Total Commander

ghisler(Author)

Here is some information on how to use the ssl/tls feature. Because of the Swiss crypto export laws, I cannot include the openssl dlls in the install package.

1. Get the compiled OpenSSL package from the LibCurl library:
http://curl.haxx.se/download.html
Please scroll down to the section named "Win32 - Generic"
and download the following package (or a newer one):
Win32 2000/XP 7.19.0 libcurl SSL enabled Günter Knauf 1.54 MB

2. Copy the two dlls libssl32.dll and libeay32.dll from the "bin" subdir of the archive to the Total Commander directory.
3. Now you can make connections with prefix ftps:// and https://

There will appear a red open locker for connections because the root certificates are missing. To get the root certificates of Verisign, Thawte etc, do the following:
1. Start Internet Explorer and open its configuration dialog
2. Go to the page "Content"
3. Click on "Certificates"
4. Go to the last page "Trusted root certificate authorities"
5. Select all certificates
6. Click on"Export"
7. As name, enter: rootcerts
8. Confirm with Next/OK. This creates a file rootcerts.p7b
9. Issue the following two commands to convert to openssl format:

openssl pkcs7 -inform DER -in rootcerts.p7b -print_certs -out unfiltered.pem
openssl x509 -in unfiltered.pem -out rootcert.pem

10. Put the file rootcert.pem in the Total Commander directory
_________________
Author of Total Commander
http://www.ghisler.com

DarkRuleR · Posted: Thu Nov 02, 2006 2:47 am Post subject:

Hi,

First of all thanx for adding ssl/tls support.
What a great new feature!

Is it possible to specify a path where TC searches for the dlls?
Mabe a INI enty?

Greetz,

DR...
_________________
#106383 Windows 8 Pro 64-bit

PuzoM · Junior Member Joined: 20 Apr 2005 Posts: 45

Hi Christian,

So both the OpenSSL package and the DLLs are mandatory for SSL to work?
I mean I want to use Tcmd portable as well so I'd not like to install extra software on systems where I use Tcmd on.
Please confirm that only libeay32.dll, libssl32.dll, rootcert.pem are needed and so I don't need to install OpenSSL on different.

Oh and extra step after you created the rootcerts.p7b:

ghisler(Author) · Posted: Thu Nov 02, 2006 10:00 am Post subject:

Symlink · Junior Member Joined: 21 Jan 2005 Posts: 14 Location: .at

Do I understand it correctly that for now it is not possible to use this feature from within the ftp server connection dialog (ctrl+f) but only with new connection (ctrl+n)?
Thanks!
Regards,
S.

Sir_SiLvA · Power Member Joined: 06 May 2003 Posts: 2602

Symlink: no u can use it inside strg+f if u write ftps insteat of ftp Exclamation

Mikefield · Posted: Thu Nov 02, 2006 3:16 pm Post subject:

Hi, I've made all as described abvove and tried to connect to an ssl server (Red Hat Linux), but it didn't work.

This is shown in the connecting window when I use ftps://10.87.2.150

----------
Connect to: (02.11.2006 14:57:09)
hostname=10.87.2.150
username=dadmin
startdir=

Then comes an error, "Verbindung nicht erfolgreich"

This is shown in the connecting window when I use ftps://10.87.2.150:22,
but ftps:// is not necessary.

----------
Connect to: (02.11.2006 14:57:34)
hostname=10.87.2.150:22
username=dadmin
startdir=
SSH-2.0-OpenSSH_3.4p1

And nothing happens.

Any ideas?

mf

848 · Posted: Thu Nov 02, 2006 4:38 pm Post subject:

Maybe this post can help?

http://www.ghisler.ch/board/viewtopic.php?t=12063

Mikefield · Posted: Fri Nov 03, 2006 12:34 am Post subject:

Hmm, give it differences between ssl/tls and SSH?
Can we have ssh in the final release?

mf

848 · Posted: Fri Nov 03, 2006 2:12 am Post subject:

I strongly agree. This is number one on my wishlist for TC.

ghisler(Author) · Posted: Fri Nov 03, 2006 12:22 pm Post subject:

Unfortunately I cannot support SSH. There are no SSH DLLs, and writing my own is prohibited by the Swiss crypto export laws.
_________________
Author of Total Commander
http://www.ghisler.com

Teal_One · Junior Member Joined: 17 Aug 2004 Posts: 30

Thanks a lot for the SSL/TLS feature. However it doesn't work for me Crying or Very sad

.

ghisler(Author) · Posted: Sun Nov 05, 2006 9:57 am Post subject:

First, try to find out whether it's a server problem, or on your side. Try to connect anonymously to our forum server:
ftps://ghisler.ch/

It doesn't use a signed certificate, but you can verify whether you can connect or not.

If you can, you should see just one directory, incoming. If this works, please contact the owner of your server for help. If it doesn't work, please report what dlls you installed.
_________________
Author of Total Commander
http://www.ghisler.com

oldhouse · Junior Member Joined: 06 Nov 2006 Posts: 3

What can I do if I have to accept certificate from the ftp I connect to? It isn't displayed in locally installed certificate so it doesn't work with certificate.pem procedure.

ghisler(Author) · Posted: Mon Nov 06, 2006 10:28 am Post subject:

2oldhouse
You can add the public key of that certificate to the pem file!
_________________
Author of Total Commander
http://www.ghisler.com