cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: FTPS status report

From: Dan Fandrich <dan_at_coneharvesters.com>
Date: Thu, 20 Nov 2003 09:19:14 -0800

On Thu, Nov 20, 2003 at 12:39:31PM +0100, Daniel Stenberg wrote:
> Hi friends
>
> Thanks to Mathias Axelsson, I've been able to work on FTPS for libcurl and it
> seems to work somewhat fine now.
>
> The FTPS stuff is based on RFC2228 and the murray-auth-ftp-ssl draft (version
> 12). As I wrote before, there seems to exist quite a few servers that have
> implemented the server side of this.
>
> We can now use ftps:// URLs to explicitly switch on SSL/TSL for the control
> connection and the data connection (dealing with two SSL connections forced me
> to change a lot of stuff in libcurl).
>
> Alternatively, and what seems to be the recommended way, we can set the new
> option CURLOPT_FTP_SSL to one of these values:
>
> CURLFTPSSL_NOPE, - do not attempt to use SSL
> CURLFTPSSL_TRY - try using SSL, proceed anyway otherwise
> CURLFTPSSL_CONTROL - SSL for the control connection or fail
> CURLFTPSSL_ALL - SSL for all communication or fail
>
> Any failure to set the desired level will make libcurl fail with the error
> code CURLE_FTP_SSL_FAILED. This new option makes a "normal" ftp:// transfer
> attempt to be made securely.
>
> I've been able to login and get files (passively) from Mathias' server using
> both ftps:// and CURLOPT_FTP_SSL. (I've made 'curl' understand the --ftp-ssl
> option that sets CURLFTPSSL_TRY.)
>
> What's left to do here is:
>
> * commit changes to CVS
> * Fix the test suite's FTPS tests (or disable them until they work again)
> * Try FTPS uploading
> * Try active FTPS
> * Try FTPS on other server brands (Mathias runs a RaidenFTPd server)
>
> Questions or comments?

This sounds like an important new protocol for curl. Is the existing
curl behaviour for ftps:// still available if necessary? Does anyone use
that existing behaviour (it seems that it implements something like the
"SSL connect" method mentioned at the web site you gave the other day,
but on port 21 instead of 990, right)? Does the code fall back to
"AUTH SSL" instead of "AUTH TLS" for backward compatibility?

>>> Dan

-- 
http://www.MoveAnnouncer.com              The web change of address service
          Let webmasters know that your web site has moved
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/

Received on 2003-11-20

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: FTPS status report"
Previous message: Daniel Stenberg: "Re: File uploaded via libcurl DLL doesn't contain any data"
In reply to: Daniel Stenberg: "FTPS status report"
Next in thread: Daniel Stenberg: "Re: FTPS status report"
Reply: Daniel Stenberg: "Re: FTPS status report"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]