Package: vsftpd
Version: 2.0.3-1.2
Severity: minor
Tags: patch, upstream
vsftpd uses SSL_CTX_use_certificate_file() instead of
SSL_CTX_use_certificate_chain_file(). As a result, it is not possible to tell
vsftpd to send intermediate certificates with its own. The following patch
should suffice, but I'm no OpenSSL expert.
As an alternative, a new option could be added to enable the separation of the
site certificate from the intermediate ones (like you
can do with Apache).
--
Magnus Holmgren
[EMAIL PROTECTED]
--- vsftpd-2.0.3.orig/ssl.c
+++ vsftpd-2.0.3/ssl.c
@@ -71,8 +71,8 @@
{
p_key = tunable_rsa_cert_file;
}
- if (SSL_CTX_use_certificate_file(
- p_ctx, tunable_rsa_cert_file, X509_FILETYPE_PEM) != 1)
+ if (SSL_CTX_use_certificate_chain_file(
+ p_ctx, tunable_rsa_cert_file) != 1)
{
die("SSL: cannot load RSA certificate");
}
@@ -88,8 +88,8 @@
{
p_key = tunable_dsa_cert_file;
}
- if (SSL_CTX_use_certificate_file(
- p_ctx, tunable_dsa_cert_file, X509_FILETYPE_PEM) != 1)
+ if (SSL_CTX_use_certificate_chain_file(
+ p_ctx, tunable_dsa_cert_file) != 1)
{
die("SSL: cannot load DSA certificate");
}
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
