Add implicit FTPS support

[oleksandr-kuzmenko]

SSL support added.

#37

[codecov]

Codecov Report

Merging #81 into master will increase coverage by <.01%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master      #81      +/-   ##
==========================================
+ Coverage   94.01%   94.02%   +<.01%     
==========================================
  Files           7        7              
  Lines        1688     1690       +2     
==========================================
+ Hits         1587     1589       +2     
  Misses        101      101

Impacted Files	Coverage Δ
aioftp/server.py	97.05% <100%> (ø)	⬆️
aioftp/client.py	92.52% <100%> (+0.01%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 95cd305...267db49. Read the comment docs.

[asvetlov]

Any chance to add a test?

[oleksandr-kuzmenko]

I thought about tests, but I don't know a good way for testing transport without ssl support at the server part. Can you advise me how to implement it?

[pohmelie]

@Alxpy, thanks for pr!

This pr is ¼ of what should be implemented for saying «we support ftps». There is two modes: explicit and implicit. And two sides: client and server. You implement implicit client ftps. Also, I'm sceptical about ftps, since it is pretty rare. But, anyway, I see no reasons to not to merge.

@asvetlov
I'm also want some good tests for this, but as mentioned: without server side implementation tests are not possible in meaning even if they will be implemented they will mock server. I'm not sure that this will be good tests.

@Alxpy, is there a chance you will implement implicit server side mode, so we can write tests and have half ftps support?

I will wait a day before merge. Maybe someone have strong point to reject this pr or @Alxpy take care of implicit server side support.

[asvetlov]

You are right, mocked tests are useless for this case

[oleksandr-kuzmenko]

@pohmelie thanks for the detailed answer!

I will try to implement implicit server side ftps.

[rsichnyi]

lgtm (server side is useless, imo)

[oleksandr-kuzmenko]

Implicit server side FTPS added.

[oleksandr-kuzmenko]

I can't generate certificate which can work with Python 3.7 =(
https://github.com/aio-libs/aioftp/pull/81/files#diff-572606b9b77c96a18b4bf3eefabc6b25R65
https://bugs.python.org/issue34440

[webknjaz]

@Alxpy try generating test certs via trustme

[oleksandr-kuzmenko]

@webknjaz I tried, trustme certs doesn't work without ssl.match_hostname monkey patching even with Py3.6
Or I did something wrong...

But I can use trustme instead of certs files.

FYI @pohmelie

[webknjaz]

Why? Did you set up the hostname correctly?

[webknjaz]

There's no point/value in underscoring bunch of vars.

[oleksandr-kuzmenko]

so how would you like to call a variable?

[webknjaz]

keep it as is, I didn't realize that it's an "extended boolean"

[webknjaz]

Oh, that was not about ssl

[webknjaz]

@Alxpy

ssl_context = ...
...
...
ca = trustme.CA()
ca.issue_server_cert(u'127.0.0.1')
ca.configure_trust(ssl_context)

[oleksandr-kuzmenko]

Yes, I use hostname correctly. And any tests work, but not all.
I got ssl.CertificateError: hostname '::1' doesn't match '127.0.0.1'

[webknjaz]

oh, that's easy

[webknjaz]

@Alxpy

ssl_context = ...
...
...
ca = trustme.CA()
ca.issue_server_cert(u'127.0.0.1', u'::1', u'localhost')  # list all incarnations of localhost
ca.configure_trust(ssl_context)

Ref: https://trustme.readthedocs.io/en/latest/#trustme.CA.issue_server_cert

[oleksandr-kuzmenko]

trustme works fine, thx

[pohmelie]

So... @webknjaz @rsichny @asvetlov you think this pr is ready to merge? lgtm. I'm pretty confused, that implicit ftps was so easy to implement.
Hats off to @Alxpy 🎩

[webknjaz]

Undo underscoring of client var. It's not related, nor needed.

[webknjaz]

@pohmelie FTPS seems to be just plain old FTP on top of TLS, nothing more. So stick SSL between TCP and the app and you're done. Simple and elegant.
SFTP would be a different story, though, as it works on top of SSH.

@Alxpy I insist that wholesale renaming of client to _client in tests is useless and not necessary. It enlarges the diff and brings no value to tests at all.

[pohmelie]

@webknjaz
I thought at first about explicit ftps: go to secure connection on unsecure command. That sounds pretty hard. Since there must be a method to go down to unsecure from secure. Of course, implicit ftps was pretty straight, but I did not mind, that it is so easy to implement.

[oleksandr-kuzmenko]

I insist ...

@webknjaz you can try rename _client to client and understand the reason for this change.

[webknjaz]

@Alxpy so tell me: what is that?

[webknjaz]

Oh, I see. You're messing with scopes...

[pohmelie]

@Alxpy Thank you for great contribution! 🎉