have one backing implementation that returns different values and
types than the other. Handle error setting properly; i.e. bail
out if the internal read returned an error. Now we get a proper
error message when the the server resets our connection instead of
a warning that the right failed with an invalid argument.
The server used for testing was:
http://capeweather.dyndns.org:8080/graphs/3474.png
Which seems to be unreliable :-)
once upon a time doing this was part of the social glue that held the
community together, but that was a long time ago, and now it's just an
information leak.
proposed on tech-userlevel in 2008, then apparently forgotten :-|
need the results, not speculatively, just in case we might.
Allows operation with some broken servers that get confused
by PWD commands in some situations, and saves server round
trips in the (modern) common case of
ftp ftp://path/name
where we never need to know the results from PWD.
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export. The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated. I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.
My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.htmlhttps://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.htmlhttps://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet... That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
> /tmp/bracket/build/2015.12.15.21.01.27-i386/src/usr.bin/ftp/fetch.c: In function 'fetch_url':
> /tmp/bracket/build/2015.12.15.21.01.27-i386/src/usr.bin/ftp/fetch.c:823:18: error: 'HTTPS_URL_T' undeclared (first use in this function)
> urltype == HTTPS_URL_T ? &ssl : NULL);
Implement -x xferbufsize set the socket send and receive buffer size,
as per 'xferbuf' in interactive mode.
Patch from Nicholas Mills (via private mail), with minor adjustment by me.
