/[smeserver]/rpms/e-smith-proftpd/sme10/e-smith-proftpd-2.6.0-TLS.patch
ViewVC logotype

Contents of /rpms/e-smith-proftpd/sme10/e-smith-proftpd-2.6.0-TLS.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.3 - (show annotations) (download)
Wed Aug 3 05:08:58 2016 UTC (7 years, 9 months ago) by unnilennium
Branch: MAIN
CVS Tags: e-smith-proftpd-2_6_0-11_el7_sme, e-smith-proftpd-2_6_0-6_el7_sme, e-smith-proftpd-2_6_0-12_el7_sme, e-smith-proftpd-2_6_0-15_el7_sme, e-smith-proftpd-2_6_0-10_el7_sme, e-smith-proftpd-2_6_0-5_el7_sme, e-smith-proftpd-2_6_0-7_el7_sme, e-smith-proftpd-2_6_0-13_el7_sme, e-smith-proftpd-2_6_0-4_el7_sme, e-smith-proftpd-2_6_0-8_el7_sme, e-smith-proftpd-2_6_0-9_el7_sme, e-smith-proftpd-2_6_0-14_el7_sme, HEAD
Changes since 1.2: +4 -4 lines 
* Wed Aug 03 2016 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-4.sme
- fix typos [SME: 6804]
- set default as required
- NB: client must be set as active connection, not passive
1 diff -Nur e-smith-proftpd-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ftp/TLSEnable e-smith-proftpd-2.6.0/root/etc/e-smith/db/configuration/defaults/ftp/TLSEnable
2 --- e-smith-proftpd-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ftp/TLSEnable 1969-12-31 19:00:00.000000000 -0500
3 +++ e-smith-proftpd-2.6.0/root/etc/e-smith/db/configuration/defaults/ftp/TLSEnable 2016-06-17 11:01:16.668000000 -0400
4 @@ -0,0 +1 @@
5 +on
6 diff -Nur e-smith-proftpd-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ftp/TLSRequired e-smith-proftpd-2.6.0/root/etc/e-smith/db/configuration/defaults/ftp/TLSRequired
7 --- e-smith-proftpd-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ftp/TLSRequired 1969-12-31 19:00:00.000000000 -0500
8 +++ e-smith-proftpd-2.6.0/root/etc/e-smith/db/configuration/defaults/ftp/TLSRequired 2016-06-17 11:01:16.668000000 -0400
9 @@ -0,0 +1 @@
10 +on
11 diff -Nur e-smith-proftpd-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ftp/TLSVerifyClient e-smith-proftpd-2.6.0/root/etc/e-smith/db/configuration/defaults/ftp/TLSVerifyClient
12 --- e-smith-proftpd-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ftp/TLSVerifyClient 1969-12-31 19:00:00.000000000 -0500
13 +++ e-smith-proftpd-2.6.0/root/etc/e-smith/db/configuration/defaults/ftp/TLSVerifyClient 2016-06-17 11:01:16.668000000 -0400
14 @@ -0,0 +1 @@
15 +off
16 diff -Nur e-smith-proftpd-2.6.0.old/root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS e-smith-proftpd-2.6.0/root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS
17 --- e-smith-proftpd-2.6.0.old/root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS 1969-12-31 19:00:00.000000000 -0500
18 +++ e-smith-proftpd-2.6.0/root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS 2016-06-17 10:56:56.000000000 -0400
19 @@ -0,0 +1,37 @@
20 +{
21 + #check if TLS is enabled
22 + if (($ftp{TLSEnable} || 'on') eq 'on') {
23 +
24 + #check if TLS is required: values "on", "off"
25 + #if "on" normal ftp connections are dropped
26 + my $tlsrequired = $ftp{'TLSRequired'} || "on";
27 + my $tlsclient = $ftp{'TLSVerifyClient'} || "off";
28 + #use the same crt and key of httpd
29 + my $crt = $modSSL{'crt'} ||
30 + "/home/e-smith/ssl.crt/${SystemName}.${DomainName}.crt";
31 +
32 + my $key = $modSSL{'key'} ||
33 + "/home/e-smith/ssl.key/${SystemName}.${DomainName}.key";
34 + my $chain_file = $modSSL{CertificateChainFile} ||
35 + "# no chain cert";
36 +
37 + $chain_file = ( $chain_file eq "# no chain cert" )? $chain_file : "TLSCertificateChainFile $chain_file";
38 +
39 + $OUT .= <<SSL_END;
40 +
41 +<IfModule mod_tls.c>
42 +TLSEngine on
43 +TLSLog /var/log/proftpd/tls.log
44 +TLSProtocol TLSv1.1 TLSv1.2
45 +TLSOptions NoCertRequest AllowClientRenegotiations
46 +TLSRSACertificateFile $crt
47 +TLSRSACertificateKeyFile $key
48 +$chain_file
49 +TLSVerifyClient $tlsclient
50 +TLSRequired $tlsrequired
51 +</IfModule>
52 +SSL_END
53 +
54 + }
55 +}
56 +
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed