curl-users
Re: Fw: Secure FTP server that interoperates with cURL
Date: Fri, 09 Nov 2001 00:25:33 +0000
OK, the version that I downloaded was from debian.org and it is outdated.
That explains why it doesn't have --cacert option.
Back to my FTPS question, there is sftp server from openssh which is
tunneled through ssh. This means that both the control and data channel are
encrypted. What does it take to get curl to interoperate with this sftp
server approach?
Cheers,
Huy
>From: Daniel Stenberg <daniel_at_haxx.se>
>Reply-To: curl_at_contactor.se
>To: Huy Nguyen <triall3_at_hotmail.com>
>CC: Curl Mailinglist <curl_at_contactor.se>
>Subject: Re: Fw: Secure FTP server that interoperates with cURL
>Date: Tue, 6 Nov 2001 08:23:03 +0100 (MET)
>
>On Tue, 6 Nov 2001, Huy Nguyen wrote:
>
>(CC'ing the curl mailing list, this will interest other readers...)
>
> > With stunnel, one usually specifies a port for stunnel to listen to the
> > encrypted incoming traffic from the ftp client and another port to
> > forward the unencrypted traffic to the ftp server. How does this work
> > with ftp since the data port can not be determined ahead of time. Does
> > curl implementation of ftp over ssl only encrypts the traffic on the
> > control port?
>
>*Bang* on target! Yes, the FTPS support curl offers is a non-standard
>protocol (as in there's no RFCs that define it) and I made it work with an
>existing implementation that uses SSL only for the control connection, on
>which it sends the passwords etc. The data will still be sent as cleartext.
>
>I don't think there would be very hard to add SSL for the data connection
>as
>well, should there be any servers that use that system that we want to be
>able to use.
>
> > BTW, the version of curl-6.0-1.1 that I download no longer supports the
> > --cacert option? Do you know why that was removed?
>
>I have no clue what the "curl-6.0-1.1" package is or what it contains.
>There's no package with that name on any download mirror that originates
>from
>me.
>
>I can't see any reason why --cacert would get removed. For many SSL users
>it
>is next to vital. It is present in the recently released 7.9.1 and it has
>been been present in the last couple of versions as well (it was first
>introduced in curl 7.5, back in late November last year).
>
>--
> Daniel Stenberg -- curl groks URLs -- http://curl.haxx.se/
>
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
Received on 2001-11-09