Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for implicit FTPS #323

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add support for implicit FTPS #323

wants to merge 1 commit into from

Conversation

liangliangliangtan
Copy link

Problem Scenario

In ##120, there is a side note that FTPS can be implicit/explicit. In this Pull Request, implicit FTPS will be supported. In implicit SSL mode, a SSL handshake is initiated on connection. After the completion of a successful SSL handshake, the FTPS server will response with status code 220, which indicates that the server is ready for the new client.

An Implicit FTPS connection example with curl command:

curl -vv -k -u <username: password> ftps://<ip/domain> --cert <your_cert> --key <your_key>

  • Trying xxxx:990...
  • TCP_NODELAY set
  • Connected to xxxx port 990 (#0)
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, Request CERT (13):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.3 (OUT), TLS handshake, Certificate (11):
  • TLSv1.3 (OUT), TLS handshake, CERT verify (15):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • Server certificate:
    *xxxx
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • old SSL session ID is stale, removing
    < 220 Welcome to FTP service.

Implementation

In CLI part, add a starttls method called "ftps". In ftp.go file, add a indicator in the function and in order to compatible with existing explicit FTP, changes are as follows:

  • Create a struct FTPCtx with both TCP and TLS network connection.
  • Change the input parameter type of readFTP function from *net.TCPConn to interface net.Conn
  • Refactor the code by creating checkServiceReady and authTLS function.

@liangliangliangtan liangliangliangtan requested a review from a team as a code owner October 2, 2023 18:13
@CLAassistant
Copy link

CLAassistant commented Oct 2, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mbyczkowski mbyczkowski Awaiting requested review from mbyczkowski mbyczkowski is a code owner automatically assigned from square/cryptographic-identity

@mweissbacher mweissbacher Awaiting requested review from mweissbacher mweissbacher is a code owner automatically assigned from square/cryptographic-identity

@violetd12 violetd12 Awaiting requested review from violetd12 violetd12 is a code owner automatically assigned from square/cryptographic-identity

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@liangliangliangtan @CLAassistant