Article delegate-en/3173 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3172@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Implicit SSL protection of the FTP session
29 Mar 2006 19:12:31 GMT Marcelo Spohn <pjygabdyi-t7hpjijzbwxr.ml@ml.delegate.org>

Dear Yutaka,

Great!!! The patch worked like a charm!

Thanks a lot!
Marcelo

Yutaka Sato wrote:
Hi,

In message <4429E90E.1010907@ucsc..> on 03/29/06(10:55:26)
you Marcelo Spohn <pjygabdyi-t7hpjijzbwxr.ml@ml.delegate.org> wrote:
 |I'm having a hard time trying to make some FTPS clients to open a data
 |connection through a Delegate FTPS proxy. (The login process goes
 |smooth; no problems with the control connnection.) The problem seems to
 |be that the FTPS clients are using implicit SSL protection of the FTP
 |session, i.e., they don't seem to be using AUTH TLS or AUTH SSL. Does
 |Delegate support such type of clients?

I forgot to care the case of implicit FTPS without negotiation when I
introduced STLS. The enclosed patch will solve the problem. 

Cheers,
Yutaka
--
 D G Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( - ) National Institute of Advanced Industrial Science and Technology
_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. FullerYutaka (the Delegate developer) provided a patch that fixed
the problem: Delegate was lacking support to FTPS clients
using implicit SSL protection of the FTP session, i.e., for 
those clients that would not do authentication negotiation
using either AUTH TLS or AUTH SSL.

The fix has been tested using the following CURL command:

% curl -k -u webmgr:cenus ftps://10.10.50.78:990/lixo4 -o lixo98989

where the file lixo4 was downloaded from the proxy running
on port 990 of the NPX 10.10.50.78. CURL uses implicit SSL
protection of the FTP session.



*** ../delegate9.1.1/src/stls.c	Sat Mar 25 11:33:51 2006
--- src/stls.c	Wed Mar 29 13:36:34 2006
***************
*** 197,202 ****
--- 197,207 ----
 			syslog_ERROR("## STLS ## IMPLICIT SSL ON %d,%d,%d,%d\n",
 				ClientSock,FromC,ToC,fcl);
 			if( 0 <= fcl ){
+ 				if( strncaseeq(CLNT_PROTO,"ftp",3) ){
+ 					if( FromC == ClientSock ){ 
+ 						ClientSock = dup(ClientSock);
+ 					}
+ 				}
 				dup2(fcl,FromC);
 				close(fcl);
 				ClientFlags |= PF_STLS_ON;
 
  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V