On Tue, May 03, 2005 at 05:35:33PM +0200, Magnus Holmgren wrote:
> Package: vsftpd
> Version: 2.0.3-1.2
> Severity: minor
> Tags: patch, upstream
>
> vsftpd uses SSL_CTX_use_certificate_file() instead of
> SSL_CTX_use_certificate_chain_file(). As a result, it is not possible
> to tell vsftpd to send intermediate certificates with its own. The
> following patch should suffice, but I'm no OpenSSL expert.
>
> As an alternative, a new option could be added to enable the
> separation of the site certificate from the intermediate ones (like
> you can do with Apache).
>
I don't know anything about SSL myself. Chris, does this look like a
reasonable change to you?
> --- vsftpd-2.0.3.orig/ssl.c
> +++ vsftpd-2.0.3/ssl.c
> @@ -71,8 +71,8 @@
> {
> p_key = tunable_rsa_cert_file;
> }
> - if (SSL_CTX_use_certificate_file(
> - p_ctx, tunable_rsa_cert_file, X509_FILETYPE_PEM) != 1)
> + if (SSL_CTX_use_certificate_chain_file(
> + p_ctx, tunable_rsa_cert_file) != 1)
> {
> die("SSL: cannot load RSA certificate");
> }
> @@ -88,8 +88,8 @@
> {
> p_key = tunable_dsa_cert_file;
> }
> - if (SSL_CTX_use_certificate_file(
> - p_ctx, tunable_dsa_cert_file, X509_FILETYPE_PEM) != 1)
> + if (SSL_CTX_use_certificate_chain_file(
> + p_ctx, tunable_dsa_cert_file) != 1)
> {
> die("SSL: cannot load DSA certificate");
> }
>
>
--
Daniel Jacobowitz
CodeSourcery, LLC
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
