-
-
Notifications
You must be signed in to change notification settings - Fork 183
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add TLS SNI support #108
Add TLS SNI support #108
Conversation
This doesn't compile and ever after some fixes, it didn't seem to work (tried on OpenBSD and MacOS as a server, lftp as client). |
@jedisct1 Yeah, I didn’t intend this branch as-is for a merge per se; I was more asking for feedback on the approach. My own testing was limited to Curious that it didn’t compile; I used MacOS as server myself. |
So, just to be clear: if I get this branch working, compiling, testing, etc., will you accept it? |
You need to test with other features compiled in ( Anyway, SNI support is implemented and documented already. |
Ah, ok, now I see your recently-landed implementation. (Thank you!) What is the benefit of having a separate daemon to invoke the command versus calling it from tls.c? |
Better isolation, especially in a pre-authentication context. The certd script and the FTP servers can run with different capabilities (which is already the case). No need to fork a process every time, And it's similar to the existing mechanism for external authentication, which is what you initially suggested. |
Thanks! |
Full installation documentation (Turkish) Pure-Ftpd-Mysql with SNI Installation pure-ftpd with SNI support (working & tested implementation) using Let's Encrypt (certbot)Geather files (Debian)
Step 1 Configure ./configure --with-mysql --with-tls --with-everything Step 2 build package Step 3 Install package that includes pure-certd Step 4 Create TLS SNI parser shell script
Step 5 Start pure-certd daemon Step 6 Append a line in to
Step 7 ExtCert create (pure-ftpd.conf won't work...)
Step 8
You should see something like;
in the syslog. Step 8 Use it! Cert 1 Cert 2 Have nice day... P.S when you search all over the web (pure-ftpd sni support) this is the 1st page index of the google that is why i put this in here. I couldn't find any other step by step document then i experimented a way, succeeded to do this and i'm sharing it. |
This provides an easy way for server administrators to implement TLS SNI support in Pure-FTPd.