/[smeserver]/rpms/e-smith-proftpd/sme10/e-smith-proftpd-2.6.0-TLS.patch
ViewVC logotype

Annotation of /rpms/e-smith-proftpd/sme10/e-smith-proftpd-2.6.0-TLS.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Fri Jun 17 15:04:31 2016 UTC (8 years, 5 months ago) by unnilennium
Branch: MAIN
CVS Tags: e-smith-proftpd-2_6_0-3_el7_sme
Changes since 1.1: +10 -5 lines
* Fri Jun 17 2016 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-3.sme
- updated patch for certificate chain
- Thanks to Daniel Berteaud

1 unnilennium 1.1 diff -Nur e-smith-proftpd-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ftp/TLSEnable e-smith-proftpd-2.6.0/root/etc/e-smith/db/configuration/defaults/ftp/TLSEnable
2     --- e-smith-proftpd-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ftp/TLSEnable 1969-12-31 19:00:00.000000000 -0500
3 unnilennium 1.2 +++ e-smith-proftpd-2.6.0/root/etc/e-smith/db/configuration/defaults/ftp/TLSEnable 2016-06-17 11:01:16.668000000 -0400
4 unnilennium 1.1 @@ -0,0 +1 @@
5     +on
6     diff -Nur e-smith-proftpd-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ftp/TLSRequired e-smith-proftpd-2.6.0/root/etc/e-smith/db/configuration/defaults/ftp/TLSRequired
7     --- e-smith-proftpd-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ftp/TLSRequired 1969-12-31 19:00:00.000000000 -0500
8 unnilennium 1.2 +++ e-smith-proftpd-2.6.0/root/etc/e-smith/db/configuration/defaults/ftp/TLSRequired 2016-06-17 11:01:16.668000000 -0400
9 unnilennium 1.1 @@ -0,0 +1 @@
10     +off
11     diff -Nur e-smith-proftpd-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ftp/TLSVerifyClient e-smith-proftpd-2.6.0/root/etc/e-smith/db/configuration/defaults/ftp/TLSVerifyClient
12     --- e-smith-proftpd-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ftp/TLSVerifyClient 1969-12-31 19:00:00.000000000 -0500
13 unnilennium 1.2 +++ e-smith-proftpd-2.6.0/root/etc/e-smith/db/configuration/defaults/ftp/TLSVerifyClient 2016-06-17 11:01:16.668000000 -0400
14 unnilennium 1.1 @@ -0,0 +1 @@
15     +off
16     diff -Nur e-smith-proftpd-2.6.0.old/root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS e-smith-proftpd-2.6.0/root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS
17     --- e-smith-proftpd-2.6.0.old/root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS 1969-12-31 19:00:00.000000000 -0500
18 unnilennium 1.2 +++ e-smith-proftpd-2.6.0/root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS 2016-06-17 10:56:56.000000000 -0400
19     @@ -0,0 +1,37 @@
20 unnilennium 1.1 +{
21     + #check if TLS is enabled
22     + if (($ftp{TLSEnable} || 'yes') eq 'yes') {
23     +
24     + #check if TLS is required: values "on", "off"
25     + #if "on" normal ftp connections are dropped
26     + my $tlsrequired = $ftp{'TLSRequired'} || "off";
27     + my $tlsclient = $ftp{'TLSVerifyClient'} || "off";
28     + #use the same crt and key of httpd
29     + my $crt = $modSSL{'crt'} ||
30     + "/home/e-smith/ssl.crt/${SystemName}.${DomainName}.crt";
31     +
32     + my $key = $modSSL{'key'} ||
33     + "/home/e-smith/ssl.key/${SystemName}.${DomainName}.key";
34 unnilennium 1.2 + my $chain_file = $modSSL{CertificateChainFile} ||
35     + "# no chain cert";
36     +
37     + $chain_file = ( $chain_file eq "# no chain cert" )? $chain_file : "TLSCertificateChainFile $chain_file"
38 unnilennium 1.1 +
39     + $OUT .= <<SSL_END;
40     +
41     +<IfModule mod_tls.c>
42     +TLSEngine on
43     +TLSLog /var/log/proftpd/tls.log
44     +TLSProtocol TLSv1.1 TLSv1.2
45     +TLSOptions NoCertRequest AllowClientRenegotiations
46     +TLSRSACertificateFile $crt
47     +TLSRSACertificateKeyFile $key
48 unnilennium 1.2 +$chain_file
49 unnilennium 1.1 +TLSVerifyClient $tlsclient
50     +TLSRequired $tlsrequired
51     +</IfModule>
52     +SSL_END
53     +
54     + }
55     +}
56     +

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed