = strdup(optarg);
  99 +           break;
 100 +        }
 101  #endif
 102          case 'e': {
 103              anon_only = 1;
 104 diff -Nura pure-ftpd-1.0.18.bef/src/ftpd.h pure-ftpd-1.0.18.work/src/ftpd.h
 105 --- pure-ftpd-1.0.18.bef/src/ftpd.h     2004-04-27 20:32:42.000000000 +0200
 106 +++ pure-ftpd-1.0.18.work/src/ftpd.h    2004-04-28 09:20:03.000000000 +0200
 107 @@ -396,12 +396,6 @@
 108  # define VHOST_PATH CONFDIR "/pure-ftpd"
 109  #endif
 110
 111 -#ifdef WITH_TLS
 112 -# ifndef TLS_CERTIFICATE_FILE
 113 -#  define TLS_CERTIFICATE_FILE "/etc/ssl/private/pure-ftpd.pem"
 114 -# endif
 115 -#endif
 116 -
 117  #define FAKE_SHELL "ftp"
 118
 119  #ifndef PID_FILE
 120 diff -Nura pure-ftpd-1.0.18.bef/src/ftpd_p.h pure-ftpd-1.0.18.work/src/ftpd_p.h
 121 --- pure-ftpd-1.0.18.bef/src/ftpd_p.h   2004-04-27 20:32:42.000000000 +0200
 122 +++ pure-ftpd-1.0.18.work/src/ftpd_p.h  2004-04-27 21:55:58.000000000 +0200
 123 @@ -101,6 +101,7 @@
 124  #endif
 125  #ifdef WITH_TLS
 126      "Y:"
 127 +    "7:"
 128  #endif
 129      "zZ";
 130
 131 @@ -180,6 +181,7 @@
 132  # endif
 133  # ifdef WITH_TLS
 134      { "tls", 1, NULL, 'Y' },
 135 +    { "sslcertfile", 1, NULL, '7'},
 136  # endif
 137      { "allowdotfiles", 0, NULL, 'z' },
 138      { "customerproof", 0, NULL, 'Z' },
 139 diff -Nura pure-ftpd-1.0.18.bef/src/globals.h pure-ftpd-1.0.18.work/src/globals.h
 140 --- pure-ftpd-1.0.18.bef/src/globals.h  2004-04-27 20:32:42.000000000 +0200
 141 +++ pure-ftpd-1.0.18.work/src/globals.h 2004-04-27 22:48:38.000000000 +0200
 142 @@ -167,6 +167,7 @@
 143
 144  #ifdef WITH_TLS
 145  GLOBAL0(signed char enforce_tls_auth);
 146 +GLOBAL0(char *tlscert_file);
 147  #endif
 148
 149  GLOBAL0(char *atomic_prefix);
 150 diff -Nura pure-ftpd-1.0.18.bef/src/tls.c pure-ftpd-1.0.18.work/src/tls.c
 151 --- pure-ftpd-1.0.18.bef/src/tls.c      2004-04-27 20:32:42.000000000 +0200
 152 +++ pure-ftpd-1.0.18.work/src/tls.c     2004-04-27 22:56:00.000000000 +0200
 153 @@ -9,11 +9,12 @@
 154  # include "tls.h"
 155  # include "ftpwho-update.h"
 156  # include "messages.h"
 157 +# include "globals.h"
 158
 159  static void tls_error(void)
 160  {
 161      logfile(LOG_ERR, "SSL/TLS [%s]: %s",
 162 -            TLS_CERTIFICATE_FILE,
 163 +            tlscert_file,
 164              ERR_error_string(ERR_get_error(), NULL));
 165      _EXIT(EXIT_FAILURE);
 166  }
 167 @@ -23,7 +24,7 @@
 168      DH *dh;
 169      BIO *bio;
 170
 171 -    if ((bio = BIO_new_file(TLS_CERTIFICATE_FILE, "r")) == NULL) {
 172 +    if ((bio = BIO_new_file(tlscert_file, "r")) == NULL) {
 173          return -1;
 174      }
 175      if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL
 176 @@ -65,11 +66,11 @@
 177      tls_init_cache();
 178      SSL_CTX_set_options(tls_ctx, SSL_OP_ALL);
 179      if (SSL_CTX_use_certificate_chain_file
 180 -        (tls_ctx, TLS_CERTIFICATE_FILE) != 1) {
 181 +        (tls_ctx, tlscert_file) != 1) {
 182          die(421, LOG_ERR,
 183 -            MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE);
 184 +            MSG_FILE_DOESNT_EXIST ": [%s]", tlscert_file);
 185      }
 186 -    if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE,
 187 +    if (SSL_CTX_use_PrivateKey_file(tls_ctx, tlscert_file,
 188                                      SSL_FILETYPE_PEM) != 1) {
 189          tls_error();
 190      }