Scott,
Perhaps is has become time for me to also give to the community instead of only using the fruits of others.
This depends on how the desicion is made on how to proceed (that is in the hands of the client) because we also have something like a clock.
If enhancing FTP with SSL is the road I will give it a go based on what is in HTTPAPI and bring that back to the community.
In the examples of HTTPAPI however indeed I only find the Client parts for SSL.
Our FTP interface is the receiving part of the interface waiting on the requests of the thirth party (the server is based on your excellent Sockets Tutorial) and I will have to figure out how that part of an SSL connection is working (any help appreciated).
Perhaps I can also use information like in here:
Kind regards,
Eduard Sluis.
Scott Klement <sk@xxxxxxxxxxxxxxxx> wrote:
Sender: Scott Klement
Hi Eduard,
> One of our current very fine working FTPAPI interfaces has not passed
> audit scrutinizing. Now they have changed the requirements and the
> communication needs to operate using SSL. In the archives however I've
> found (March 2004) that FTPAPI does not support SSL at that time. In the
> official version SSL is till now 'so far as I know' SSL not supported.
Correct, FTPAPI does not have SSL implemented.
Do you know why HTTPAPI has SSL support and FTPAPI doesn't? Because the
company that I work for needed an SSL implementation of HTTP in order to
communicate with a business partner. Therefore, I was able to enhance
HTTPPAI "on the clock." We don't need SSL FTP, however, so if I wanted to
change FTPAPI I'd have to do it on my own time, without pay.
This how open source works. Someone does something that THEY need, and
releases it "open source" so
other people can benefit from what he has
done. When they need something new, they make those enhancements and
submit THAT back to the project. So, the open source project keeps
getting better and better because everyone is willing to help everyone
else.
> Perhaps someone has created SSL functionality based on FTPAPI and can
> help me out? If not, who can give me an idea of what need to be
> changed/added to bring FTP under SSL?
In version 1.10 of HTTPAPI, I separated all of the network routines into
modules called CommTCP and CommSSL. My long-term plan was to use this
same paradigm in FTPAPI. (If possible, use the same code!)
> I know I have the possibility to change to HTTPAPI but:
> - We are the server for this connection.
> - Don't want to go sit behind an webinstance (performance and
> environment creation issues).
If you are the server, how is FTPAPI or HTTPAPI helping you?! Both of
those
service progams are client-only.
A web application using a CGI script written in RPG runs at least as fast
as an FTP transfer, so I don't understand why "sitting behind a web
instance" would be a performance issue -- unless, of course, the web
instance is written in Java instead of RPG!
> - The client is a (USA) third party on an none iSeries and not very
> known for ease of change in to be used technology and pace of delivery.
Then how are you going to get them to change to an SSL FTP connection?
Seems to me that if they have to change their software to use SSL, they
might as well also change it to use HTTP. Unless, of course, their
software already supports SSL under FTP.
But, I've seen very few SSL FTP implementations. Most of the time, people
are using SSH for that sort of thing. By contrast, every HTTP
implementation I've seen supports
SSL.
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------