1 |
diff -Nur e-smith-proftpd-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ftp/TLSEnable e-smith-proftpd-2.6.0/root/etc/e-smith/db/configuration/defaults/ftp/TLSEnable |
2 |
--- e-smith-proftpd-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ftp/TLSEnable 1969-12-31 19:00:00.000000000 -0500 |
3 |
+++ e-smith-proftpd-2.6.0/root/etc/e-smith/db/configuration/defaults/ftp/TLSEnable 2016-06-17 11:01:16.668000000 -0400 |
4 |
@@ -0,0 +1 @@ |
5 |
+on |
6 |
diff -Nur e-smith-proftpd-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ftp/TLSRequired e-smith-proftpd-2.6.0/root/etc/e-smith/db/configuration/defaults/ftp/TLSRequired |
7 |
--- e-smith-proftpd-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ftp/TLSRequired 1969-12-31 19:00:00.000000000 -0500 |
8 |
+++ e-smith-proftpd-2.6.0/root/etc/e-smith/db/configuration/defaults/ftp/TLSRequired 2016-06-17 11:01:16.668000000 -0400 |
9 |
@@ -0,0 +1 @@ |
10 |
+on |
11 |
diff -Nur e-smith-proftpd-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ftp/TLSVerifyClient e-smith-proftpd-2.6.0/root/etc/e-smith/db/configuration/defaults/ftp/TLSVerifyClient |
12 |
--- e-smith-proftpd-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ftp/TLSVerifyClient 1969-12-31 19:00:00.000000000 -0500 |
13 |
+++ e-smith-proftpd-2.6.0/root/etc/e-smith/db/configuration/defaults/ftp/TLSVerifyClient 2016-06-17 11:01:16.668000000 -0400 |
14 |
@@ -0,0 +1 @@ |
15 |
+off |
16 |
diff -Nur e-smith-proftpd-2.6.0.old/root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS e-smith-proftpd-2.6.0/root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS |
17 |
--- e-smith-proftpd-2.6.0.old/root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS 1969-12-31 19:00:00.000000000 -0500 |
18 |
+++ e-smith-proftpd-2.6.0/root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS 2016-06-17 10:56:56.000000000 -0400 |
19 |
@@ -0,0 +1,37 @@ |
20 |
+{ |
21 |
+ #check if TLS is enabled |
22 |
+ if (($ftp{TLSEnable} || 'on') eq 'on') { |
23 |
+ |
24 |
+ #check if TLS is required: values "on", "off" |
25 |
+ #if "on" normal ftp connections are dropped |
26 |
+ my $tlsrequired = $ftp{'TLSRequired'} || "on"; |
27 |
+ my $tlsclient = $ftp{'TLSVerifyClient'} || "off"; |
28 |
+ #use the same crt and key of httpd |
29 |
+ my $crt = $modSSL{'crt'} || |
30 |
+ "/home/e-smith/ssl.crt/${SystemName}.${DomainName}.crt"; |
31 |
+ |
32 |
+ my $key = $modSSL{'key'} || |
33 |
+ "/home/e-smith/ssl.key/${SystemName}.${DomainName}.key"; |
34 |
+ my $chain_file = $modSSL{CertificateChainFile} || |
35 |
+ "# no chain cert"; |
36 |
+ |
37 |
+ $chain_file = ( $chain_file eq "# no chain cert" )? $chain_file : "TLSCertificateChainFile $chain_file"; |
38 |
+ |
39 |
+ $OUT .= <<SSL_END; |
40 |
+ |
41 |
+<IfModule mod_tls.c> |
42 |
+TLSEngine on |
43 |
+TLSLog /var/log/proftpd/tls.log |
44 |
+TLSProtocol TLSv1.1 TLSv1.2 |
45 |
+TLSOptions NoCertRequest AllowClientRenegotiations |
46 |
+TLSRSACertificateFile $crt |
47 |
+TLSRSACertificateKeyFile $key |
48 |
+$chain_file |
49 |
+TLSVerifyClient $tlsclient |
50 |
+TLSRequired $tlsrequired |
51 |
+</IfModule> |
52 |
+SSL_END |
53 |
+ |
54 |
+ } |
55 |
+} |
56 |
+ |