ProFTPD module mod_tls_fscache

The mod_tls_fscache submodule is contained in the mod_tls_fscache.c file, and is not compiled by default. Installation instructions are discussed here.

This submodule a filesystem-based implementation of an external OCSP response cache for use by the mod_tls module's TLSStaplingCache directive.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).

Author

Please contact TJ Saunders <tj at castaglia.org> with any questions, concerns, or suggestions regarding this module.

The mod_tls_fscache module supports the "fs" string for the type parameter of the TLStaplingCache configuration directive. The info parameter for mod_tls_fscache must be the path to a directory, on disk, in which mod_tls_fscache will store OCSP responses. This means that the TLSStaplingCache setting will look like: 

  TLSStaplingCache fs:/path=/var/ftpd/ocsp

Logging
The mod_tls_fscache module supports trace logging, via the module-specific log channels:

Thus for trace logging, to aid in debugging, you would use the following in your proftpd.conf: 
  TraceLog /path/to/ftpd/trace.log
  Trace tls.fscache:20
This trace logging can generate large files; it is intended for debugging use only, and should be removed from any production configuration.

Installation

The mod_tls_fscache module is distributed with the ProFTPD source code. Simply follow the normal steps for using third-party modules in ProFTPD, being sure to include the mod_tls module (on which mod_tls_fscache depends): 
  $ ./configure --with-modules=mod_tls:mod_tls_fscache
  $ make
  $ make install

Alternatively, if your proftpd was compiled with DSO support, you can use the prxs tool to build mod_tls_fscache as a shared module: 

  $ prxs -c -i -d mod_tls_fscache.c

© Copyright 2015 TJ Saunders
All Rights Reserved