- Ken Hirsch simplified how libcurl does FTPS: now it doesn't assume any

  particular state for the control connection like it did before for implicit
  FTPS (libcurl assumed such control connections to be encrypted while some
  FTPS servers such as FileZilla assumes such connections to be clear
  mode). Use the CURLOPT_USE_SSL option to set your desired level.

4 files changed, 16 insertions, 35 deletions

diff --git a/CHANGES b/CHANGES
index b4d6554d2..38b3e1188 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,13 @@
 
                                   Changelog
 
+Daniel Stenberg (9 Dec 2008)
+- Ken Hirsch simplified how libcurl does FTPS: now it doesn't assume any
+  particular state for the control connection like it did before for implicit
+  FTPS (libcurl assumed such control connections to be encrypted while some
+  FTPS servers such as FileZilla assumes such connections to be clear
+  mode). Use the CURLOPT_USE_SSL option to set your desired level.
+
 Daniel Stenberg (8 Dec 2008)
 - Fred Machado posted about a weird FTP problem on the curl-users list and when
   researching it, it turned out he got a 550 response back from a SIZE command
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index cf34cf41d..5c8af40ed 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -26,6 +26,7 @@ This release includes the following bugfixes:
  o curl_multi_remove_handle() when the handle was in use in a HTTP pipeline
  o GSS authentication infinite loop problem
  o 550 response from SIZE no longer treated as missing file
+ o ftps:// control connections now use explicit protection level
 
 This release includes the following known bugs:
 
@@ -36,6 +37,6 @@ advice from friends like these:
 
  Yang Tse, Daniel Fandrich, Jim Meyering, Christian Krause, Andreas Wurf,
  Markus Koetter, Josef Wolf, Vlad Grachov, Pawel Kierski, Igor Novoseltsev,
- Fred Machado
+ Fred Machado, Ken Hirsch
 
         Thanks! (and sorry if I forgot to mention someone)
diff --git a/TODO-RELEASE b/TODO-RELEASE
index bb5555565..19d5530bb 100644
--- a/TODO-RELEASE
+++ b/TODO-RELEASE
@@ -2,14 +2,15 @@ To be addressed in 7.19.3 (planned release: January 2009)
 =========================
 
 193 - Fix zero-byte file transfers
+      - Nobody has actually started for real on this
 
 196 - #2351653 "crash in ConnectionExists"
+      - Being worked on in the bug tracker
 
 197 - IIS-bug in Digest
 
-198 - implicit SSL with FileZilla server
-
 199 - "Bug 2351645" adjustment of the patch Daniel S applied
+      - Suggested fix posted to list
 
 200 - "afert redirect, the content length is not reset" by Shunlong Bai
 
diff --git a/lib/ftp.c b/lib/ftp.c
index 209faf7d7..7f17cc111 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -150,9 +150,6 @@ static int ftp_getsock(struct connectdata *conn,
 static CURLcode ftp_doing(struct connectdata *conn,
                                bool *dophase_done);
 static CURLcode ftp_setup_connection(struct connectdata * conn);
-#ifdef USE_SSL
-static CURLcode ftps_setup_connection(struct connectdata * conn);
-#endif
 
 /* easy-to-use macro: */
 #define FTPSENDF(x,y,z)    if((result = Curl_ftpsendf(x,y,z)) != CURLE_OK) \
@@ -189,7 +186,7 @@ const struct Curl_handler Curl_handler_ftp = {
 
 const struct Curl_handler Curl_handler_ftps = {
   "FTPS",                               /* scheme */
-  ftps_setup_connection,           /* setup_connection */
+  ftp_setup_connection,            /* setup_connection */
   ftp_do,                          /* do_it */
   ftp_done,                        /* done */
   ftp_nextconnect,                 /* do_more */
@@ -2683,24 +2680,9 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
       break;
 
     case FTP_PBSZ:
-      /* FIX: check response code */
-
-      /* For TLS, the data connection can have one of two security levels.
-
-      1) Clear (requested by 'PROT C')
-
-      2)Private (requested by 'PROT P')
-      */
-      if(!conn->ssl[SECONDARYSOCKET].use) {
-        NBFTPSENDF(conn, "PROT %c",
-                   data->set.ftp_ssl == CURLUSESSL_CONTROL ? 'C' : 'P');
-        state(conn, FTP_PROT);
-      }
-      else {
-        result = ftp_state_pwd(conn);
-        if(result)
-          return result;
-      }
+      NBFTPSENDF(conn, "PROT %c",
+                 data->set.ftp_ssl == CURLUSESSL_CONTROL ? 'C' : 'P');
+      state(conn, FTP_PROT);
 
       break;
 
@@ -4179,14 +4161,4 @@ static CURLcode ftp_setup_connection(struct connectdata * conn)
   return CURLE_OK;
 }
 
-#ifdef USE_SSL
-static CURLcode ftps_setup_connection(struct connectdata * conn)
-{
-  struct SessionHandle *data = conn->data;
-
-  conn->ssl[SECONDARYSOCKET].use = data->set.ftp_ssl != CURLUSESSL_CONTROL;
-  return ftp_setup_connection(conn);
-}
-#endif
-
 #endif /* CURL_DISABLE_FTP */