Add CCC command support

[GoogleCodeExporter]

This is explained in RFC-4217 [1], chapter 5.

When a server receives the CCC command, it should behave as follows:

If the server does not accept CCC commands (or does not understand
them), then a 500 reply should be sent.

Otherwise, if the control connection is not protected with TLS,
then a 533 reply should be sent.

Otherwise, if the server does not wish to allow the control
connection to be cleared at this time, then a 534 reply should be
sent.

Otherwise, the server is accepting the CCC command and should do
the following:

  o  Send a 200 reply.

  o  Shutdown the TLS session on the socket and leave it open.

  o  Continue the control connection in plaintext, expecting the
     next command from the client to be in plaintext.

  o  Not accept any more PBSZ or PROT commands.  All subsequent
     data transfers must be protected with the current PROT
     settings.

[1] http://tools.ietf.org/html/rfc4217

Original issue reported on code.google.com by g.rodola on 11 May 2011 at 5:22

[GoogleCodeExporter]

Implemented in r861.

Original comment by g.rodola on 21 May 2011 at 1:53

• Changed state: FixedInSVN

[GoogleCodeExporter]

Original comment by g.rodola on 31 Oct 2011 at 5:11

• Added labels: Milestone-0.6.1

[GoogleCodeExporter]

As per issue 191 I decided to remove CCC command implementation because of the 
crazy complexity amd maintenance burden it reached.
Personal note for the future in case we reconsider this: the whole SSL 
implementation can be rewritten by using SSL memory BIOs.
Follows a private chat I had with pyOpenSSL's author (J.P. Calderone):

dic 05 20:58:36 <giampaolo> I'd need some help with PyOpenSSL BIO. I can't use 
this crap anymore 
http://code.google.com/p/pyftpdlib/source/browse/trunk/pyftpdlib/contrib/handler
s.py#201  It's a buggy piece of code I'm no longer able to maintain. I was 
taking a look at twisted and noticed it has both an old and a new TLS 
implementation. I think I'm looking for implementing the same thing (new one) 
in pyftpdlib.
dic 05 21:00:51 <giampaolo> I'm looking at twisted/protocols/tls.py and trying 
to figure out how to implement the SSL handshake by using the "BIO approach" 
but it's kinda... well twisted =)
dic 05 21:01:06 <exarkun>   Well, that's OpenSSL for you...
dic 05 21:01:32 <giampaolo> can you tell me what I'm supposed to do to do or at 
least point me to some doc which explains how to use SSL BIOs with non blocking 
sockets?
dic 05 21:02:09 <exarkun>   twisted/protocols/tls.py uses _memory_ bios
dic 05 21:02:19 <exarkun>   So you can read it and forget about the socket part
dic 05 21:02:38 <exarkun>   You know how sockets work, and there's no socket 
interaction directly in twisted/protocols/tls.py
dic 05 21:02:58 <exarkun>   in fact, you could just use twisted/protocols/tls.py
dic 05 21:03:33 <exarkun>   it only really depends on having a transport with 
write and loseConnection methods
dic 05 21:08:38 <giampaolo> so I recv() something from the "plain" socket and 
pass it to bio_write()?
dic 05 21:08:54 <exarkun>   Correct
dic 05 21:09:14 <giampaolo> and for send()?
dic 05 21:10:01 <exarkun>   Call bio_read() and send the result over the "plain" 
socket
dic 05 21:14:43 <giampaolo> what about the SSL handshake?
dic 05 21:19:34 <exarkun>   it's not really special
dic 05 21:19:44 <exarkun>   maybe you want to call do_handshake once at the 
beginning
dic 05 21:19:52 <exarkun>   but you don't even /have/ to
dic 05 21:20:39 <giampaolo> but do I need to keep track about whether it took 
place or not?
dic 05 21:21:06 <exarkun>   I don't see why.

Original comment by g.rodola on 7 Dec 2011 at 8:34

• Changed state: Rejected

[GoogleCodeExporter]

CCC-related changes were reverted in r934.

Original comment by g.rodola on 7 Dec 2011 at 8:35