-
-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add ftp-tls support to ftplib - RFC 4217 #46330
Comments
ftplib does not support ftp over SSL / TLS as described in RFC 4217. |
I've tried to work on this in the last 2 days and here is my Usage example: >>> from ftplib import FTP_TLS
>>> ftps = FTP_TLS('ftp.python.org')
>>> ftps.auth_tls() # switch to secure control connection
'234 Using authentication type TLS'
>>> ftps.login() # login anonimously
'230 Guest login ok, access restrictions apply.'
>>> ftps.prot_p() # switch to secure data connection
'200 Protection level set to P'
>>> ftps.retrlines('LIST') # list directory content securely
total 9
drwxr-xr-x 8 root wheel 1024 Jan 3 1994 .
drwxr-xr-x 8 root wheel 1024 Jan 3 1994 ..
drwxr-xr-x 2 root wheel 1024 Jan 3 1994 bin
drwxr-xr-x 2 root wheel 1024 Jan 3 1994 etc
d-wxrwxr-x 2 ftp wheel 1024 Sep 5 13:43 incoming
drwxr-xr-x 2 root wheel 1024 Nov 17 1993 lib
drwxr-xr-x 6 1094 wheel 1024 Sep 13 19:07 pub
drwxr-xr-x 3 root wheel 1024 Jan 3 1994 usr
-rw-r--r-- 1 root root 312 Aug 1 1994 welcome.msg
'226 Transfer complete.'
>>> ftps.quit()
'221 Goodbye.'
>>> It also provides a prot_c() method to switch back to a plain text data Comments are greatly appreciated. |
This is a straightforward implementation of client-side use of SSL, but Another thing to look at is what the useful arguments are to pass in for |
Damn I should have looked here earlier - so I implemented FTPS based on |
The lib should give programmer choice wether to send login through TLS Also, there should be an optional parameter to specify port for ftp |
I'm not sure how it could be tested, since we don't have an FTPS server
I drew from the SSL classes defined in httplib, imaplib, poplib, smtplib
You're right, I avoided doing that since the TLS encryption should be
This is what it does if you use auth_tls() before login().
This is already possible by using the original (inherited) connect() method. |
As you point out, the other classes should be fixed. The old client-side On Wed, Mar 19, 2008 at 12:22 PM, Giampaolo Rodola' <report@bugs.python.org>
|
Ok, how do you think it would have be modified? |
Probably what I should do is fix httplib, that would provide an example we On Wed, Mar 19, 2008 at 1:46 PM, Giampaolo Rodola' <report@bugs.python.org>
|
Once I've got JCC working, and finished the SSL work for 2.6. On Wed, Mar 19, 2008 at 1:46 PM, Giampaolo Rodola' <report@bugs.python.org>
|
FWIW, m2crypto already provides an FTP-TLS facility with an |
Right but m2crypto is not part of the standard library (and is not going Concerning the plain-text login. I think a FTPS class should default to |
On Fri, Mar 21, 2008 at 5:43 AM, Robert E. <report@bugs.python.org> wrote:
Sounds reasonable to me. Note that FTP is an old and somewhat gnarly protocol, and |
Bill, are there news about the fix to httplib? |
The 2.6/3.0 changes are now up-to-date. We could reconsider this I think the issue is that we need a way to "unwrap" the SSL-secured socket = self.unwrap() which would return a plain socket.socket instance. |
Yes, I think that providing an "unwrap" method for the ssl module would |
But httplib is far from fixed. It's a nasty tarball of interdependencies... Bill On Mon, Jun 30, 2008 at 4:12 AM, Giampaolo Rodola' <report@bugs.python.org>
|
Ok, so let's leave httplib alone. Let's just add the unwrap() method to |
Could what I've just said be an idea? |
Is the ftp-tls able to use certificate to connect to ftps server? Is that option available? What is the current status of this issue? Thanks, |
I think I'm just going to bring the unwrap already in the _ssl.c code |
OK, I think I've done the minimal fix necessary to the SSL module to |
Just wondering, has anyone done a patch since Bill made the necessary |
After Bill added SSL's unwrap() method I modified my previous patch so If some python developer could give me an ok on the patch I could start [1] http://code.google.com/p/pyftpdlib/source/browse/trunk/demo/tls_ftpd.py |
Thank you Giampaolo, it works just as I was hoping, =] I tested it on glftpd |
Actually I have encountered a possible bug. the close() method doesn't seem On Mon, Feb 23, 2009 at 11:56 PM, Jeff Oyama <report@bugs.python.org> wrote:
|
Why? What happens exactly? |
The patch is ok to me. Perhaps Bill wants to take a look, otherwise I |
A last problem: Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: attribute name must be string, not 'classobj' |
> A last problem:
>
> Traceback (most recent call last):
> File "<stdin>", line 1, in <module>
> TypeError: attribute name must be string, not 'classobj' Mmmm this doesn't say much.
I'd like the opinion of Bill too, specifically about what he was talking
I don't have commit privileges. Someone else should do it. |
Ah, sorry, roundup's e-mail interface ate part of the message.
Ok, I'll do it if Bill doesn't give a sign of life. |
Regarding msg64093, the only API change Bill's suggestion would entail |
Oh, shame on me! You're right.
Good. Anyway, I'll try to put hands on that soon and let you know what |
What about AUTH SSL? Or is it too-deprecated? |
I noticed you were using ftp.python.org in the example strings, but that |
I've tested TLS with several private servers today, seems to work. I |
Sorry for delay in the response. The latest messages slipped under my
I'm not sure about this. RFC-4217 states:
If we want to support SSL we could change the current implementation by class FTP_TLS(FTP):
ssl_version = ssl.PROTOCOL_TLSv1
def auth(self):
if self.ssl_version == ssl.PROTOCOL_TLSv1:
resp = self.voidcmd('AUTH TLS')
else:
resp = self.voidcmd('AUTH SSL')
... The user willing to use SSL instead of TLS will have to change Deciding whether rejecting or accepting it will be up to the server
Yeah, I know. I just copied from original FTP class docstring. |
Sorry but here I obviously meant "ssl.PROTOCOL_SSLv2/3" |
Giampaolo, do you plan to add something or is the patch ok to commit? |
If we want to add SSL support then the patch in attachment modifies the |
The tests don't work under py3k, for some reason I can't figure out. test_acct (test.test_ftplib.TestTLS_FTPClassMixin) ... Exception in
thread Thread-31:
Traceback (most recent call last):
File "/home/antoine/py3k/__svn__/Lib/threading.py", line 521, in
_bootstrap_inner
self.run()
File "/home/antoine/py3k/__svn__/Lib/test/test_ftplib.py", line 214,
in run
asyncore.loop(timeout=0.1, count=1)
File "/home/antoine/py3k/__svn__/Lib/asyncore.py", line 210, in loop
poll_fun(timeout, map)
File "/home/antoine/py3k/__svn__/Lib/asyncore.py", line 136, in poll
r, w, e = select.select(r, w, e, timeout)
select.error: (9, 'Bad file descriptor') |
Can you attach the 3.x patch so that I can test it myself? |
Here is the current py3k patch I have, after resolving conflicts and |
Ok, I now have a working patch. The main fix was to change def secure_connection(self):
socket = ssl.wrap_socket([ ##etc. ])
self.del_channel()
self.set_socket(socket)
self._ssl_accepting = True Can you take a look? |
Ok, I took a look and it seems ok to me but I still get some occasional
+ self.del_channel() ...makes more sense (ps: pay attention, it's "self.socket", not This is quite strange, anyway. |
Ok, thanks!
set_socket() sets self.socket, so it should be the same. I'm going to commit on py3k and watch the buildbots a bit. |
Buildbots are ok. Thank you! |
Nice! Any chance of merging with 2.7? Python3.2 is waaay too far in |
It's already in 2.7. |
Thinking back about this, I wonder whether "FTPS" could be a better name to use instead of "FTP_TLS". |
It doesn’t look like a constant, too. httplib.Client, ftplib.Client, ftplib.SecureClient would be much more descriptive than httplib.HTTP and ftplib.FTP. Any interest about adding aliases? Regards |
What do you mean by "also SSL can be used"? Secured FTP with explicit negotiation (what we are doing) is sometimes I think FTP_TLS is a fine name. Perhaps we can simply make the above |
On Sun, Apr 11, 2010 at 07:43:56PM +0000, Éric Araujo wrote:
Aliases would be a bad idea. -1. It is fine the way the issue is |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: