Message 95005 - Python tracker (original) (raw)

Sorry for delay in the response. The latest messages slipped under my radar.

What about AUTH SSL? Or is it too-deprecated?

I'm not sure about this. TLS is certainly preferred over SSL and RFC-4217 only refers to TLS protocol, altough SSL is mentioned in some chapters.

RFC-4217 states:

As the SSL/TLS protocols self-negotiate their levels, there is no need to distinguish between SSL and TLS in the application layer. The mechanism name for negotiating TLS is the character string identified in {TLS-PARM}.

[...]

{TLS-PARM} - The parameter for the AUTH command to indicate that TLS is required. To request the TLS protocol in accordance with this document, the client MUST use 'TLS'

If we want to support SSL we could change the current implementation by renaming "auth_tls()" method to just "auth" and play with the ssl_version attribute, like this:

class FTP_TLS(FTP): ssl_version = ssl.PROTOCOL_TLSv1

def auth(self):
    if self.ssl_version == ssl.PROTOCOL_TLSv1:
        resp = self.voidcmd('AUTH TLS')
    else:
        resp = self.voidcmd('AUTH SSL')
    ...

The user willing to use SSL instead of TLS will have to change ssl_version class attribute with "FTP_TLS.ssl_version = ssl.PROTOCOL_TLSv1" and then call auth().

Deciding whether rejecting or accepting it will be up to the server depending on how it has been configured (almost all recent FTP servers reject SSLv2).

I noticed you were using ftp.python.org in the example strings, but that service doesn't seem to be alive. I don't know if there's another public FTP-TLS server you could rely on...?

Yeah, I know. I just copied from original FTP class docstring. As of now I'm not aware of any public FTPS server we could use.