ftp: allow specifying supported protocols

Sat, 05 Sep 2020 11:29:19 -0700 

I found this small diff useful more than once (admittedly for debugging).
It allows specifying the protocols that may be used by ftp the same way
as nc -Tprotocols works. For example:

$ ftp -Sprotocols=tlsv1.2:tlsv1.1 https://example.com/file

Perhaps someone else has use for it, too?

Index: ftp.1
===================================================================
RCS file: /var/cvs/src/usr.bin/ftp/ftp.1,v
retrieving revision 1.119
diff -u -p -r1.119 ftp.1
--- ftp.1       11 Feb 2020 18:41:39 -0000      1.119
+++ ftp.1       5 Sep 2020 18:11:24 -0000
@@ -261,6 +261,12 @@ Don't perform server certificate validat
 Require the server to present a valid OCSP stapling in the TLS handshake.
 .It Cm noverifytime
 Disable validation of certificate times and OCSP validation.
+.It Cm protocols Ns = Ns Ar protocol_list
+Specify the supported TLS protocols that will be used by
+.Nm
+(see
+.Xr tls_config_parse_protocols 3
+for details).
 .It Cm session Ns = Ns Ar /path/to/session
 Specify a file to use for TLS session data.
 If this file has a non-zero length, the session data will be read from this 
file
Index: main.c
===================================================================
RCS file: /var/cvs/src/usr.bin/ftp/main.c,v
retrieving revision 1.132
diff -u -p -r1.132 main.c
--- main.c      1 Sep 2020 12:33:48 -0000       1.132
+++ main.c      1 Sep 2020 18:13:09 -0000
@@ -209,6 +209,8 @@ char * const ssl_verify_opts[] = {
        "noverifytime",
 #define SSL_SESSION            8
        "session",
+#define SSL_PROTOCOLS          9
+       "protocols",
        NULL
 };
 
@@ -220,6 +222,7 @@ process_ssl_options(char *cp)
 {
        const char *errstr;
        long long depth;
+       uint32_t protocols;
        char *str;
 
        while (*cp) {
@@ -278,6 +281,14 @@ process_ssl_options(char *cp)
                            tls_session_fd) == -1)
                                errx(1, "failed to set session: %s",
                                    tls_config_error(tls_config));
+                       break;
+               case SSL_PROTOCOLS:
+                       if (str == NULL)
+                               errx(1, "missing protocol name");
+                       if (tls_config_parse_protocols(&protocols, str) != 0)
+                               errx(1, "failed to parse TLS protocols");
+                       if (tls_config_set_protocols(tls_config, protocols) != 
0)
+                               errx(1, "failed to set TLS protocols");
                        break;
                default:
                        errx(1, "unknown -S suboption `%s'",

Reply via email to