Giampaolo Rodola' <[EMAIL PROTECTED]> added the comment: > This is a straightforward implementation of client-side use of SSL, > but it's missing a test case for evaluation. It should include a > patch to test_ftplib to test it.
I'm not sure how it could be tested, since we don't have an FTPS server to test against. The current test suite itself only tests the new timeout feature added in ftplib.FTP class in Python 2.6 and nothing else. > Another thing to look at is what the useful arguments are to pass in > for TLS usage over FTP. If, for example, the client needs to validate > the server's certificate or identity, provision should be made for a > file of cacerts to be passed to the FTP_TLS instance. Passing in a > keyfile and certfile is usually only necessary when the client uses > them to identify itself to the server. I drew from the SSL classes defined in httplib, imaplib, poplib, smtplib and urllib modules which accept a keyfile and a certfile in the class constructor so I thought it was the "right way". Is there a reason why the FTP protocol should behave differently as you have described? > In FTP_TLS.__init__ you call FTP.__init__. The latter in turn calls > FTP.login if a username is supplied. Thus you end up trying to login > before issuing the AUTH TLS command. The result is, that username and > passwords are send unencrypted. Or do I miss a subtle trick here? You're right, I avoided doing that since the TLS encryption should be requested specifically by the user. We could implicitly secure the control connection if the "user" argument is provided when invoking the class constructor and eventually add a "secure" kwarg to login method that defaults to True. > The lib should give programmer choice wether to send login through TLS > or not. (as it is described in RFC 4217). This is what it does if you use auth_tls() before login(). > Also, there should be an optional parameter to specify port for ftp > connection. This is already possible by using the original (inherited) connect() method. __________________________________ Tracker <[EMAIL PROTECTED]> <http://bugs.python.org/issue2054> __________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com