]>
Commit | Line | Data |
---|---|---|
92cc7555 | 1 | diff -Nur pure-ftpd-1.0.20.bef/configuration-file/pure-config.pl.in pure-ftpd-1.0.20.new1/configuration-file/pure-config.pl.in |
7797313a | 2 | --- pure-ftpd-1.0.20.bef/configuration-file/pure-config.pl.in 2004-02-29 12:17:00.000000000 +0100 |
92cc7555 | 3 | +++ pure-ftpd-1.0.20.new1/configuration-file/pure-config.pl.in 2004-08-17 10:42:26.000000000 +0200 |
fe6666d1 | 4 | @@ -57,6 +57,7 @@ |
6eed5aa7 | 5 | TrustedIP => "-V", |
6 | AltLog => "-O", | |
7 | PIDFile => "-g", | |
8 | + SSLCertFile => "-7", | |
9 | ); | |
10 | ||
11 | my %numeric_switch_for = ( | |
92cc7555 | 12 | diff -Nur pure-ftpd-1.0.20.bef/configuration-file/pure-config.py.in pure-ftpd-1.0.20.new1/configuration-file/pure-config.py.in |
7797313a | 13 | --- pure-ftpd-1.0.20.bef/configuration-file/pure-config.py.in 2004-02-29 12:17:14.000000000 +0100 |
92cc7555 | 14 | +++ pure-ftpd-1.0.20.new1/configuration-file/pure-config.py.in 2004-08-17 10:42:26.000000000 +0200 |
fe6666d1 | 15 | @@ -55,6 +55,7 @@ |
16 | option_tuple = ( | |
17 | ["IPV4Only[\s]+yes", "-4" ], | |
18 | ["IPV6Only[\s]+yes", "-6" ], | |
19 | + ["SSLCertFile\s+(\S+)", "-7", None ], | |
20 | ["ChrootEveryone[\s]+yes", "-A" ], | |
21 | ["TrustedGID[\s]+([\d]+)", "-a", None ], | |
22 | ["BrokenClientsCompatibility[\s]+yes", "-b" ], | |
92cc7555 | 23 | diff -Nur pure-ftpd-1.0.20.bef/configuration-file/pure-ftpd.conf.in pure-ftpd-1.0.20.new1/configuration-file/pure-ftpd.conf.in |
24 | --- pure-ftpd-1.0.20.bef/configuration-file/pure-ftpd.conf.in 2004-08-17 10:27:33.000000000 +0200 | |
25 | +++ pure-ftpd-1.0.20.new1/configuration-file/pure-ftpd.conf.in 2004-08-17 10:42:26.000000000 +0200 | |
6eed5aa7 | 26 | @@ -420,7 +420,8 @@ |
27 | # 3) Only compatible clients will log in. | |
28 | ||
29 | # TLS 1 | |
30 | - | |
31 | +# SSLCertFile /etc/ssl/private/pure-ftpd.pem | |
32 | +# or /var/lib/openssl/certs/ftpd.pem (current location in PLD) | |
33 | ||
34 | ||
35 | # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6) | |
92cc7555 | 36 | diff -Nur pure-ftpd-1.0.20.bef/man/pure-ftpd.8 pure-ftpd-1.0.20.new1/man/pure-ftpd.8 |
7797313a | 37 | --- pure-ftpd-1.0.20.bef/man/pure-ftpd.8 2004-02-29 21:10:06.000000000 +0100 |
92cc7555 | 38 | +++ pure-ftpd-1.0.20.new1/man/pure-ftpd.8 2004-08-17 10:42:26.000000000 +0200 |
fe6666d1 | 39 | @@ -9,7 +9,7 @@ |
40 | pure\-ftpd \- simple File Transfer Protocol server | |
41 | ||
42 | .SH "SYNOPSIS" | |
43 | -.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z] | |
44 | +.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-7 certificate file] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z] | |
45 | ||
46 | .br | |
47 | Alternative style : | |
48 | @@ -22,6 +22,8 @@ | |
49 | .br | |
50 | \-6 \-\-ipv6only | |
51 | .br | |
52 | +\-7 \-\-sslcertfile | |
53 | +.br | |
54 | \-a \-\-trustedgid | |
55 | .br | |
56 | \-A \-\-chrooteveryone | |
57 | @@ -157,6 +159,9 @@ | |
58 | .B \-6 | |
59 | Listen only to IPv6 connections. | |
60 | .TP | |
61 | +.B \-7 file | |
62 | +Path to SSL certificate file. | |
63 | +.TP | |
64 | .B \-a gid | |
65 | Regular users will be chrooted to their home directories, unless | |
66 | they belong to the specified gid. Note that root is always trusted, | |
92cc7555 | 67 | diff -Nur pure-ftpd-1.0.20.bef/src/ftpd.c pure-ftpd-1.0.20.new1/src/ftpd.c |
7797313a | 68 | --- pure-ftpd-1.0.20.bef/src/ftpd.c 2004-07-17 15:28:22.000000000 +0200 |
92cc7555 | 69 | +++ pure-ftpd-1.0.20.new1/src/ftpd.c 2004-08-17 12:59:11.000000000 +0200 |
70 | @@ -5097,8 +5097,19 @@ | |
7797313a | 71 | enforce_tls_auth > 2) { |
6eed5aa7 | 72 | die(421, LOG_ERR, MSG_CONF_ERR ": TLS"); |
73 | } | |
92cc7555 | 74 | + if ((tlscert_file = strdup(TLS_CERTIFICATE_FILE)) == NULL) |
7797313a | 75 | + die_mem(); |
6eed5aa7 | 76 | break; |
77 | - } | |
78 | + } | |
92cc7555 | 79 | + case '7': { |
80 | + if (tlscert_file != NULL) { | |
81 | + if (strlen(tlscert_file) > (size_t)0) | |
82 | + free(tlscert_file); | |
83 | + } | |
84 | + if ((tlscert_file = strdup(optarg)) == NULL) | |
7797313a | 85 | + die_mem(); |
92cc7555 | 86 | + break; |
6eed5aa7 | 87 | + } |
88 | #endif | |
89 | case 'e': { | |
90 | anon_only = 1; | |
92cc7555 | 91 | diff -Nur pure-ftpd-1.0.20.bef/src/ftpd_p.h pure-ftpd-1.0.20.new1/src/ftpd_p.h |
7797313a | 92 | --- pure-ftpd-1.0.20.bef/src/ftpd_p.h 2004-02-29 22:49:28.000000000 +0100 |
92cc7555 | 93 | +++ pure-ftpd-1.0.20.new1/src/ftpd_p.h 2004-08-17 10:42:26.000000000 +0200 |
6eed5aa7 | 94 | @@ -101,6 +101,7 @@ |
95 | #endif | |
96 | #ifdef WITH_TLS | |
97 | "Y:" | |
98 | + "7:" | |
99 | #endif | |
100 | "zZ"; | |
101 | ||
102 | @@ -180,6 +181,7 @@ | |
103 | # endif | |
104 | # ifdef WITH_TLS | |
105 | { "tls", 1, NULL, 'Y' }, | |
106 | + { "sslcertfile", 1, NULL, '7'}, | |
107 | # endif | |
108 | { "allowdotfiles", 0, NULL, 'z' }, | |
109 | { "customerproof", 0, NULL, 'Z' }, | |
92cc7555 | 110 | diff -Nur pure-ftpd-1.0.20.bef/src/globals.h pure-ftpd-1.0.20.new1/src/globals.h |
7797313a | 111 | --- pure-ftpd-1.0.20.bef/src/globals.h 2004-02-29 22:49:28.000000000 +0100 |
92cc7555 | 112 | +++ pure-ftpd-1.0.20.new1/src/globals.h 2004-08-17 10:42:26.000000000 +0200 |
6eed5aa7 | 113 | @@ -167,6 +167,7 @@ |
114 | ||
115 | #ifdef WITH_TLS | |
116 | GLOBAL0(signed char enforce_tls_auth); | |
117 | +GLOBAL0(char *tlscert_file); | |
118 | #endif | |
119 | ||
120 | GLOBAL0(char *atomic_prefix); | |
92cc7555 | 121 | diff -Nur pure-ftpd-1.0.20.bef/src/tls.c pure-ftpd-1.0.20.new1/src/tls.c |
7797313a | 122 | --- pure-ftpd-1.0.20.bef/src/tls.c 2004-02-29 22:49:27.000000000 +0100 |
92cc7555 | 123 | +++ pure-ftpd-1.0.20.new1/src/tls.c 2004-08-17 10:42:26.000000000 +0200 |
6eed5aa7 | 124 | @@ -9,11 +9,12 @@ |
125 | # include "tls.h" | |
126 | # include "ftpwho-update.h" | |
127 | # include "messages.h" | |
128 | +# include "globals.h" | |
129 | ||
130 | static void tls_error(void) | |
131 | { | |
132 | logfile(LOG_ERR, "SSL/TLS [%s]: %s", | |
133 | - TLS_CERTIFICATE_FILE, | |
134 | + tlscert_file, | |
135 | ERR_error_string(ERR_get_error(), NULL)); | |
136 | _EXIT(EXIT_FAILURE); | |
137 | } | |
138 | @@ -23,7 +24,7 @@ | |
139 | DH *dh; | |
140 | BIO *bio; | |
141 | ||
142 | - if ((bio = BIO_new_file(TLS_CERTIFICATE_FILE, "r")) == NULL) { | |
143 | + if ((bio = BIO_new_file(tlscert_file, "r")) == NULL) { | |
144 | return -1; | |
145 | } | |
146 | if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL | |
147 | @@ -65,11 +66,11 @@ | |
148 | tls_init_cache(); | |
149 | SSL_CTX_set_options(tls_ctx, SSL_OP_ALL); | |
150 | if (SSL_CTX_use_certificate_chain_file | |
151 | - (tls_ctx, TLS_CERTIFICATE_FILE) != 1) { | |
152 | + (tls_ctx, tlscert_file) != 1) { | |
153 | die(421, LOG_ERR, | |
154 | - MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE); | |
155 | + MSG_FILE_DOESNT_EXIST ": [%s]", tlscert_file); | |
156 | } | |
157 | - if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE, | |
158 | + if (SSL_CTX_use_PrivateKey_file(tls_ctx, tlscert_file, | |
159 | SSL_FILETYPE_PEM) != 1) { | |
160 | tls_error(); | |
161 | } |