Mailing List Archive: Python: Bugs

[issue2054] add ftp-tls support to ftplib - RFC 4217

1 2

View All

Index | Next | Previous | View Threaded

report at bugs

Oct 25, 2009, 7:34 AM

Post #26 of 41 (325 views)
Permalink

[issue2054] add ftp-tls support to ftplib - RFC 4217 [In reply to]

Domen <ielectric [at] gmail> added the comment:

What about AUTH SSL? Or is it too-deprecated?

----------

_______________________________________
Python tracker <report [at] bugs>
<http://bugs.python.org/issue2054>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/list-python-bugs%40lists.gossamer-threads.com

report at bugs

Nov 4, 2009, 1:53 PM

Post #27 of 41 (319 views)
Permalink

[issue2054] add ftp-tls support to ftplib - RFC 4217 [In reply to]

Antoine Pitrou <pitrou [at] free> added the comment:

I noticed you were using ftp.python.org in the example strings, but that
service doesn't seem to be alive. I don't know if there's another public
FTP-TLS server you could rely on...?

----------

_______________________________________
Python tracker <report [at] bugs>
<http://bugs.python.org/issue2054>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/list-python-bugs%40lists.gossamer-threads.com

report at bugs

Nov 6, 2009, 12:10 PM

Post #28 of 41 (316 views)
Permalink

[issue2054] add ftp-tls support to ftplib - RFC 4217 [In reply to]

Domen <ielectric [at] gmail> added the comment:

I've tested TLS with several private servers today, seems to work. I
cannot test patch against FTP SSL encryption, although it is obviously
not implemented

----------

_______________________________________
Python tracker <report [at] bugs>
<http://bugs.python.org/issue2054>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/list-python-bugs%40lists.gossamer-threads.com

report at bugs

Nov 6, 2009, 3:51 PM

Post #29 of 41 (316 views)
Permalink

[issue2054] add ftp-tls support to ftplib - RFC 4217 [In reply to]

Giampaolo Rodola' <billiejoex [at] users> added the comment:

Sorry for delay in the response. The latest messages slipped under my
radar.

> What about AUTH SSL? Or is it too-deprecated?

I'm not sure about this.
TLS is certainly preferred over SSL and RFC-4217 only refers to TLS
protocol, altough SSL is mentioned in some chapters.

RFC-4217 states:

> As the SSL/TLS protocols self-negotiate their levels, there is no
> need to distinguish between SSL and TLS in the application layer.
> The mechanism name for negotiating TLS is the character string
> identified in {TLS-PARM}.
>
> [...]
>
> {TLS-PARM} - The parameter for the AUTH command to indicate that TLS
> is required. To request the TLS protocol in accordance with this
> document, the client MUST use 'TLS'

If we want to support SSL we could change the current implementation by
renaming "auth_tls()" method to just "auth" and play with the
ssl_version attribute, like this:

class FTP_TLS(FTP):
ssl_version = ssl.PROTOCOL_TLSv1

def auth(self):
if self.ssl_version == ssl.PROTOCOL_TLSv1:
resp = self.voidcmd('AUTH TLS')
else:
resp = self.voidcmd('AUTH SSL')
...

The user willing to use SSL instead of TLS will have to change
ssl_version class attribute with "FTP_TLS.ssl_version =
ssl.PROTOCOL_TLSv1" and then call auth().

Deciding whether rejecting or accepting it will be up to the server
depending on how it has been configured (almost all recent FTP servers
reject SSLv2).

> I noticed you were using ftp.python.org in the example strings, but
> that service doesn't seem to be alive. I don't know if there's another
> public FTP-TLS server you could rely on...?

Yeah, I know. I just copied from original FTP class docstring.
As of now I'm not aware of any public FTPS server we could use.

----------

_______________________________________
Python tracker <report [at] bugs>
<http://bugs.python.org/issue2054>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/list-python-bugs%40lists.gossamer-threads.com

report at bugs

Nov 6, 2009, 3:53 PM

Post #30 of 41 (316 views)
Permalink

[issue2054] add ftp-tls support to ftplib - RFC 4217 [In reply to]

Giampaolo Rodola' <billiejoex [at] users> added the comment:

> The user willing to use SSL instead of TLS will have to change
> ssl_version class attribute with "FTP_TLS.ssl_version =
> ssl.PROTOCOL_TLSv1" and then call auth().

Sorry but here I obviously meant "ssl.PROTOCOL_SSLv2/3"

----------

_______________________________________
Python tracker <report [at] bugs>
<http://bugs.python.org/issue2054>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/list-python-bugs%40lists.gossamer-threads.com

report at bugs

Nov 15, 2009, 6:28 AM

Post #31 of 41 (297 views)
Permalink

[issue2054] add ftp-tls support to ftplib - RFC 4217 [In reply to]

Antoine Pitrou <pitrou [at] free> added the comment:

Giampaolo, do you plan to add something or is the patch ok to commit?

----------

_______________________________________
Python tracker <report [at] bugs>
<http://bugs.python.org/issue2054>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/list-python-bugs%40lists.gossamer-threads.com

report at bugs

Nov 15, 2009, 8:55 AM

Post #32 of 41 (295 views)
Permalink

[issue2054] add ftp-tls support to ftplib - RFC 4217 [In reply to]

Giampaolo Rodola' <billiejoex [at] users> added the comment:

If we want to add SSL support then the patch in attachment modifies the
last one as I described in my previous comment.
I re-run the tests and they are ok so I guess you can go on with the
commit.

----------
Added file: http://bugs.python.org/file15343/ftplib.patch

_______________________________________
Python tracker <report [at] bugs>
<http://bugs.python.org/issue2054>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/list-python-bugs%40lists.gossamer-threads.com

report at bugs

Nov 15, 2009, 9:50 AM

Post #33 of 41 (295 views)
Permalink

[issue2054] add ftp-tls support to ftplib - RFC 4217 [In reply to]

Antoine Pitrou <pitrou [at] free> added the comment:

The tests don't work under py3k, for some reason I can't figure out.
There's the following error and then the tests hang:

test_acct (test.test_ftplib.TestTLS_FTPClassMixin) ... Exception in
thread Thread-31:
Traceback (most recent call last):
File "/home/antoine/py3k/__svn__/Lib/threading.py", line 521, in
_bootstrap_inner
self.run()
File "/home/antoine/py3k/__svn__/Lib/test/test_ftplib.py", line 214,
in run
asyncore.loop(timeout=0.1, count=1)
File "/home/antoine/py3k/__svn__/Lib/asyncore.py", line 210, in loop
poll_fun(timeout, map)
File "/home/antoine/py3k/__svn__/Lib/asyncore.py", line 136, in poll
r, w, e = select.select(r, w, e, timeout)
select.error: (9, 'Bad file descriptor')

----------
assignee: pitrou ->
versions: -Python 2.7

_______________________________________
Python tracker <report [at] bugs>
<http://bugs.python.org/issue2054>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/list-python-bugs%40lists.gossamer-threads.com

report at bugs

Nov 16, 2009, 10:52 AM

Post #34 of 41 (294 views)
Permalink

[issue2054] add ftp-tls support to ftplib - RFC 4217 [In reply to]

Giampaolo Rodola' <billiejoex [at] users> added the comment:

Can you attach the 3.x patch so that I can test it myself?
I tried to apply the current 2.x patch against the 3.x trunk but I get
conflicts.

----------

_______________________________________
Python tracker <report [at] bugs>
<http://bugs.python.org/issue2054>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/list-python-bugs%40lists.gossamer-threads.com

report at bugs

Nov 17, 2009, 1:36 AM

Post #35 of 41 (290 views)
Permalink

[issue2054] add ftp-tls support to ftplib - RFC 4217 [In reply to]

Antoine Pitrou <pitrou [at] free> added the comment:

Here is the current py3k patch I have, after resolving conflicts and
cleaning up the obvious problems.
After tracing a bit, it seems that ssl.wrap_socket() changes the socket
fileno under py3k, while it doesn't under trunk.

----------
Added file: http://bugs.python.org/file15349/ftptls-py3k.patch

_______________________________________
Python tracker <report [at] bugs>
<http://bugs.python.org/issue2054>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/list-python-bugs%40lists.gossamer-threads.com

report at bugs

Nov 17, 2009, 1:43 AM

Post #36 of 41 (291 views)
Permalink

[issue2054] add ftp-tls support to ftplib - RFC 4217 [In reply to]

Antoine Pitrou <pitrou [at] free> added the comment:

Ok, I now have a working patch. The main fix was to change
SSLConnection.secure_connection() to:

def secure_connection(self):
socket = ssl.wrap_socket([ ##etc. ])
self.del_channel()
self.set_socket(socket)
self._ssl_accepting = True

Can you take a look?

----------
Added file: http://bugs.python.org/file15350/ftptls-py3k-2.patch

_______________________________________
Python tracker <report [at] bugs>
<http://bugs.python.org/issue2054>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/list-python-bugs%40lists.gossamer-threads.com

report at bugs

Nov 17, 2009, 1:45 AM

Post #37 of 41 (291 views)
Permalink

[issue2054] add ftp-tls support to ftplib - RFC 4217 [In reply to]

Changes by Antoine Pitrou <pitrou [at] free>:

Removed file: http://bugs.python.org/file15350/ftptls-py3k-2.patch

_______________________________________
Python tracker <report [at] bugs>
<http://bugs.python.org/issue2054>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/list-python-bugs%40lists.gossamer-threads.com

report at bugs

Nov 17, 2009, 1:45 AM

Post #38 of 41 (291 views)
Permalink

[issue2054] add ftp-tls support to ftplib - RFC 4217 [In reply to]

Changes by Antoine Pitrou <pitrou [at] free>:

Added file: http://bugs.python.org/file15351/ftptls-py3k-2.patch

_______________________________________
Python tracker <report [at] bugs>
<http://bugs.python.org/issue2054>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/list-python-bugs%40lists.gossamer-threads.com

report at bugs

Nov 17, 2009, 12:01 PM

Post #39 of 41 (286 views)
Permalink

[issue2054] add ftp-tls support to ftplib - RFC 4217 [In reply to]

Giampaolo Rodola' <billiejoex [at] users> added the comment:

Ok, I took a look and it seems ok to me but I still get some occasional
failures on Windows from time to time.
Because of the threading nature of our server I suspect that moving
del_channel() before ssl.wrap_socket() call, like this:

- socket = ssl.wrap_socket([ ##etc. ])
- self.del_channel()
- self.set_socket(socket)

+ self.del_channel()
+ self.socket = ssl.wrap_socket(...)
+ self.set_socket(self.socket)

...makes more sense (ps: pay attention, it's "self.socket", not
"socket").
After I did that I stopped seeing the occasional failures (I'm not 100%
sure it's actually related, but...).

This is quite strange, anyway.
I suspect it has something to do with this:
http://entitycrisis.blogspot.com/2009/11/python-3-is-it-doomed.html

----------

_______________________________________
Python tracker <report [at] bugs>
<http://bugs.python.org/issue2054>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/list-python-bugs%40lists.gossamer-threads.com

report at bugs

Nov 17, 2009, 12:31 PM

Post #40 of 41 (285 views)
Permalink

[issue2054] add ftp-tls support to ftplib - RFC 4217 [In reply to]

Antoine Pitrou <pitrou [at] free> added the comment:

> Ok, I took a look and it seems ok to me but I still get some occasional
> failures on Windows from time to time.
> Because of the threading nature of our server I suspect that moving
> del_channel() before ssl.wrap_socket() call, like this:

Ok, thanks!

> ...makes more sense (ps: pay attention, it's "self.socket", not
> "socket").

set_socket() sets self.socket, so it should be the same.

I'm going to commit on py3k and watch the buildbots a bit.

----------

_______________________________________
Python tracker <report [at] bugs>
<http://bugs.python.org/issue2054>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/list-python-bugs%40lists.gossamer-threads.com

report at bugs

Nov 17, 2009, 3:16 PM

Post #41 of 41 (285 views)
Permalink

[issue2054] add ftp-tls support to ftplib - RFC 4217 [In reply to]

Antoine Pitrou <pitrou [at] free> added the comment:

Buildbots are ok. Thank you!

----------
resolution: accepted -> fixed
stage: commit review -> committed/rejected
status: open -> closed

_______________________________________
Python tracker <report [at] bugs>
<http://bugs.python.org/issue2054>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/list-python-bugs%40lists.gossamer-threads.com

1 2

View All

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads