From 109640fcf2f2d1c7fa943a9185e85c4c64d813ec Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Wed, 16 Sep 2020 10:40:22 +0200 Subject: [PATCH 1/2] fix TLS for active connections based on RFC 4217, section 7, for active connections the FTP client MUST be the TLS client and the FTP server MUST be the TLS server --- persistent_connection.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/persistent_connection.go b/persistent_connection.go index 15f5d74..48e59a5 100644 --- a/persistent_connection.go +++ b/persistent_connection.go @@ -402,7 +402,10 @@ func (pconn *persistentConn) prepareDataConn() (func() (net.Conn, error), error) } if pconn.config.TLSConfig != nil { - dc = tls.Server(dc, pconn.config.TLSConfig) + // based on RFC 4217, section 7, for active connections + // the FTP client MUST be the TLS client and the FTP + // server MUST be the TLS server + dc = tls.Client(dc, pconn.config.TLSConfig) pconn.debug("upgraded active connection to TLS") } From 843d4cca4bb2330a94b378b05eba6865f6a8fedb Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Wed, 16 Sep 2020 11:17:33 +0200 Subject: [PATCH 2/2] build_test_server: fix proftpd download link --- build_test_server.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build_test_server.sh b/build_test_server.sh index 53c4f06..e37d84d 100755 --- a/build_test_server.sh +++ b/build_test_server.sh @@ -7,9 +7,9 @@ cd ftpd ftpd_dir=`pwd` -curl -O ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.5.tar.gz -tar -xzf proftpd-1.3.5.tar.gz -cd proftpd-1.3.5 +curl -L -O https://github.com/proftpd/proftpd/archive/v1.3.5e.tar.gz +tar -xzf v1.3.5e.tar.gz +cd proftpd-1.3.5e # fix slow tls data connection handshake (https://github.com/proftpd/proftpd/pull/48) perl -pi -e 's/(\Qpr_inet_set_proto_nodelay(conn->pool, conn, 1);\E)/$1\n(void) pr_inet_set_proto_cork(conn->wfd, 0);/' contrib/mod_tls.c