pdonahue wrote: ↑Thu May 02, 2024 5:13 pm
I really, really want to avoid sending a cleartext password. If I use a ftp:// URL then how do I know that it's using TLS? Is putting "set ftp:ssl-force true" in ~/.lftprc sufficient? (I can't find a definitive answer on the web.)
It looks to be doing the right thing. I had put the same force-ssl directive in my .lftprc and ran it under strace. Here are some interesting bits:
17:23:48 write(1, "cd `.' [FEAT negotiation...]", 28) = 28
17:23:48 write(1, "\r", 1) = 1
17:23:48 pselect6(5, [4], [], NULL, {tv_sec=0, tv_nsec=979852000}, NULL) = 1 (in [4], left {tv_sec=0, tv_nsec=887684053})
17:23:48 read(4, "220 ::ffff:69.12.210.156 FTP ser"..., 65536) = 43
17:23:48 read(4, 0x5c842e516d90, 65536) = -1 EAGAIN (Resource temporarily unavailable)
17:23:48 write(4, "FEAT\r\n", 6) = 6
17:23:48 pselect6(5, [4], [], NULL, {tv_sec=0, tv_nsec=705845000}, NULL) = 1 (in [4], left {tv_sec=0, tv_nsec=703201853})
17:23:48 read(4, "211-Features:\r\n AUTH TLS\r\n CCC\r\n"..., 65536) = 53
...
17:23:48 write(4, "AUTH TLS\r\n", 10) = 10
17:23:48 pselect6(5, [4], [], NULL, {tv_sec=0, tv_nsec=702022000}, NULL) = 1 (in [4], left {tv_sec=0, tv_nsec=699220006})
17:23:48 read(4, "234 AUTH TLS successful\r\n", 65536) = 25
...
17:23:48 access("/etc/ssl/certs/ca-certificates.crt", R_OK) = 0
17:23:48 newfstatat(AT_FDCWD, "/etc/ssl/certs/ca-certificates.crt", {st_mode=S_IFREG|0644, st_size=208567, ...}, 0) = 0
17:23:48 access("/etc/ssl/certs/ca-certificates.crt", R_OK) = 0
17:23:48 openat(AT_FDCWD, "/etc/ssl/certs/ca-certificates.crt", O_RDONLY) = 5
...