Package: vsftpd Version: 2.0.6-1.1 Severity: normal Tags: patch Hi,
The current location for certificates as coded in vsftpd.conf is /etc/ssl/certs; I believe however that this should be /etc/ssl/private. That is the dir that is created by openssl in 0700 mode and from that and its name, supposed to contain those certificates that also have a private key (like the vsftpd .pem). The dir /etc/ssl/certs is currently used by root cerficates, i.e. those not requiring any private info. Attached patch changes this, please consider it. I do not believe that there's a need for migration scripts: existing users will get a conffile prompt and can choose to keep the current installation or to accept the prompt and move their certificate. cheers, Thijs -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: powerpc (ppc) Kernel: Linux 2.6.24-1-powerpc Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash
diff -Nur vsftpd-2.0.6.orig/debian/patches/config.patch vsftpd-2.0.6/debian/patches/config.patch --- vsftpd-2.0.6.orig/debian/patches/config.patch 2008-06-27 16:55:08.000000000 +0200 +++ vsftpd-2.0.6/debian/patches/config.patch 2008-06-27 16:58:21.000000000 +0200 @@ -77,7 +77,7 @@ +# +# This option specifies the location of the RSA certificate to use for SSL +# encrypted connections. -+rsa_cert_file=/etc/ssl/certs/vsftpd.pem ++rsa_cert_file=/etc/ssl/private/vsftpd.pem Index: vsftpd-2.0.5/vsftpd.conf.5 =================================================================== --- vsftpd-2.0.5.orig/vsftpd.conf.5 2006-07-01 19:05:57.000000000 -0400 diff -Nur vsftpd-2.0.6.orig/debian/README.Debian vsftpd-2.0.6/debian/README.Debian --- vsftpd-2.0.6.orig/debian/README.Debian 2008-06-27 16:55:08.000000000 +0200 +++ vsftpd-2.0.6/debian/README.Debian 2008-06-27 16:56:12.000000000 +0200 @@ -44,7 +44,7 @@ from a certificate agency; if you only need a self-signed certificate, you can use the "make-ssl-cert" script from the Debian "ssl-cert" package to create one, or you can create one manually using the "openssl" command. -The default location for the certificate is /etc/ssl/certs/vsftpd.pem; +The default location for the certificate is /etc/ssl/private/vsftpd.pem; set "rsa_cert_file" in /etc/vsftpd.conf to look elsewhere. At a minimum you will need the "ssl_enable" option. See the vsftpd.conf

