> Someone (Russ Cox???. I forget now.) replied saying that I
> probably needed to be looking at tls and pushtls. Well, I have.
> I hate to be a bonehead about this, but I still don't see how
> to make use of these things. The tips pages have nice things
> for ordinary users like mounting cds and using cdfs. Would
> anyone be kind enough to walk me through making secure
> ftp connections in a `tip o' the day' sort of way.
I'm not sure anyone here has ever used FTP over SSL,
so we're not very forthcoming with recipes. However,
it looks like there are two ways people do FTP over SSL.
The first is by connecting to port 990 and SSL-encrypting
the entire connection. If this is what you're supposed to
be doing, then running
tlsclient tcp!yourserver!990
should give you something like "220 ftp server ready".
If so, you need to change ftpfs/hget to pushtls after
connecting:
TLSconn conn;
fd = dial(etc.);
memset(&conn, 0, sizeof conn);
fd = tlsClient(fd, &conn);
instead of just calling dial.
The other way appears to be to send an "AUTH TLS"
command during the session, and if you get a 234
response back, to then push TLS using the last two
lines above. If you do this you will also have to reinitialize
the i/o buffers, if any, with the new file descriptor.
http://www.ietf.org/internet-drafts/draft-murray-auth-ftp-ssl-16.txt
has what appears to be up-to-date info about TLS and FTP.
For examples of pushing TLS onto connections, grep for
tlsClient in /sys/src/cmd/hget.c (like the first case)
or /sys/src/cmd/upas/fs/imap4.c (also like the first case)
or /sys/src/cmd/upas/fs/pop3.c (the needssl code is like
the first case; the needtls code is like the second;
pop3pushtls illustrates reinitializing the i/o buffers).
Russ
