On 12/20/04(08:07) you feedback@delegate.. (Yutaka Sato) wrote
| |I agree that the implementation of STARTTLS in DeleGate should be more
| |neat, but I think it should be implemented in each protocol interpreter
| |of each application protocol, as described in
| |<URL:http://www.delegate.org/mail-lists/delegate/9913> (in Japanese,
| |sorry) while keeping the code of SSLway as simple as possible.
| |In this approach, we can realize "starting TLS coder (sslway) only when
| |it is necessary", as realized in STARTTLS for FTP-data. Also it will
| |ease the replacement of SSLway with other simple TLS coder in future,
| |like s_server/s_client of OpenSSL.
| |So I extended "smtp.c" to support such "SSLway on demand" by extending
| |the CMAP parameter. It can be used as
|I implemented this for STARTTLS in FTP-DeleGate too, thus you can wrap
|FTP by SSL with
To make the interface more simple, I introduced "STLS" parameter.
For any protocol supporting STARTTLS (FTP, SMTP, POP, IMAP), you can
enalbe STARTTLS with the following parameter.
STLS=FCL ... for STARTTLS with client
STLS=FSV ... for STARTTLS with server
|The current snap-shot of DeleGate including this extension is uploaded
The current snap-shot of DeleGate including this extension is uploaded
D G Yutaka Sato <firstname.lastname@example.org> http://delegate.org/y.sato/
( - ) National Institute of Advanced Industrial Science and Technology
_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller
STLS parameter* == STLS=stlsSpecs[,sslwayCom][:connMap]
stlsSpecs == [-]stlsSpec[/ssl][,stlsSpecs]
stlsSpec == FSV | FCL
connMap == ProtoList:dstHostList:srcHostList
-- default: none
-- restriction: applicable to FTP, SMTP, POP, IMAP
-- required: SSLway
This parameter controls the initiation of SSL (TLS) based on a negotiation
between client and server in each application protocol. The common scheme of the
negotiation is known as "STARTTLS". "FSV" specifies using SSL with server and
"FCL" specifies using SSL with client. When SSL is not supported on a connection,
the STARTTLS negotiation will fail and the connection will be closed by default.
To continue a session even when SSL is not available, prefix "-" to "FSV" or "FCL".
STLS="FCL" -- use SSL with client (exit the session if not available)
STLS="-FCL" -- use SSL with client if available
STLS="FSV,-FCL" -- use SSL with server, and with client if available
STLS="FSV/ssl" SERVER="ftp" -- use AUTH SSL instead of AUTH TLS