On Tue, 6 Nov 2001, Huy Nguyen wrote:

(CC'ing the curl mailing list, this will interest other readers...)

> With stunnel, one usually specifies a port for stunnel to listen to the
> encrypted incoming traffic from the ftp client and another port to
> forward the unencrypted traffic to the ftp server. How does this work
> with ftp since the data port can not be determined ahead of time. Does
> curl implementation of ftp over ssl only encrypts the traffic on the
> control port?

*Bang* on target! Yes, the FTPS support curl offers is a non-standard
protocol (as in there's no RFCs that define it) and I made it work with an
existing implementation that uses SSL only for the control connection, on
which it sends the passwords etc. The data will still be sent as cleartext.

I don't think there would be very hard to add SSL for the data connection as
well, should there be any servers that use that system that we want to be
able to use.

> BTW, the version of curl-6.0-1.1 that I download no longer supports the
> --cacert option? Do you know why that was removed?

I have no clue what the "curl-6.0-1.1" package is or what it contains.
There's no package with that name on any download mirror that originates from
me.

I can't see any reason why --cacert would get removed. For many SSL users it
is next to vital. It is present in the recently released 7.9.1 and it has
been been present in the last couple of versions as well (it was first
introduced in curl 7.5, back in late November last year).

-- 
    Daniel Stenberg -- curl groks URLs -- http://curl.haxx.se/