You are viewing a plain text version of this content. The canonical link for it is here.
Posted to ftpserver-users@mina.apache.org by Sai Pullabhotla <sa...@jmethods.com> on 2008/12/11 16:34:44 UTC
SSL related commands need to be allowed before login
I just got into testing the FTPS portion of the server. It looks like
we do NOT allow PBSZ or PROT commands before the user logs in.
Shouldn't we be allowing these commands? My understanding from the RFC
2228 is that client first issues AUTH, then possibly several other
commands like PBSZ and PROT before it issues the USER and PASS. What
do you guys think?
Thanks.
Sai Pullabhotla
Phone: (402) 408-5753
Fax: (402) 408-6861
www.jMethods.com
Re: SSL related commands need to be allowed before login
Posted by Niklas Gustavsson <ni...@protocol7.com>.
On Thu, Dec 11, 2008 at 11:29 PM, Sai Pullabhotla
<sa...@jmethods.com> wrote:
> The reason I brought this up is because I could not connect with the
> FTP Client, JFTP (www.jMethods.com) that I wrote. I can connect to
> pretty much any other FTPS server with it except this. :(
Well, that's a pretty good argument (that other servers allow for it).
Add a JIRA and we'll fix it for RC1.
/niklas
Re: SSL related commands need to be allowed before login
Posted by Sai Pullabhotla <sa...@jmethods.com>.
The reason I brought this up is because I could not connect with the
FTP Client, JFTP (www.jMethods.com) that I wrote. I can connect to
pretty much any other FTPS server with it except this. :( I'm sure
there might be other clients that do the same and would error out (but
I'm not sure).
Thanks.
Sai Pullabhotla
Phone: (402) 408-5753
Fax: (402) 408-6861
www.jMethods.com
On Thu, Dec 11, 2008 at 3:22 PM, Niklas Gustavsson <ni...@protocol7.com> wrote:
> On Thu, Dec 11, 2008 at 4:34 PM, Sai Pullabhotla
> <sa...@jmethods.com> wrote:
>> I just got into testing the FTPS portion of the server.
>
> Looking forward to that :-)
>
>> It looks like
>> we do NOT allow PBSZ or PROT commands before the user logs in.
>> Shouldn't we be allowing these commands? My understanding from the RFC
>> 2228 is that client first issues AUTH, then possibly several other
>> commands like PBSZ and PROT before it issues the USER and PASS. What
>> do you guys think?
>
> I can't find anything in the RFC contradicting that, and I see no
> issue with allowing it. What do the rest of you think?
>
> /niklas
>
Re: SSL related commands need to be allowed before login
Posted by Niklas Gustavsson <ni...@protocol7.com>.
On Thu, Dec 11, 2008 at 4:34 PM, Sai Pullabhotla
<sa...@jmethods.com> wrote:
> I just got into testing the FTPS portion of the server.
Looking forward to that :-)
> It looks like
> we do NOT allow PBSZ or PROT commands before the user logs in.
> Shouldn't we be allowing these commands? My understanding from the RFC
> 2228 is that client first issues AUTH, then possibly several other
> commands like PBSZ and PROT before it issues the USER and PASS. What
> do you guys think?
I can't find anything in the RFC contradicting that, and I see no
issue with allowing it. What do the rest of you think?
/niklas