From: Russ Cox <russcox@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu>
Subject: Re: [9fans] Secure ftp Again
Date: Sat, 2 Apr 2005 22:05:41 -0500 [thread overview]
Message-ID: <ee9e417a0504021905475c897e@mail.gmail.com> (raw)
In-Reply-To: <64b70cf896f7dd37633fd9d5e7dfca94@comcast.net>
> Someone (Russ Cox???. I forget now.) replied saying that I
> probably needed to be looking at tls and pushtls. Well, I have.
> I hate to be a bonehead about this, but I still don't see how
> to make use of these things. The tips pages have nice things
> for ordinary users like mounting cds and using cdfs. Would
> anyone be kind enough to walk me through making secure
> ftp connections in a `tip o' the day' sort of way.
I'm not sure anyone here has ever used FTP over SSL,
so we're not very forthcoming with recipes. However,
it looks like there are two ways people do FTP over SSL.
The first is by connecting to port 990 and SSL-encrypting
the entire connection. If this is what you're supposed to
be doing, then running
tlsclient tcp!yourserver!990
should give you something like "220 ftp server ready".
If so, you need to change ftpfs/hget to pushtls after
connecting:
TLSconn conn;
fd = dial(etc.);
memset(&conn, 0, sizeof conn);
fd = tlsClient(fd, &conn);
instead of just calling dial.
The other way appears to be to send an "AUTH TLS"
command during the session, and if you get a 234
response back, to then push TLS using the last two
lines above. If you do this you will also have to reinitialize
the i/o buffers, if any, with the new file descriptor.
http://www.ietf.org/internet-drafts/draft-murray-auth-ftp-ssl-16.txt
has what appears to be up-to-date info about TLS and FTP.
For examples of pushing TLS onto connections, grep for
tlsClient in /sys/src/cmd/hget.c (like the first case)
or /sys/src/cmd/upas/fs/imap4.c (also like the first case)
or /sys/src/cmd/upas/fs/pop3.c (the needssl code is like
the first case; the needtls code is like the second;
pop3pushtls illustrates reinitializing the i/o buffers).
Russ
next prev parent reply other threads:[~2005-04-03 3:05 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-02 23:11 Gregory Pavelcak
2005-04-03 3:05 ` Russ Cox [this message]
2005-04-03 5:05 ` lucio
2005-04-03 13:36 ` Russ Cox
2005-04-03 13:40 ` Devon H. O'Dell
2005-04-03 13:47 ` Russ Cox
2005-04-03 14:17 ` lucio
2005-04-03 23:05 ` geoff
2005-04-03 23:20 ` Russ Cox
2005-04-03 23:57 ` geoff
2005-04-04 1:05 ` geoff
2005-04-04 4:02 ` lucio
2005-04-04 11:57 ` Russ Cox
2005-04-04 2:17 ` Lyndon Nerenberg
2005-04-04 3:01 ` Micah Stetson
2005-04-04 4:12 ` lucio
2005-04-04 4:32 ` geoff
2005-04-04 11:09 ` C H Forsyth
2005-04-04 11:37 ` boyd, rounin
2005-04-04 11:51 ` Russ Cox
2005-04-04 23:40 ` geoff
2005-04-04 18:56 ` Tim Newsham
2005-04-03 21:06 ` Christoph Lohmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ee9e417a0504021905475c897e@mail.gmail.com \
--to=russcox@gmail.com \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).