ftp(1) with TLS support

[lists@scapa.dnsalias.net]

Hi,


since many FTP servers out there support TLS these days, but decent
command line clients are hard to find, I decided to take Peter
Runestig's TLS patch (http://www.runestig.com/osp.html) for an older
version of OpenBSD's ftp(1) and merge it with our current version.

The result is called "ftptls" and can be found here:
http://www-user.tu-chemnitz.de/~grmo/ftptls/

Most interesting for the majority of people is probably
http://www-user.tu-chemnitz.de/~grmo/ftptls/port/ftptls-port.tar.gz - to
be untarred in /usr/ports/mystuff (and possibly tested and approved by
some of the ports people, maybe? :) ).

For a more detailed explanation of what I did and how to
patch/build/install, please read ftptls.README. The patched tarball of
ftptls is ftptls-0.0.tar.gz, the patch that applies to -current ftp(1)
is ftptls.patch.gz and last but not least, patch-src_usr_bin_Makefile.gz
is a tiny, boring patch for /usr/src/usr.bin/Makefile for those who want
ftptls in their source tree (put it in /usr/src/usr.bin/ftptls).

The tarball patch-tlsutil.tgz is just there FYI and contains the changes
I made to Peter Runestig's tlsutil.c and .h files (I gave them as much
style(9) as I could and removed the autotools stuff). It contains the
original files and a patch.

Although it is possible to "upgrade" the OpenBSD ftp client with this, I
cannot recommend it, at least not without further changes and lots of
testing. In ftptls, TLS authentication is enabled by default and many
FTP servers have "crappy" (e.g. self-signed) certificates, causing a
warning that requires user interaction. This is quite cumbersome in
combination with the ports tree. (Think vim and two quadrillion separate
downloads for the patches.)

As always, feedback and patches are very appreciated. I already maxed
out my C "skills" with this work, so if you encounter any serious
problems, PLEASE send patches. Thank you. :)


May this be useful for someone besides myself,

Moritz