I was trying it with one of our own home grown client API and with Apache Commons-net. The current release of commons-net is broken, but there is a patch that was submitted, which is in the trunk. With the trunk code of commons-net, it works once in a while (one out of 4 times). The rest of the times, it thinks that it received a bad ftp reply (most probably because of timing issue, and the fact that the MINA code sends the TLS_CLOSE signal). Looks like the TLS close signal is becoming part of the reply to the command that was sent right after CCC.
Our home grown API also runs into the same issue because of the TLS_CLOSE. At this point, I am trying to figure out the correct procedure to unwrap/unprotect an SSLSocket into a plain socket and who should initiate the TLS_CLOSE, and if it is really needed. Sai Pullabhotla On Tue, Apr 19, 2011 at 8:23 AM, sebb <[email protected]> wrote: > On 19 April 2011 13:47, Sai Pullabhotla <[email protected]> wrote: >> Has any one tried to implement the CCC command in FTPS? I've been >> trying to do this, but having issues. I was wondering if any one has a >> better knowledge of what should be done to unprotect the control >> channel. >> >> Here is what I've tried: >> >> 1. Added an implementation class for CCC, and registered it with the factory >> 2. Server receives the CCC command from the client >> 3. Server sends a positive reply back to the client, and waits for the >> message to be sent using the await() method on the future. This should >> ensure that the reply to CCC is still sent over the encrypted channel. >> 4. Server removes the SslFilter from the filter chain of the session >> >> In theory (according to my understanding) this should do the trick, >> but I'm seeing different results with different clients. I could not >> get it to work consistently with any client. >> >> I noticed that the MINA code does send a TLS_CLOSE message to the >> client when the SslFilter is removed (from the onPreRemoveFilter >> method). Is this needed on the server or should the client initiate >> the TLS_CLOSE sequence, by closing the SSLSocket (without closing the >> underlying socket)? >> >> Does SSL (SSL v2 for example) also have a special close sequence like >> the TLS does? >> >> I appreciate any feedback, pointers on how to get this to work. > > It would be great if you could get this to work! > There don't seem to be many ftp servers that support CCC. > > What results are you seeing, and what clients are you using? >
