Dennis Bush

Sean, Encryption is in fact working. There's just no verification of the remote machines' keys happening. The initial ANNOUNCE message from the server includes the server's public signing key, and the CLIENT_KEY response from the client (which requires the -c option on the server) contains the client's public signing key. The -H option on the server can specify the expected key fingerprint for each client, and similarly the -S option on the client can specify the expected key fingerprint for each...

That's tricky, because how file permissions are implemented vary across operating systems. You'd likely have a similar problem if you were to copy a from from Linux to Windows back to Linux for example. Directory transfers are implemented as multiple individual file transfers, so there's no good way to communicate file permissions in a portable way without creating an archive.

Yegor, I don't have plans to add LibreSSL support at this time as I haven't gotten any inquiries about it until now. If demand increases, I may revisit this. Regards, Dennis

Yegor, Changing this code to use the EVP_PKEY function instead of the RSA and EC functions will take some time, and I'm not sure if doing so will break systems still using OpenSSL 1.1. In the meantime, you can add -Wno-deprecated-declarations to the CFLAGS variable in the makefile to silence the warnings. Regards, Dennis

Hi Dave, you can send them to my email.

Yes, this was a bug introduced in the most recent version. There was an update to fix a memory leak, but the fix wasn't applied correctly. I'll send out an updated release soon.

Vit, Thanks for catching this. I've just released version 5.0.2 to address this issue as well as some memory leaks recently uncovered. Regards, Dennis

René, Thanks for catching this. I'll include it in the next release. Regards, Dennis