In message <_A4546@delegate-en.ML_> on 08/13/09(05:41:35)
you Jens-Erik Hansen <email@example.com> wrote:
|> It will be realized with a MountOption as "sni=hostname" instread of
|I checked everything twice -- it seem not to work.
|What I have is:
|MOUNT="/* ftp://127.0.0.1:8021/* sni=hostA.sub.foo.org"
|MOUNT="/* ftp://127.0.0.1:8021/demo/* sni=hostB.sub.foo.org"
|and /demo is always mounted even if I connect to hostA.sub.foo.org.
|Do you have any ideas?
1) You must force implicit SSL with STLS="fcl" without "-".
2) You need DeleGate/9.9.5-pre2 or later
3) You need a FTPS client program with SNI "server name indication"
extended capability enabled (with OpenSSL later than 0.9.8g)
I myself don't have a FTP client with SNI enabled, so I tested it
with DeleGate as this:
Versions% dg995p2 -Fver
DeleGate/9.9.5-pre2 (August 11, 2009)
Loaded: OpenSSL 0.9.8j 07 Jan 2009
server% dg995p2 -fv -P9021 SERVER=ftps STLS=fcl TLSCONF=-vd \
MOUNT="/* /* sni=localhost" \
MOUNT="/* /tmp/* sni=127.0.0.1"
client-1% dg995p2 FSV=sslway -Fconnect localhost 9021
client-2% dg995p2 FSV=sslway -Fconnect 127.0.0.1 9021
With client-1, the server shows as:
08/13 15:25:32.14  1+0: ## SSLway -- TLSxSNI: recv localhost
08/13 15:25:32.16  1+0: *** / => file://localhost/ ***
while with client-2:
08/13 15:26:44.04  2+0: ## SSLway -- TLSxSNI: recv 127.0.0.1
08/13 15:26:44.06  2+0: *** / => file://localhost/tmp/ ***
9 9 Yutaka Sato <firstname.lastname@example.org> http://delegate.org/y.sato/
( ~ ) National Institute of Advanced Industrial Science and Technology
_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller
Subject: Re: [DeleGate-En] virtual hosting based on SNI / TLS
On 08/12/09(03:30) I wrote in <_A4545@delegate-en.ML_>
|In message <_A4544@delegate-en.ML_> on 08/11/09(23:57:02) I wrote:
| |It will be realized with a MountOption as "sni=hostname" instread of
|I implemented it as the enclosed patch and uploaded it as 9.9.5-pre2.
|It can be used as follows for example:
| -P8021 SERVER=ftps STLS=fcl MOUNT="/* ftp://ftp-1/* sni=ftp1.dom" \
| MOUNT="/* ftp://ftp-2/* sni=ftp2.dom"
| -P8110 SERVER=pop3s STLS=fcl MOUNT="* pop://pop-1/* sni=pop1.dom" \
| MOUNT="* pop://pop-2/* sni=pop2.dom"
| ... and so on
|Note that you need recent versions of OpenSSL (later than 0.9.8g)
|with SNI support.
|In message <_A4541@delegate-en.ML_> on 08/11/09(15:30:07) I wrote:
| |In message <_A4539@delegate-en.ML_> on 08/10/09(21:55:05)
| |you Jens-Erik Hansen <email@example.com> wrote:
| | |I try to distinguish ftp mounts by the host name. Therefor I start
| | |delegated with:
| |As long as I know, the FTP protocol (and other application protocols
| |excpet HTTP/1.1) does not support switching host by a virtual host name.
| |That is the hostname shown at the client as the server name is not
| |transferred to the server.
| |So what you can do with FTP is using multipl IP-addresses and ipfw
| |(or iptables) and DeleGate's MOUNT with "odst=host" option.
| |Another possible way is using SSL (or extended TLS) (just for)
| |"Server Name Indication" which indicates the (logical or virtual)
| |server name from the client's view to the client.
| 9 9 Yutaka Sato <firstname.lastname@example.org> http://delegate.org/y.sato/
| ( ~ ) National Institute of Advanced Industrial Science and Technology
|_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
|Do the more with the less -- B. Fuller