[vlc-devel] [PATCH] access: ftp: add TLS support (fix #137)
Francois Cartegnie
fcvlcdev at free.fr
Wed Jul 17 14:35:09 CEST 2013
Le 16/07/2013 18:57, Rémi Denis-Courmont a écrit :
> Why would you check for the AUTH TLS feature? If the user requested TLS, then
> TLS has to be used in any case. Checking server features over the unencrypted
> channel would trivially pave the way for a MITM downgrade attack.
Indeed, the fallback wasn't the wanted behavior.
> I doubt that reusing the TLS session is legal in this context. At least, I
> could not find anything to support it in RFC4217.
Well, most FTP servers require it by default.
I've added a missing playlist support and fixed the ftps/es scheme
confusion.
Francois
More information about the vlc-devel
mailing list