On Sun, Apr 03, 2005 at 08:36:56AM -0500, Russ Cox wrote:
> > > If so, you need to change ftpfs/hget to pushtls after
> > > connecting:
> > >     TLSconn conn;
> > >     fd = dial(etc.);
> > >     memset(&conn, 0, sizeof conn);
> > >     fd = tlsClient(fd, &conn);
> > > instead of just calling dial.
> >
> > Shouldn't this be done by enhancing dial to understand a TLS
> > qualifier?  How difficult would that be?  I'm a lot better at trivial
> > changes, maybe I can figure my way around it if it makes sense.
> 
> changing dial? no.  writing a tlsdial?
> maybe, but it doesn't happen very often.
> what's more common is that you connect,
> talk plaintext for a little while, and then decide
> to start tls.  i don't think there are enough
> instances yet to know what the common case is.
> 
> russ

It seems to be pretty standard protocol to me. Exchange, verify,
encrypt. The original IETF draft is at

http://www.ford-hutchinson.com/~fh-1-pfh/draft-murray-auth-ftp-ssl-05.txt

and every current popular FTP client implements it, so there
should be plenty of source with a friendly license out there.

--Devon