Hello,
I had a look at http://bugs.php.net/37799 and I would really like to
have a little warning added upon SSL connection failure.
From my understanding, the silent fall back to a normal connection is
made in ftp.c at line 269, which as the bug reporter says, "leads to a
false sense of security".
Anyone ?
Best Regards,
Mehdi Achour
Hello,
Hello,
I had a look at http://bugs.php.net/37799 and I would really like to
have a little warning added upon SSL connection failure.From my understanding, the silent fall back to a normal connection is
made in ftp.c at line 269, which as the bug reporter says, "leads to a
false sense of security".
I would instead make ftp_ssl_connect failing and returns false. I
prefer functions without too much error messages for expected errors
(a network connection can fail, no need to raise a warning here). Then
let the user decides to try again using ftp_connect.
--Pierre
I had a look at http://bugs.php.net/37799 and I would really like to
have a little warning added upon SSL connection failure.From my understanding, the silent fall back to a normal connection is
made in ftp.c at line 269, which as the bug reporter says, "leads to a
false sense of security".I would instead make ftp_ssl_connect failing and returns false. I
prefer functions without too much error messages for expected errors
(a network connection can fail, no need to raise a warning here). Then
let the user decides to try again using ftp_connect.--Pierre
Yes, I have to agree here. I would also prefer returning false on failure
(as other extensions do).
Nuno
P.S.: nice comeback, didou ;)
Hi,
Nuno Lopes wrote:
I had a look at http://bugs.php.net/37799 and I would really like to
have a little warning added upon SSL connection failure.From my understanding, the silent fall back to a normal connection is
made in ftp.c at line 269, which as the bug reporter says, "leads to a
false sense of security".I would instead make ftp_ssl_connect failing and returns false. I
prefer functions without too much error messages for expected errors
(a network connection can fail, no need to raise a warning here). Then
let the user decides to try again using ftp_connect.--Pierre
Yes, I have to agree here. I would also prefer returning false on
failure (as other extensions do).Nuno
Pierre, I completely agree, user should have a real error.
The problem is that ftp_ssl_connect doesn't really do the SSL
connection. The silent switch is made when ftp_login() is called.
If we make anyone fail, it should be ftp_login() and that would make
sense.
Mehdi
Is someone against I applying the following patch:
http://mega.ist.utl.pt/~ncpl/php_ftp_ssl-w.txt (diff -w) in php 5_2/head
branches?
Nuno
----- Original Message -----
Hello,
I had a look at http://bugs.php.net/37799 and I would really like to have
a little warning added upon SSL connection failure.From my understanding, the silent fall back to a normal connection is made
in ftp.c at line 269, which as the bug reporter says, "leads to a false
sense of security".Anyone ?
Best Regards,
Mehdi Achour