[vlc-devel] [PATCH] access: ftp: add TLS support (fix #137)

Francois Cartegnie fcvlcdev at free.fr
Wed Jul 17 14:35:09 CEST 2013

Le 16/07/2013 18:57, Rémi Denis-Courmont a écrit :
> Why would you check for the AUTH TLS feature? If the user requested TLS, then 
> TLS has to be used in any case. Checking server features over the unencrypted 
> channel would trivially pave the way for a MITM downgrade attack.

Indeed, the fallback wasn't the wanted behavior.

> I doubt that reusing the TLS session is legal in this context. At least, I 
> could not find anything to support it in RFC4217.

Well, most FTP servers require it by default.

I've added a missing playlist support and fixed the ftps/es scheme


More information about the vlc-devel mailing list