Make PBSZ optional #279
Comments
|
Thanks for the pull request! I may change the |
|
You are most welcome, I've fixed the things you've pointed out in the pull request, please take a look at it again. I've chosen "RequirePBSZ", because it's specifically about that command, and the error message also mentions this command in reply to PROT, when forgotten. There are a rather large number of relevant RFCs, and even RFC2228 has multiple requirements, that's one of the reasons why I chosen a name for the option with "RFC" in it. Personally I think, that might be misleading and confusing on the long run. |
|
In the case of FTP over SSL/TLS, there's only one particularly relevant RFC: RFC 4127. However, your point is taken. Another approach might be to not provide such a |
|
Honestly, I don't really see any reason why couldn't be optional by default, except if some sysadmin is feeling to start a holy crusade against broken clients, and wants to teach the world a lesson. Apart from that, I don't think it would hurt anyone. Would you like me to change the pull request to make this the default behaviour? |
|
Yes, please. It's easy enough to add such an option in, later, if/when we find a use case. |
|
Done, please review. Instead of removing the error return, i've just disabled the codepath with a macro, if that's fine. Might come handy if there's a usecase. |
|
PR merged to master; thanks! |
We've found a broken client, which doesn't do PBSZ before PROT, and by RFC2228 proftpd is refusing the client because of this. I would like to ask to make PBSZ optional, because even in the source it's forced to 0, and to the best of my knowledge, it doesn't raise any security issues as well.
As per email discussion with castaglia, I've created a patch, and will create a pull request for it.
The path introduces a new TLSOptions option named "RequirePBSZ", and PBSZ will only be required if that flag is present. If the flag is not specified, then PBSZ is optional.
The text was updated successfully, but these errors were encountered: