1. Forum
  2. Usenet
  3. COMP.LANG.TCL

  • FTP over TLS

    From Mike Griffiths@21:1/5 to All on Sun May 14 13:30:16 2023
    Hi all,

    Does anyone have any experience of doing FTP over TLS in TCL? I was naively hoping, when I saw no mention of it in the ftp package docs or wiki page, that it may be as easy as just changing [socket] calls in the ftp package code for ::tls::socket but (
    with verbose and debug options in the ftp package set) I'm just getting error messages:

    error error | Service not available!
    error error | Not connected!

    after very long timeouts. Anyone have any advice/experience doing this?

    (Mike) 39 % package require Tcl
    8.6.9
    (Mike) 40 % package require ftp
    2.4.13
    (Mike) 41 % package require tls
    1.7.16

    Many thanks,

    Mike

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andreas Leitgeb@21:1/5 to Mike Griffiths on Mon May 15 10:16:06 2023
    Mike Griffiths <mike@keyboardzombie.com> wrote:
    Does anyone have any experience of doing FTP over TLS in TCL?

    ftp is a rather "complicated" protocol, involving separate connections
    for transfer of directory listings or files.

    There exist some approaches to wrap that with tls channels, but I must
    admit I'm not very experienced with those. My feeling is, that at
    very least, you need to make sure to switch "passive" mode off (or was
    it on, anyway, be sure to try both ways!)

    The "wrong" one of these "passive" settings would require the ftp-server
    to open a connection back to you, which pretty surely wouldn't work.

    Most likely it would be best to find some other alternative like
    "sftp", which is based on ssh and entirely different.


    I was naively hoping, when I saw no mention of it in the ftp package docs
    or wiki page, that it may be as easy as just changing [socket] calls in the ftp package code for ::tls::socket but (with verbose and debug options in
    the ftp package set) I'm just getting error messages:

    Also, be sure that also the secondary connection (which for correct passive-mode setting would originate from the client) also gets
    tls-wrapped.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Mike Griffiths@21:1/5 to Andreas Leitgeb on Mon May 15 04:00:18 2023
    On Monday, 15 May 2023 at 11:16:10 UTC+1, Andreas Leitgeb wrote:
    Mike Griffiths <mi...@keyboardzombie.com> wrote:
    Does anyone have any experience of doing FTP over TLS in TCL?
    ftp is a rather "complicated" protocol, involving separate connections
    for transfer of directory listings or files.

    There exist some approaches to wrap that with tls channels, but I must
    admit I'm not very experienced with those. My feeling is, that at
    very least, you need to make sure to switch "passive" mode off (or was
    it on, anyway, be sure to try both ways!)

    The "wrong" one of these "passive" settings would require the ftp-server
    to open a connection back to you, which pretty surely wouldn't work.

    Most likely it would be best to find some other alternative like
    "sftp", which is based on ssh and entirely different.
    I was naively hoping, when I saw no mention of it in the ftp package docs or wiki page, that it may be as easy as just changing [socket] calls in the
    ftp package code for ::tls::socket but (with verbose and debug options in the ftp package set) I'm just getting error messages:
    Also, be sure that also the secondary connection (which for correct passive-mode setting would originate from the client) also gets
    tls-wrapped.
    Hi Andreas,

    Thanks for your reply. For the time being I've gone with using a portable (no install) ftp client with command line behaviour that I can ship with my Tcl code to do the transfers, though if anyone's made a pure-Tcl approach this would still be great to
    see.

    I did try changing all the sockets to tls::socket variants, and a (very light) bit of research before I switched to the ftp.exe approach suggested there may actually be 2 ports in play for implicit ftps so I tried that too, as well as using both passive
    and active modes, but nothing proved successful, alas...

    Kind regards,

    Mike

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From greg@21:1/5 to All on Mon May 15 12:08:34 2023
    TclCurl
    https://wiki.tcl-lang.org/page/TclCurl

    Tcl binding for libcurl, a library for accessing internet resources of various types. Supports FTP, FTPS, , SFTP etc..

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Mike Griffiths@21:1/5 to greg on Mon May 15 12:41:56 2023
    On Monday, 15 May 2023 at 20:08:36 UTC+1, greg wrote:
    TclCurl
    https://wiki.tcl-lang.org/page/TclCurl

    Tcl binding for libcurl, a library for accessing internet resources of various types. Supports FTP, FTPS, , SFTP etc..
    Hi Greg,

    Thanks for your reply. I did have a quick look at this and I know I've used it in years gone by, but struggled to find any Win32 binaries for this; it seems to only be source available now; while it's possibly the best Tcl-only approach this
    unfortunately made it more of a time investment for me to figure out than using an external tool for this project...

    Kind regards,

    Mike

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)