Persist custom ssl (#49)

* Update the example to be consistent with the API

* Simplified the README example, relying on the convention that using unwrap in examples is acceptable

* Fixed the rest of the API references

* Fixed syntax error

* Tested program in a working environment and fixed last syntax errors

* Fixed indentation

* Fixed indentation

* Add a secure_with_ssl method to FtpStream so that users can supply their own SSL configuration

* Add a field to FtpStream when compiling with the secure feature that will contain ssl configuration information to be used in data_command

* Fixed compilation errors

* Make the openssl requirement mandatory. It's not worth it to fragment the codebase and have multiple copies of definitions of things to work around a feature flag when the tradeoff is having a lot more usable SSL

* Since the secure() and insecure() methods actually have type signatures very similar to the into() method (https://doc.rust-lang.org/std/convert/trait.Into.html#tymethod.into), I changed their names to into_secure and into_insecure to be a little clearer about how they work

* Create a new FtpsStream<T> type and revert back to the old FtpStream type for other cases. The new type allows us to retain (and require) information about an Ssl configuration only when the user wants to supply one. Need a way to avoid so much code duplication though

* Let use of OpenSsl and indeed the entire FtpsStream type be optional under the secure feature flag again

* Move back to a single-type model with an SSL field that is only present when the secure feature flag is used

Author: zsck

src/data_stream.rs

@@ -12,7 +12,6 @@ pub enum DataStream {
     Ssl(SslStream<TcpStream>),
 }
 
-
 #[cfg(feature = "secure")]
 impl DataStream {
     /// Unwrap the stream into TcpStream. This method is only used in secure connection.

src/ftp.rs

@@ -1,4 +1,6 @@
 use std::io::{Read, BufRead, BufReader, BufWriter, Cursor, Write, copy};
+#[cfg(feature = "secure")]
+use std::error::Error;
 use std::net::{TcpStream, SocketAddr};
 use std::string::String;
 use std::str::FromStr;
@@ -7,7 +9,7 @@ use regex::Regex;
 use chrono::{DateTime, UTC};
 use chrono::offset::TimeZone;
 #[cfg(feature = "secure")]
-use openssl::ssl::{Ssl, SslContext, SslMethod, SslStream, IntoSsl};
+use openssl::ssl::{Ssl, SslStream, IntoSsl};
 use super::data_stream::DataStream;
 use super::status;
 use super::types::{FileType, FtpError, Line, Result};
@@ -24,61 +26,44 @@ lazy_static! {
     static ref SIZE_RE: Regex = Regex::new(r"\s+(\d+)\s*$").unwrap();
 }
 
-#[cfg(feature = "secure")]
-lazy_static! {
-    // Shared SSL context
-    static ref SSL_CONTEXT: SslContext = match SslContext::new(SslMethod::Sslv23) {
-        Ok(ctx) => ctx,
-        Err(e) => panic!("{}", e)
-    };
-}
-
 /// Stream to interface with the FTP server. This interface is only for the command stream.
 #[derive(Debug)]
 pub struct FtpStream {
     reader: BufReader<DataStream>,
+    #[cfg(feature = "secure")]
+    ssl_cfg: Option<Ssl>,
 }
 
 impl FtpStream {
     /// Creates an FTP Stream.
+    #[cfg(not(feature = "secure"))]
     pub fn connect<A: ToSocketAddrs>(addr: A) -> Result<FtpStream> {
         TcpStream::connect(addr)
             .map_err(|e| FtpError::ConnectionError(e))
             .and_then(|stream| {
                 let mut ftp_stream = FtpStream {
-                    reader: BufReader::new(DataStream::Tcp(stream))
+                    reader: BufReader::new(DataStream::Tcp(stream)),
                 };
                 ftp_stream.read_response(status::READY)
                     .map(|_| ftp_stream)
             })
     }
-
-    /// Switch to secure mode if possible. If the connection is already
-    /// secure does nothing.
-    ///
-    /// ## Panics
-    ///
-    /// Panics if the plain TCP connection cannot be switched to TLS mode.
-    ///
-    /// ## Example
-    ///
-    /// ```
-    /// use ftp::FtpStream;
-    /// let mut ftp_stream = FtpStream::connect("127.0.0.1:21").unwrap();
-    /// // Switch to the secure mode
-    /// let mut ftp_stream = ftp_stream.secure().unwrap();
-    /// // Do all secret things
-    /// let _ = ftp_stream.quit();
-    /// ```
-    ///
+    
+    /// Creates an FTP Stream.
     #[cfg(feature = "secure")]
-    pub fn secure(mut self) -> Result<FtpStream> {
-        // Initialize SSL with a default context and make secure the stream.
-        Ssl::new(&SSL_CONTEXT)
-            .map_err(|e| FtpError::SecureError(e.description().to_owned()))
-            .and_then(|ssl| self.secure_with_ssl(ssl))
+    pub fn connect<A: ToSocketAddrs>(addr: A) -> Result<FtpStream> {
+        TcpStream::connect(addr)
+            .map_err(|e| FtpError::ConnectionError(e))
+            .and_then(|stream| {
+                let mut ftp_stream = FtpStream {
+                    reader: BufReader::new(DataStream::Tcp(stream)),
+                    ssl_cfg: None,
+                };
+                ftp_stream.read_response(status::READY)
+                    .map(|_| ftp_stream)
+            })
     }
-   
+    
     /// Switch to a secure mode if possible, using a provided SSL configuration.
     /// This method does nothing if the connect is already secured.
     ///
@@ -96,22 +81,20 @@ impl FtpStream {
     /// let mut ctx = SslContext::new(SslMethod::Sslv23).unwrap();
     /// let _ = ctx.set_CA_file("/path/to/a/cert.pem").unwrap();
     /// let mut ftp_stream = FtpStream::connect("127.0.0.1:21").unwrap();
-    /// let mut ftp_stream = ftp_stream.secure_with_ssl(ctx).unwrap();
+    /// let mut ftp_stream = ftp_stream.into_secure(ctx).unwrap();
     /// ```
     #[cfg(feature = "secure")]
-    pub fn secure_with_ssl<S: IntoSsl>(mut self, ssl: S) -> Result<FtpStream> {
-        // Do nothing if the connection is already secured.
-        if self.reader.get_ref().is_ssl() {
-            return Ok(self);
-        }
+    pub fn into_secure<T: IntoSsl + Clone>(mut self, ssl: T) -> Result<FtpStream> {
         // Ask the server to start securing data.
         let auth_command = String::from("AUTH TLS\r\n");
         try!(self.write_str(&auth_command));
         try!(self.read_response(status::AUTH_OK));
+        let ssl_copy = try!(ssl.clone().into_ssl().map_err(|e| FtpError::SecureError(e.description().to_owned())));
         let stream = try!(SslStream::connect(ssl, self.reader.into_inner().into_tcp_stream())
                           .map_err(|e| FtpError::SecureError(e.description().to_owned())));
         let mut secured_ftp_tream = FtpStream {
             reader: BufReader::new(DataStream::Ssl(stream)),
+            ssl_cfg: Some(ssl_copy)
         };
         // Set protection buffer size
         let pbsz_command = format!("PBSZ 0\r\n");
@@ -123,7 +106,7 @@ impl FtpStream {
         try!(secured_ftp_tream.read_response(status::COMMAND_OK));
         Ok(secured_ftp_tream)
     }
-
+    
     /// Switch to insecure mode. If the connection is already
     /// insecure does nothing.
     ///
@@ -140,21 +123,46 @@ impl FtpStream {
     /// // Do all public things
     /// let _ = ftp_stream.quit();
     /// ```
-    ///
     #[cfg(feature = "secure")]
-    pub fn insecure(mut self) -> Result<FtpStream> {
-        if !self.reader.get_ref().is_ssl() {
-            return Ok(self);
-        }
+    pub fn into_insecure(mut self) -> Result<FtpStream> {
         // Ask the server to stop securing data
         let ccc_command = String::from("CCC\r\n");
         try!(self.write_str(&ccc_command));
         try!(self.read_response(status::COMMAND_OK));
         let plain_ftp_stream = FtpStream {
             reader: BufReader::new(DataStream::Tcp(self.reader.into_inner().into_tcp_stream())),
+            ssl_cfg: None,
         };
         Ok(plain_ftp_stream)
     }
+    
+    /// Execute command which send data back in a separate stream
+    #[cfg(not(feature = "secure"))]
+    fn data_command(&mut self, cmd: &str) -> Result<DataStream> {
+        self.pasv()
+            .and_then(|addr| self.write_str(cmd).map(|_| addr))
+            .and_then(|addr| TcpStream::connect(addr)
+                      .map_err(|e| FtpError::ConnectionError(e)))
+            .map(|stream| DataStream::Tcp(stream))
+    }
+
+    /// Execute command which send data back in a separate stream
+    #[cfg(feature = "secure")]
+    fn data_command(&mut self, cmd: &str) -> Result<DataStream> {
+        self.pasv()
+            .and_then(|addr| self.write_str(cmd).map(|_| addr))
+            .and_then(|addr| TcpStream::connect(addr).map_err(|e| FtpError::ConnectionError(e)))
+            .and_then(|stream| {
+                match self.ssl_cfg {
+                    Some(ref ssl) => {
+                        SslStream::connect(ssl.clone(), stream)
+                            .map(|stream| DataStream::Ssl(stream))
+                            .map_err(|e| FtpError::SecureError(e.description().to_owned()))
+                    },
+                    None => Ok(DataStream::Tcp(stream))
+                }
+            })
+    }
 
     /// Log in to the FTP server.
     pub fn login(&mut self, user: &str, password: &str) -> Result<()> {
@@ -242,33 +250,6 @@ impl FtpStream {
             })
     }
 
-    // Execute command which send data back in a separate stream
-    #[cfg(not(feature = "secure"))]
-    fn data_command(&mut self, cmd: &str) -> Result<DataStream> {
-        self.pasv()
-            .and_then(|addr| self.write_str(cmd).map(|_| addr))
-            .and_then(|addr| TcpStream::connect(addr)
-                      .map_err(|e| FtpError::ConnectionError(e)))
-            .map(|stream| DataStream::Tcp(stream))
-    }
-
-    #[cfg(feature = "secure")]
-    fn data_command(&mut self, cmd: &str) -> Result<DataStream> {
-        self.pasv()
-            .and_then(|addr| self.write_str(cmd).map(|_| addr))
-            .and_then(|addr| TcpStream::connect(addr))
-            .and_then(|stream| {
-                if self.reader.get_ref().is_ssl() {
-                    Ssl::new(&SSL_CONTEXT)
-                        .and_then(|ssl| SslStream::connect(ssl, stream))
-                        .map(|stream| DataStream::Ssl(stream))
-                        .map_err(|e| FtpError::SecureError(e.description().to_owned()))
-                } else {
-                    Ok(DataStream::Tcp(stream))
-                }
-            })
-    }
-
     /// Sets the type of file to be transferred. That is the implementation
     /// of `TYPE` command.
     pub fn transfer_type(&mut self, file_type: FileType) -> Result<()> {

src/types.rs

@@ -1,7 +1,5 @@
 //! The set of valid values for FTP commands
 
-#[cfg(feature = "secure")]
-use openssl::ssl;
 use std::convert::From;
 use std::error::Error;
 use std::fmt;