FreeNAS

Revision: 8122
          http://freenas.svn.sourceforge.net/freenas/?rev=8122&view=rev
Author:   yaberauneya
Date:     2011-10-03 17:14:35 +0000 (Mon, 03 Oct 2011)
Log Message:
-----------
Followup to r8121:

- Use temporary files so that the ssl content(s) can't be intercepted via undesirable parties as easily or mangled if multiple calls to ix-ssl are made; things can still get corrupted / funky if two or more users try and access the data at the same time, but the race is lessened now at least.
- The vim colorizer was jacked up reading the heretodoc. Fix.

Revision Links:
--------------
    http://freenas.svn.sourceforge.net/freenas/?rev=8121&view=rev

Modified Paths:
--------------
    trunk/nanobsd/Files/etc/rc.d/ix-ssl

Modified: trunk/nanobsd/Files/etc/rc.d/ix-ssl
===================================================================
--- trunk/nanobsd/Files/etc/rc.d/ix-ssl	2011-10-03 17:04:08 UTC (rev 8121)
+++ trunk/nanobsd/Files/etc/rc.d/ix-ssl	2011-10-03 17:14:35 UTC (rev 8122)
@@ -89,7 +89,7 @@
 		common="localhost"
 	fi
 
-	cat<<-__EOF__>"${SSLCONF}"
+	cat >"${SSLCONF}" <<-__EOF__
 	[ ca ]
 	default_ca                      = CA_default
 
@@ -148,19 +148,23 @@
 
 create_CA()
 {
-	local tmp="/var/tmp/pass.txt"
+	local tmp
+
 	if [ -f "${SSLCAKEY}" -a -f "${SSLCACERT}" ]
 	then
 		return
 	fi
 
-	dd if=/dev/urandom count=16 bs=1|uuencode -|head -2|tail -1 > "${tmp}"
+	tmp=$(mktemp /tmp/tmp.XXXXXX)
+	dd if=/dev/urandom count=16 bs=1 | uuencode -|head -2 | \
+	    tail -1 > "${tmp}"
 	${OPENSSL} req -config "${SSLCONF}" -batch -passout file:"${tmp}" \
-		-new -x509 -keyout "${SSLCAKEY}" -out "${SSLCACERT}"
+	    -new -x509 -keyout "${SSLCAKEY}" -out "${SSLCACERT}"
 
 	cp "${SSLCAKEY}" "${SSLCAKEY}.orig"
-	${OPENSSL} rsa -passin file:"${tmp}" -in "${SSLCAKEY}.orig" -out "${SSLCAKEY}"
-	rm -f "${SSLCAKEY}.orig" "${tmp}"
+	${OPENSSL} rsa -passin file:"${tmp}" -in "${SSLCAKEY}.orig" \
+	    -out "${SSLCAKEY}"
+	rm -f "${tmp}" "${SSLCAKEY}.orig"
 	chmod 400 "${SSLCAKEY}"
 }
 
@@ -282,7 +286,7 @@
 
 generate_certificate()
 {
-	local certfile
+	local certfile tmp
 
 	certfile=$(${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "
 	SELECT
@@ -299,16 +303,15 @@
 
 	if [ -s "${HTTPDCERT}" -a -n "${certfile}" ]
 	then
-		echo "${certfile}" > /tmp/.cert
-		chmod 400 /tmp/.cert
+		tmp=$(mktemp /tmp/tmp.XXXXXX)
+		echo "${certfile}" > $tmp
+		chmod 400 $tmp
 
-		diff "${HTTPDCERT}" /tmp/.cert >/dev/null
-		if [ "$?" != "0" ]
-		then
-			mv /tmp/.cert "${HTTPDCERT}"
+		if diff "${HTTPDCERT}" /tmp/.cert >/dev/null; then
+			rm -f $tmp
+		else
+			mv $tmp "${HTTPDCERT}"
 		fi
-
-		rm /tmp/.cert
 	fi
 
 	if [ -n "${certfile}" ]

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

Revision: 8130
          http://freenas.svn.sourceforge.net/freenas/?rev=8130&view=rev
Author:   yaberauneya
Date:     2011-10-04 04:46:16 +0000 (Tue, 04 Oct 2011)
Log Message:
-----------
Take a first step in fixing custom SSL cert imports.

Modified Paths:
--------------
    trunk/nanobsd/Files/etc/rc.d/ix-ssl

Modified: trunk/nanobsd/Files/etc/rc.d/ix-ssl
===================================================================
--- trunk/nanobsd/Files/etc/rc.d/ix-ssl	2011-10-03 19:03:57 UTC (rev 8129)
+++ trunk/nanobsd/Files/etc/rc.d/ix-ssl	2011-10-04 04:46:16 UTC (rev 8130)
@@ -307,7 +307,7 @@
 		echo "${certfile}" > $tmp
 		chmod 400 $tmp
 
-		if diff "${HTTPDCERT}" /tmp/.cert >/dev/null; then
+		if diff -q "${HTTPDCERT}" $cert; then
 			rm -f $tmp
 		else
 			mv $tmp "${HTTPDCERT}"

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

Revision: 8134
          http://freenas.svn.sourceforge.net/freenas/?rev=8134&view=rev
Author:   yaberauneya
Date:     2011-10-04 15:15:42 +0000 (Tue, 04 Oct 2011)
Log Message:
-----------
Fix the comparison. This doesn't actually fix the SSL cert replacement (we're almost there though).

Modified Paths:
--------------
    trunk/nanobsd/Files/etc/rc.d/ix-ssl

Modified: trunk/nanobsd/Files/etc/rc.d/ix-ssl
===================================================================
--- trunk/nanobsd/Files/etc/rc.d/ix-ssl	2011-10-04 14:01:57 UTC (rev 8133)
+++ trunk/nanobsd/Files/etc/rc.d/ix-ssl	2011-10-04 15:15:42 UTC (rev 8134)
@@ -307,7 +307,7 @@
 		echo "${certfile}" > $tmp
 		chmod 400 $tmp
 
-		if diff -q "${HTTPDCERT}" $cert; then
+		if diff -Nq "${HTTPDCERT}" $tmp >/dev/null; then
 			rm -f $tmp
 		else
 			mv $tmp "${HTTPDCERT}"

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

Revision: 8137
          http://freenas.svn.sourceforge.net/freenas/?rev=8137&view=rev
Author:   yaberauneya
Date:     2011-10-04 16:14:19 +0000 (Tue, 04 Oct 2011)
Log Message:
-----------
Fix custom SSL cert importing via some undesirable hacks.

Things should be properly fixed when the SSL cert string is properly stripped of all characters, s.t. we can use [ -s $tmp ], instead of wc + awk.

This addresses ticket 564.

Modified Paths:
--------------
    trunk/nanobsd/Files/etc/rc.d/ix-ssl

Modified: trunk/nanobsd/Files/etc/rc.d/ix-ssl
===================================================================
--- trunk/nanobsd/Files/etc/rc.d/ix-ssl	2011-10-04 15:21:09 UTC (rev 8136)
+++ trunk/nanobsd/Files/etc/rc.d/ix-ssl	2011-10-04 16:14:19 UTC (rev 8137)
@@ -218,11 +218,6 @@
 
 write_key()
 {
-	if [ ! -s "${HTTPDCERT}" ]
-	then
-		return 1
-	fi
-
 	awk -v key="${SSLCAKEY}" '
 	BEGIN {
 		inkeyfile = 0
@@ -252,11 +247,6 @@
 
 write_cert()
 {
-	if [ ! -s "${HTTPDCERT}" ]
-	then
-		return 1
-	fi
-
 	awk -v cert="${SSLCACERT}" '
 	BEGIN {
 		incertfile = 0
@@ -286,9 +276,10 @@
 
 generate_certificate()
 {
-	local certfile tmp
+	local new_cert tmp
 
-	certfile=$(${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "
+	tmp=$(mktemp /tmp/tmp.XXXXXX)
+	${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "
 	SELECT
 		ssl_certfile
 
@@ -299,56 +290,49 @@
 		-id
 
 	LIMIT 1
-	")
+	" > $tmp
 
-	if [ -s "${HTTPDCERT}" -a -n "${certfile}" ]
-	then
-		tmp=$(mktemp /tmp/tmp.XXXXXX)
-		echo "${certfile}" > $tmp
-		chmod 400 $tmp
-
-		if diff -Nq "${HTTPDCERT}" $tmp >/dev/null; then
-			rm -f $tmp
-		else
+	set -x
+	# HACK: the wc -c part shouldn't be required; the GUI is producing $tmp
+	# with just a newline, which breaks everything else below.
+	size=$(wc -c $tmp | awk '{ print $1 }')
+	#if [ -s "${tmp}" ]; then
+	if [ $size -gt 1 ]; then
+		if ! diff -Nq $tmp $HTTPDCERT; then
 			mv $tmp "${HTTPDCERT}"
+			new_cert=true
 		fi
+	else
+		# User wants to regenerate the file.
+		rm -f ${HTTPDCERT}
+		new_cert=true
 	fi
 
-	if [ -n "${certfile}" ]
-	then
-		echo "${certfile}" > "${HTTPDCERT}"
-		chmod 400 "${HTTPDCERT}"
-	fi
-
-	if [ ! -f "${SSLCAKEY}" ]
-	then
-		write_key
-	fi
-
-	if [ ! -f "${SSLCACERT}" ]
-	then
-		write_cert
-	fi
-
-	if [ ! -f "${SSLCAKEY}" -a ! -f "${SSLCACERT}" ]
-	then
-		if [ -s "${HTTPDCERT}" ]
-		then
-			write_key_cert
+	if [ -f "${SSLCAKEY}" -a -f "${SSLCACERT}" ]; then
+		:
+	else
+		if [ -s "${HTTPDCERT}" ]; then
+			write_key
+			write_cert
 		else
 			create_CA
+			new_cert=true
 		fi
 	fi
 
-	if [ -s "${SSLCAKEY}" -a -s "${SSLCACERT}" ]
-	then
-		cat "${SSLCAKEY}" "${SSLCACERT}" > "${HTTPDCERT}"
-		chmod 400 "${HTTPDCERT}"
-
-		import_certificate "${HTTPDCERT}"
+	if [ -s "${SSLCAKEY}" -a -s "${SSLCACERT}" ]; then
+		if [ ! -s "$HTTPDCERT" ]; then
+			cat "${SSLCAKEY}" "${SSLCACERT}" > "${HTTPDCERT}"
+			chmod 400 "${HTTPDCERT}"
+			new_cert=true
+		fi
+		if $new_cert; then
+			import_certificate "${HTTPDCERT}"
+		fi
 	else
 		echo "${SSLCAKEY} and/or ${SSLCACERT} does not exist."
 	fi
+	set +x
 }
 
 

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

Revision: 8138
          http://freenas.svn.sourceforge.net/freenas/?rev=8138&view=rev
Author:   yaberauneya
Date:     2011-10-04 16:22:43 +0000 (Tue, 04 Oct 2011)
Log Message:
-----------
Remove set -x.

Modified Paths:
--------------
    trunk/nanobsd/Files/etc/rc.d/ix-ssl

Modified: trunk/nanobsd/Files/etc/rc.d/ix-ssl
===================================================================
--- trunk/nanobsd/Files/etc/rc.d/ix-ssl	2011-10-04 16:14:19 UTC (rev 8137)
+++ trunk/nanobsd/Files/etc/rc.d/ix-ssl	2011-10-04 16:22:43 UTC (rev 8138)
@@ -292,7 +292,6 @@
 	LIMIT 1
 	" > $tmp
 
-	set -x
 	# HACK: the wc -c part shouldn't be required; the GUI is producing $tmp
 	# with just a newline, which breaks everything else below.
 	size=$(wc -c $tmp | awk '{ print $1 }')
@@ -332,7 +331,6 @@
 	else
 		echo "${SSLCAKEY} and/or ${SSLCACERT} does not exist."
 	fi
-	set +x
 }
 
 

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

Revision: 8149
          http://freenas.svn.sourceforge.net/freenas/?rev=8149&view=rev
Author:   yaberauneya
Date:     2011-10-05 07:04:56 +0000 (Wed, 05 Oct 2011)
Log Message:
-----------
Mute diff output.

Modified Paths:
--------------
    trunk/nanobsd/Files/etc/rc.d/ix-ssl

Modified: trunk/nanobsd/Files/etc/rc.d/ix-ssl
===================================================================
--- trunk/nanobsd/Files/etc/rc.d/ix-ssl	2011-10-05 00:08:39 UTC (rev 8148)
+++ trunk/nanobsd/Files/etc/rc.d/ix-ssl	2011-10-05 07:04:56 UTC (rev 8149)
@@ -297,7 +297,7 @@
 	size=$(wc -c $tmp | awk '{ print $1 }')
 	#if [ -s "${tmp}" ]; then
 	if [ $size -gt 1 ]; then
-		if ! diff -Nq $tmp $HTTPDCERT; then
+		if ! diff -Nq $tmp $HTTPDCERT >/dev/null; then
 			mv $tmp "${HTTPDCERT}"
 			new_cert=true
 		fi

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

Revision: 8859
          http://freenas.svn.sourceforge.net/freenas/?rev=8859&view=rev
Author:   yaberauneya
Date:     2011-11-28 09:57:02 +0000 (Mon, 28 Nov 2011)
Log Message:
-----------
More IFS breakage followup.

Modified Paths:
--------------
    trunk/nanobsd/Files/etc/rc.d/ix-ssl

Modified: trunk/nanobsd/Files/etc/rc.d/ix-ssl
===================================================================
--- trunk/nanobsd/Files/etc/rc.d/ix-ssl	2011-11-28 09:56:49 UTC (rev 8858)
+++ trunk/nanobsd/Files/etc/rc.d/ix-ssl	2011-11-28 09:57:02 UTC (rev 8859)
@@ -16,7 +16,7 @@
 	eval local $f
 	local sf=$(var_to_sf $f)
 
-	read $f <<-__SSL__
+	eval read $f <<-__SSL__
 	$(${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "
 	SELECT
 		$f

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

Revision: 8874
          http://freenas.svn.sourceforge.net/freenas/?rev=8874&view=rev
Author:   yaberauneya
Date:     2011-11-29 00:37:00 +0000 (Tue, 29 Nov 2011)
Log Message:
-----------
Fix typo.

Modified Paths:
--------------
    trunk/nanobsd/Files/etc/rc.d/ix-ssl

Modified: trunk/nanobsd/Files/etc/rc.d/ix-ssl
===================================================================
--- trunk/nanobsd/Files/etc/rc.d/ix-ssl	2011-11-28 23:15:11 UTC (rev 8873)
+++ trunk/nanobsd/Files/etc/rc.d/ix-ssl	2011-11-29 00:37:00 UTC (rev 8874)
@@ -19,7 +19,7 @@
 	eval read $f <<-__SSL__
 	$(${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "
 	SELECT
-		$f
+		$sf
 	FROM
 		system_ssl
 

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

Revision: 11964
          http://freenas.svn.sourceforge.net/freenas/?rev=11964&view=rev
Author:   zippybr
Date:     2012-07-23 15:55:41 +0000 (Mon, 23 Jul 2012)
Log Message:
-----------
Set RANDFILE to fix "unable to write 'random state'" error

Modified Paths:
--------------
    trunk/nanobsd/Files/etc/rc.d/ix-ssl

Modified: trunk/nanobsd/Files/etc/rc.d/ix-ssl
===================================================================
--- trunk/nanobsd/Files/etc/rc.d/ix-ssl	2012-07-23 15:19:34 UTC (rev 11963)
+++ trunk/nanobsd/Files/etc/rc.d/ix-ssl	2012-07-23 15:55:41 UTC (rev 11964)
@@ -78,6 +78,8 @@
 	fi
 
 	cat<<-__EOF__>"${SSLCONF}"
+	RANDFILE                        = ${SSLCADIR}/private/.rand
+
 	[ ca ]
 	default_ca                      = CA_default
 

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

Revision: 12146
          http://freenas.svn.sourceforge.net/freenas/?rev=12146&view=rev
Author:   jhixson
Date:     2012-08-20 23:37:08 +0000 (Mon, 20 Aug 2012)
Log Message:
-----------
Give ix-ssl the ability to generate/import proftpd key and cert.

Modified Paths:
--------------
    trunk/nanobsd/Files/etc/rc.d/ix-ssl

Modified: trunk/nanobsd/Files/etc/rc.d/ix-ssl
===================================================================
--- trunk/nanobsd/Files/etc/rc.d/ix-ssl	2012-08-20 23:01:38 UTC (rev 12145)
+++ trunk/nanobsd/Files/etc/rc.d/ix-ssl	2012-08-20 23:37:08 UTC (rev 12146)
@@ -162,54 +162,6 @@
 	chmod 400 "${key}"
 }
 
-import_certificate()
-{
-	local certpath="${1}"
-	local certfile
-	local id
-
-	if [ ! -f "${certpath}" ]
-	then
-		return 1
-	fi
-
-	certfile=$(cat "${certpath}")
-	if [ -z "${certfile}" ]
-	then
-		return 1
-	fi
-
-	id=$(${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "
-	SELECT
-		id
-	FROM
-		system_ssl
-	ORDER BY
-		-id
-	LIMIT 1
-	")
-
-	if [ -n "${id}" ]
-	then
-		${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "
-		UPDATE
-			system_ssl
-		SET
-			ssl_certfile = '${certfile}'
-		WHERE
-			id = ${id}
-		"
-	else
-		${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "
-		INSERT INTO 
-			system_ssl (ssl_certfile)
-		VALUES ('${certfile}')
-		"
-	fi
-
-	return $?
-}
-
 write_key()
 {
 	local infile="${1}"
@@ -359,76 +311,240 @@
 	return $?
 }
 
-configure_nginx_ssl()
+_configure_generic_ssl()
 {
-	local new_cert tmp
+	local ssldir="${1}"
+	local tmpfile="${2}"
+	local keyfile="${3}"
+	local certfile="${4}"
+	local importfunc="${5}"
+	local new_cert
+	local res=0
 
-	tmp=$(mktemp /tmp/tmp.XXXXXX)
-	${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "
-	SELECT
-		ssl_certfile
+	if [ -z "${ssldir}" -o \
+		-z "${keyfile}" -o \
+		-z "${certfile}" -o \
+		-z "${importfunc}" -o \
+		-z "${tmpfile}" -o ! -f "${tmpfile}" ]
+	then
+		return 1
+	fi
 
-	FROM
-		system_ssl
-
-	ORDER BY
-		-id
-
-	LIMIT 1
-	" > "${tmp}"
-
-	mkdir -p "${HTTPDSSLDIR}"
-	size=$(wc -c "${tmp}" | awk '{ print $1 }')
+	mkdir -p "${ssldir}"
+	size=$(wc -c "${tmpfile}" | awk '{ print $1 }')
 	if [ ${size} -gt 1 ]
 	then
 		local tmpkey="$(mktemp /tmp/tmp.XXXXXX)"
 		local tmpcrt="$(mktemp /tmp/tmp.XXXXXX)"
 
-		write_key "${tmp}" "${tmpkey}"
-		write_cert "${tmp}" "${tmpcrt}"
+		write_key "${tmpfile}" "${tmpkey}"
+		write_cert "${tmpfile}" "${tmpcrt}"
 
-		diff -Nq "${tmpkey}" "${HTTPDKEY}" >/dev/null
+		diff -Nq "${tmpkey}" "${keyfile}" >/dev/null
 		local rc1=$?
 
-		diff -Nq "${tmpcrt}" "${HTTPCVERT}" >/dev/null
+		diff -Nq "${tmpcrt}" "${certfile}" >/dev/null
 		local rc2=$?
 
 		if [ "${rc1}" != "0" -a "${rc2}" != "0" ]
 		then
-			mv "${tmpkey}" "${HTTPDKEY}"
-			mv "${tmpcrt}" "${HTTPDCERT}"
+			mv "${tmpkey}" "${keyfile}"
+			mv "${tmpcrt}" "${certfile}"
 			new_cert=true
 		else
 			rm -f "${tmpkey}" "${tmpcrt}"
 		fi
 
 	else
-		rm -f "${HTTPDKEY}" "${HTTPDCERT}"
+		rm -f "${keyfile}" "${certfile}"
 		new_cert=true
 	fi
 
-	if ! [ -f "${HTTPDKEY}" -a -f "${HTTPDCERT}" ]
+	if ! [ -f "${keyfile}" -a -f "${certfile}" ]
 	then
-		create_CA "${HTTPDKEY}" "${HTTPDCERT}"
+		create_CA "${keyfile}" "${certfile}"
 		new_cert=true
 	fi
 
-	if [ -s "${HTTPDKEY}" -a -s "${HTTPDCERT}" ]
+	if [ -s "${keyfile}" -a -s "${certfile}" ]
 	then
 		if [ ! -z "${new_cert}" ]
 		then
 			local cert=$(mktemp /tmp/tmp.XXXXXX)
-			cat "${HTTPDKEY}" "${HTTPDCERT}" > "${cert}"
-			import_certificate "${cert}"
+			cat "${keyfile}" "${certfile}" > "${cert}"
+			${importfunc} "${cert}"
 			rm -f "${cert}"
 		fi
 	else
-		echo "${HTTPDKEY} and/or ${HTTPDCERT} does not exist."
+		echo "${keyfile} and/or ${certfile} does not exist."
+		res=1
 	fi
 
-	rm -f "${tmp}"
+	return ${res}
 }
 
+import_nginx_certificate()
+{
+	local certpath="${1}"
+	local certfile
+	local id
+
+	if [ ! -f "${certpath}" ]
+	then
+		return 1
+	fi
+
+	certfile=$(cat "${certpath}")
+	if [ -z "${certfile}" ]
+	then
+		return 1
+	fi
+
+	id=$(${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "
+	SELECT
+		id
+
+	FROM
+		system_ssl
+
+	ORDER BY
+		-id
+
+	LIMIT 1
+	")
+
+	if [ -n "${id}" ]
+	then
+		${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "
+		UPDATE
+			system_ssl
+
+		SET
+			ssl_certfile = '${certfile}'
+
+		WHERE
+			id = ${id}
+		"
+	else
+		${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "
+		INSERT INTO 
+			system_ssl (ssl_certfile)
+
+		VALUES ('${certfile}')
+		"
+	fi
+
+	return $?
+}
+
+configure_nginx_ssl()
+{
+	local new_cert tmp
+
+	tmpfile=$(mktemp /tmp/tmp.XXXXXX)
+	${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "
+	SELECT
+		ssl_certfile
+
+	FROM
+		system_ssl
+
+	ORDER BY
+		-id
+
+	LIMIT 1
+	" > "${tmpfile}"
+
+	_configure_generic_ssl "${HTTPDSSLDIR}" \
+		"${tmpfile}" "${HTTPDKEY}" "${HTTPDCERT}" \
+		"import_nginx_certificate"
+	res=$?
+
+	rm -f "${tmpfile}"
+	return ${res}
+}
+
+import_proftpd_certificate()
+{
+	local certpath="${1}"
+	local certfile
+	local id
+
+	if [ ! -f "${certpath}" ]
+	then
+		return 1
+	fi
+
+	certfile=$(cat "${certpath}")
+	if [ -z "${certfile}" ]
+	then
+		return 1
+	fi
+
+	id=$(${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "
+	SELECT
+		id
+
+	FROM
+		services_ftp
+
+	ORDER BY
+		-id
+
+	LIMIT 1
+	")
+
+	if [ -n "${id}" ]
+	then
+		${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "
+		UPDATE
+			services_ftp
+
+		SET
+			ftp_ssltls_certfile = '${certfile}'
+
+		WHERE
+			id = ${id}
+		"
+	else
+		${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "
+		INSERT INTO 
+			services_ftp (ftp_ssltls_certfile)
+
+		VALUES ('${certfile}')
+		"
+	fi
+
+	return $?
+}
+
+configure_proftpd_ssl()
+{
+	local tmpfile res
+
+	tmpfile=$(mktemp /tmp/tmp.XXXXXX)
+	${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "
+	SELECT
+		ftp_ssltls_certfile
+
+	FROM
+		services_ftp
+
+	ORDER BY
+		-id
+
+	LIMIT 1
+	" > "${tmpfile}"
+
+	_configure_generic_ssl "${FTPDSSLDIR}" \
+		"${tmpfile}" "${FTPDKEY}" "${FTPDCERT}" \
+		"import_proftpd_certificate"
+	res=$?
+
+	rm -f "${tmpfile}"
+	return ${res}
+}
+
 do_openssl_config()
 {
 	generate_openssl_conf

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

Revision: 13267
          http://freenas.svn.sourceforge.net/freenas/?rev=13267&view=rev
Author:   jhixson
Date:     2013-02-04 23:40:42 +0000 (Mon, 04 Feb 2013)
Log Message:
-----------
Support RSA and DSA for private keys

Modified Paths:
--------------
    trunk/nanobsd/Files/etc/rc.d/ix-ssl

Modified: trunk/nanobsd/Files/etc/rc.d/ix-ssl
===================================================================
--- trunk/nanobsd/Files/etc/rc.d/ix-ssl	2013-02-04 17:21:04 UTC (rev 13266)
+++ trunk/nanobsd/Files/etc/rc.d/ix-ssl	2013-02-04 23:40:42 UTC (rev 13267)
@@ -178,11 +178,11 @@
 		keyfile[0] = null;
 		keyfile_size = 0;
 	}
-	/-----BEGIN RSA PRIVATE KEY-----/ {
+	/-----BEGIN (R|D)SA PRIVATE KEY-----/ {
 		inkeyfile = 1;
 	}
 
-	/-----END RSA PRIVATE KEY-----/ {
+	/-----END (R|D)SA PRIVATE KEY-----/ {
 		keyfile[keyfile_size++] = $0;
 		inkeyfile = 0;
 	}

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.