272219 – ftp/pure-ftpd add support for certd

Bug 272219 - ftp/pure-ftpd add support for certd

Summary: ftp/pure-ftpd add support for certd

Status:	New

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Po-Chuan Hsieh

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-06-26 09:35 UTC by Churchers
Modified:	2023-06-26 09:37 UTC (History)
CC List:	0 users

See Also:

Flags:	bugzilla: maintainer-feedback? (sunpoet)

Attachments
rc script diff (1.09 KB, patch) 2023-06-26 09:35 UTC, Churchers	no flags	Details \| Diff
sample certd script (846 bytes, text/plain) 2023-06-26 09:35 UTC, Churchers	no flags	Details
updated rc diff (1.10 KB, patch) 2023-06-26 09:37 UTC, Churchers	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Churchers 2023-06-26 09:35:16 UTC

Created attachment 243005 [details]
rc script diff

pure-certd is included with ftp/pure-ftpd and allows selecting a certificate based on the TLS SNI name provided during connection. As with authd, ideally the default rc script should allow starting the certd program.

This provides the ability to use ftp.{customer-domain} with the relevant certificate as long as a script is created to output the correct cert/key paths.

A sample script has been provided in this bug report although this is down to the ftp server administrator to create.

Support is activated with the following rc.conf settings -

pureftpd_certd_enable="yes"
pureftpd_certdscript="/path/to/custom/certd.sh"

Comment 1 Churchers 2023-06-26 09:35:38 UTC

Created attachment 243006 [details]
sample certd script

Comment 2 Churchers 2023-06-26 09:37:42 UTC

Created attachment 243007 [details]
updated rc diff

original diff file was missing the first line containing the location of the first entry