[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] [PATCH] FTPS support
|
From: |
Ander Juaristi |
|
Subject: |
[Bug-wget] [PATCH] FTPS support |
|
Date: |
Fri, 28 Aug 2015 16:03:52 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0 |
Hi all,
Finally, here comes the FTPS patch!
At a glance, the FTPS code triggers whenever a URL with the 'ftps://' scheme is
entered. It works either in PASV or PORT mode, and most (all?) FTP switches
should work seamlessly with FTPS as well.
Furthermore, this patch adds 4 new command-line/wgetrc switches to control the
FTPS behaviour, namely '--ftps-implicit', '--[no-]ftps-resume-ssl',
'--ftps-clear-data-connection' and '--ftps-fallback-to-ftp'. These have been
conveniently explained in the docs, in wget.texi.
One of the most significant changes is probably the addition of a new parameter
to the ssl_connect_wget() function. Now its signature looks like this:
bool ssl_connect_wget (int, const char *, int *);
That last 'int *' parameter is a pointer to a socket descriptor. It can be
NULL. When a valid socket descriptor is passed, then ssl_connect_wget, instead
of opening an entirely new SSL/TLS session, it tries to resume the existing
SSL/TLS session that's being held over that socket. I understand maybe this was
not the best way of implementing SSL/TLS session resumption (I encourage you to
debate here) but supporting that functionality was paramount. Probably all the
FTPS server implementations out there require the client to resume the SSL/TLS
session of the control connection whenever a data channel is opened. This can
of course be overwritten, but it's usually the default behaviour. So this had
to be implemented, otherwise it would not work in 99% of the cases.
One last move was to add a new method ssl_disconnect_wget(). This was necessary to
support the "CCC" (RFC 2228) command. However, a simple straightforward
implementation would leak SSL/TLS session data. In order to avoid this leakage I had to
do some ugly hacks in connect.c, so yes, in the end I managed to get this feature
working. But since I didn't like the approach taken, I eventually discarded this option.
I still feel there's a need for a ssl_disconnect_wget() function (close the underlying
SSL/TLS session, but maintain the socket open), but Tim and I agreed it'd be better to
leave it to wget2.
Regards,
- AJ
0001-Added-support-for-FTPS.patch
Description: Text Data
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Bug-wget] [PATCH] FTPS support,
Ander Juaristi <=