diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-config.pl.in pure-ftpd-1.0.18.work/configuration-file/pure-config.pl.in --- pure-ftpd-1.0.18.bef/configuration-file/pure-config.pl.in 2004-04-27 20:32:42.000000000 +0200 +++ pure-ftpd-1.0.18.work/configuration-file/pure-config.pl.in 2004-04-28 09:42:30.000000000 +0200 @@ -57,6 +57,7 @@ TrustedIP => "-V", AltLog => "-O", PIDFile => "-g", + SSLCertFile => "-7", ); my %numeric_switch_for = ( diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-config.py.in pure-ftpd-1.0.18.work/configuration-file/pure-config.py.in --- pure-ftpd-1.0.18.bef/configuration-file/pure-config.py.in 2004-04-27 20:32:42.000000000 +0200 +++ pure-ftpd-1.0.18.work/configuration-file/pure-config.py.in 2004-04-28 09:43:30.000000000 +0200 @@ -55,6 +55,7 @@ option_tuple = ( ["IPV4Only[\s]+yes", "-4" ], ["IPV6Only[\s]+yes", "-6" ], + ["SSLCertFile\s+(\S+)", "-7", None ], ["ChrootEveryone[\s]+yes", "-A" ], ["TrustedGID[\s]+([\d]+)", "-a", None ], ["BrokenClientsCompatibility[\s]+yes", "-b" ], diff -Nura pure-ftpd-1.0.18.bef/configuration-file/pure-ftpd.conf.in pure-ftpd-1.0.18.work/configuration-file/pure-ftpd.conf.in --- pure-ftpd-1.0.18.bef/configuration-file/pure-ftpd.conf.in 2004-04-27 20:32:42.000000000 +0200 +++ pure-ftpd-1.0.18.work/configuration-file/pure-ftpd.conf.in 2004-04-27 21:55:08.000000000 +0200 @@ -420,7 +420,8 @@ # 3) Only compatible clients will log in. # TLS 1 - +# SSLCertFile /etc/ssl/private/pure-ftpd.pem +# or /var/lib/openssl/certs/ftpd.pem (current location in PLD) # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6) diff -Nura pure-ftpd-1.0.18.bef/configure.ac pure-ftpd-1.0.18.work/configure.ac --- pure-ftpd-1.0.18.bef/configure.ac 2004-04-27 20:32:42.000000000 +0200 +++ pure-ftpd-1.0.18.work/configure.ac 2004-04-27 20:49:46.000000000 +0200 @@ -1226,17 +1226,6 @@ AC_DEFINE(WITH_TLS,,[Enable TLS]) fi -AC_ARG_WITH(certfile, -[AS_HELP_STRING(--with-certfile=,certificate file (default: /etc/ssl/private/pure-ftpd.pem))], -[ if test "x$withval" != "x" ; then - certfile="$withval" - AC_SUBST(certfile) - CPPFLAGS="$CPPFLAGS -DTLS_CERTIFICATE_FILE='\"$certfile\"'" - if test -e "$certfile"; then - AC_MSG_WARN(No certificate is installed in $certfile yet) - fi - fi ]) - AC_ARG_WITH(rendezvous, [AS_HELP_STRING(--with-rendezvous,Enable Rendezvous support on MacOS X (experimental))], [ if test "x$withval" = "xyes" ; then diff -Nura pure-ftpd-1.0.18.bef/man/pure-ftpd.8 pure-ftpd-1.0.18.work/man/pure-ftpd.8 --- pure-ftpd-1.0.18.bef/man/pure-ftpd.8 2004-04-27 20:32:42.000000000 +0200 +++ pure-ftpd-1.0.18.work/man/pure-ftpd.8 2004-04-28 10:04:54.000000000 +0200 @@ -9,7 +9,7 @@ pure\-ftpd \- simple File Transfer Protocol server .SH "SYNOPSIS" -.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z] +.B pure\-ftpd [\-0] [\-1] [\-4] [\-6] [\-7 certificate file] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v rendezvous name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z] .br Alternative style : @@ -22,6 +22,8 @@ .br \-6 \-\-ipv6only .br +\-7 \-\-sslcertfile +.br \-a \-\-trustedgid .br \-A \-\-chrooteveryone @@ -157,6 +159,9 @@ .B \-6 Listen only to IPv6 connections. .TP +.B \-7 file +Path to SSL certificate file. +.TP .B \-a gid Regular users will be chrooted to their home directories, unless they belong to the specified gid. Note that root is always trusted, diff -Nura pure-ftpd-1.0.18.bef/src/ftpd.c pure-ftpd-1.0.18.work/src/ftpd.c --- pure-ftpd-1.0.18.bef/src/ftpd.c 2004-04-27 20:32:42.000000000 +0200 +++ pure-ftpd-1.0.18.work/src/ftpd.c 2004-04-27 22:46:14.000000000 +0200 @@ -5092,7 +5092,11 @@ die(421, LOG_ERR, MSG_CONF_ERR ": TLS"); } break; - } + } + case '7': { + tlscert_file = strdup(optarg); + break; + } #endif case 'e': { anon_only = 1; diff -Nura pure-ftpd-1.0.18.bef/src/ftpd.h pure-ftpd-1.0.18.work/src/ftpd.h --- pure-ftpd-1.0.18.bef/src/ftpd.h 2004-04-27 20:32:42.000000000 +0200 +++ pure-ftpd-1.0.18.work/src/ftpd.h 2004-04-28 09:20:03.000000000 +0200 @@ -396,12 +396,6 @@ # define VHOST_PATH CONFDIR "/pure-ftpd" #endif -#ifdef WITH_TLS -# ifndef TLS_CERTIFICATE_FILE -# define TLS_CERTIFICATE_FILE "/etc/ssl/private/pure-ftpd.pem" -# endif -#endif - #define FAKE_SHELL "ftp" #ifndef PID_FILE diff -Nura pure-ftpd-1.0.18.bef/src/ftpd_p.h pure-ftpd-1.0.18.work/src/ftpd_p.h --- pure-ftpd-1.0.18.bef/src/ftpd_p.h 2004-04-27 20:32:42.000000000 +0200 +++ pure-ftpd-1.0.18.work/src/ftpd_p.h 2004-04-27 21:55:58.000000000 +0200 @@ -101,6 +101,7 @@ #endif #ifdef WITH_TLS "Y:" + "7:" #endif "zZ"; @@ -180,6 +181,7 @@ # endif # ifdef WITH_TLS { "tls", 1, NULL, 'Y' }, + { "sslcertfile", 1, NULL, '7'}, # endif { "allowdotfiles", 0, NULL, 'z' }, { "customerproof", 0, NULL, 'Z' }, diff -Nura pure-ftpd-1.0.18.bef/src/globals.h pure-ftpd-1.0.18.work/src/globals.h --- pure-ftpd-1.0.18.bef/src/globals.h 2004-04-27 20:32:42.000000000 +0200 +++ pure-ftpd-1.0.18.work/src/globals.h 2004-04-27 22:48:38.000000000 +0200 @@ -167,6 +167,7 @@ #ifdef WITH_TLS GLOBAL0(signed char enforce_tls_auth); +GLOBAL0(char *tlscert_file); #endif GLOBAL0(char *atomic_prefix); diff -Nura pure-ftpd-1.0.18.bef/src/tls.c pure-ftpd-1.0.18.work/src/tls.c --- pure-ftpd-1.0.18.bef/src/tls.c 2004-04-27 20:32:42.000000000 +0200 +++ pure-ftpd-1.0.18.work/src/tls.c 2004-04-27 22:56:00.000000000 +0200 @@ -9,11 +9,12 @@ # include "tls.h" # include "ftpwho-update.h" # include "messages.h" +# include "globals.h" static void tls_error(void) { logfile(LOG_ERR, "SSL/TLS [%s]: %s", - TLS_CERTIFICATE_FILE, + tlscert_file, ERR_error_string(ERR_get_error(), NULL)); _EXIT(EXIT_FAILURE); } @@ -23,7 +24,7 @@ DH *dh; BIO *bio; - if ((bio = BIO_new_file(TLS_CERTIFICATE_FILE, "r")) == NULL) { + if ((bio = BIO_new_file(tlscert_file, "r")) == NULL) { return -1; } if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL @@ -65,11 +66,11 @@ tls_init_cache(); SSL_CTX_set_options(tls_ctx, SSL_OP_ALL); if (SSL_CTX_use_certificate_chain_file - (tls_ctx, TLS_CERTIFICATE_FILE) != 1) { + (tls_ctx, tlscert_file) != 1) { die(421, LOG_ERR, - MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE); + MSG_FILE_DOESNT_EXIST ": [%s]", tlscert_file); } - if (SSL_CTX_use_PrivateKey_file(tls_ctx, TLS_CERTIFICATE_FILE, + if (SSL_CTX_use_PrivateKey_file(tls_ctx, tlscert_file, SSL_FILETYPE_PEM) != 1) { tls_error(); }