[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] [PATCH] FTPS support

From: Ander Juaristi
Subject: [Bug-wget] [PATCH] FTPS support
Date: Fri, 28 Aug 2015 16:03:52 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0

Hi all,

Finally, here comes the FTPS patch!

At a glance, the FTPS code triggers whenever a URL with the 'ftps://' scheme is 
entered. It works either in PASV or PORT mode, and most (all?) FTP switches 
should work seamlessly with FTPS as well.

Furthermore, this patch adds 4 new command-line/wgetrc switches to control the 
FTPS behaviour, namely '--ftps-implicit', '--[no-]ftps-resume-ssl', 
'--ftps-clear-data-connection' and '--ftps-fallback-to-ftp'. These have been 
conveniently explained in the docs, in wget.texi.

One of the most significant changes is probably the addition of a new parameter 
to the ssl_connect_wget() function. Now its signature looks like this:

    bool ssl_connect_wget (int, const char *, int *);

That last 'int *' parameter is a pointer to a socket descriptor. It can be 
NULL. When a valid socket descriptor is passed, then ssl_connect_wget, instead 
of opening an entirely new SSL/TLS session, it tries to resume the existing 
SSL/TLS session that's being held over that socket. I understand maybe this was 
not the best way of implementing SSL/TLS session resumption (I encourage you to 
debate here) but supporting that functionality was paramount. Probably all the 
FTPS server implementations out there require the client to resume the SSL/TLS 
session of the control connection whenever a data channel is opened. This can 
of course be overwritten, but it's usually the default behaviour. So this had 
to be implemented, otherwise it would not work in 99% of the cases.

One last move was to add a new method ssl_disconnect_wget(). This was necessary to 
support the "CCC" (RFC 2228) command. However, a simple straightforward 
implementation would leak SSL/TLS session data. In order to avoid this leakage I had to 
do some ugly hacks in connect.c, so yes, in the end I managed to get this feature 
working. But since I didn't like the approach taken, I eventually discarded this option. 
I still feel there's a need for a ssl_disconnect_wget() function (close the underlying 
SSL/TLS session, but maintain the socket open), but Tim and I agreed it'd be better to 
leave it to wget2.

- AJ

Attachment: 0001-Added-support-for-FTPS.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]