ftp: make TLS config default to global TLS config - Fixes #6671

This allows --ca-cert, --client-cert, --no-check-certificate etc to be used. This also allows `override.ca_cert = XXX` to be used in the config file.
2025-12-11 22:14:05 +01:00 · 2025-08-19 17:25:07 +01:00
parent d3a0805a2b
commit e7a2b322ec
2 changed files with 39 additions and 3 deletions
--- a/docs/content/ftp.md
+++ b/docs/content/ftp.md
@@ -134,6 +134,35 @@ be enabled in the FTP backend config for the remote, or with
 [`--ftp-tls`](#ftp-tls). The default FTPS port is `990`, not `21` and
 can be set with [`--ftp-port`](#ftp-port).

+## TLS Options
+
+TLS options for Implicit and Explicit TLS can be set using the
+following flags which are specific to the FTP backend:
+
+```
+--ftp-no-check-certificate     Do not verify the TLS certificate of the server
+--ftp-disable-tls13            Disable TLS 1.3 (workaround for FTP servers with buggy TLS)
+--ftp-tls-cache-size int       Size of TLS session cache for all control and data connections (default 32)
+```
+
+However any of the global TLS flags can also be used such as:
+
+```
+--ca-cert stringArray          CA certificate used to verify servers
+--client-cert string           Client SSL certificate (PEM) for mutual TLS auth
+--client-key string            Client SSL private key (PEM) for mutual TLS auth
+--no-check-certificate         Do not verify the server SSL certificate (insecure)
+```
+
+If these need to be put in the config file so they apply to just the
+FTP backend then use the `override` syntax, eg
+
+```
+override.ca_cert = XXX
+override.client_cert = XXX
+override.client_key = XXX
+```
+
 ### Restricted filename characters

 In addition to the [default restricted characters set](/overview/#restricted-characters)