diff options
author | Daniel Stenberg <daniel@haxx.se> | 2005-08-19 14:41:09 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2005-08-19 14:41:09 +0000 |
commit | 710ee3b0e0858a3ee8283fd1de1bc35f24c2bb5b (patch) | |
tree | 3ec8318f73231edafa96817e5bfbd745b008bcfa /lib | |
parent | 7a8993892de12781c5554697696affc85eac174c (diff) |
Norbert Novotny had problems with FTPS and he helped me work out a patch
that made curl run fine in his end. The key was to make sure we do the
SSL/TLS negotiation immediately after the TCP connect is done and not after
a few other commands have been sent like we did previously. I don't consider
this change necessary to obey the standards, I think this server is pickier
than what the specs allow it to be, but I can't see how this modified
libcurl code can add any problems to those who are interpreting the
standards more liberally.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ftp.c | 46 |
1 files changed, 27 insertions, 19 deletions
@@ -174,9 +174,13 @@ static bool isBadFtpString(const char *string) * to us. This function will sit and wait here until the server has * connected. * + * If FTP-SSL is used and SSL is requested for the data connection, this + * function will do that transport layer handshake too. + * */ static CURLcode AllowServerConnect(struct connectdata *conn) { + CURLcode result; int timeout_ms; struct SessionHandle *data = conn->data; curl_socket_t sock = conn->sock[SECONDARYSOCKET]; @@ -231,6 +235,17 @@ static CURLcode AllowServerConnect(struct connectdata *conn) break; } + /* If PASV is used, this is is made elsewhere */ + if(conn->ssl[SECONDARYSOCKET].use) { + /* since we only have a plaintext TCP connection here, we must now + do the TLS stuff */ + infof(data, "Doing the SSL/TLS handshake on the data stream\n"); + /* BLOCKING */ + result = Curl_ssl_connect(conn, SECONDARYSOCKET); + if(result) + return result; + } + return CURLE_OK; } @@ -2017,16 +2032,6 @@ static CURLcode ftp_state_stor_resp(struct connectdata *conn, return result; } - if(conn->ssl[SECONDARYSOCKET].use) { - /* since we only have a plaintext TCP connection here, we must now - do the TLS stuff */ - infof(data, "Doing the SSL/TLS handshake on the data stream\n"); - /* BLOCKING */ - result = Curl_ssl_connect(conn, SECONDARYSOCKET); - if(result) - return result; - } - *(ftp->bytecountp)=0; /* When we know we're uploading a specified file, we can get the file @@ -2126,15 +2131,6 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn, return result; } - if(conn->ssl[SECONDARYSOCKET].use) { - /* since we only have a plaintext TCP connection here, we must now - do the TLS stuff */ - infof(data, "Doing the SSL/TLS handshake on the data stream\n"); - result = Curl_ssl_connect(conn, SECONDARYSOCKET); - if(result) - return result; - } - if(size > conn->maxdownload && conn->maxdownload > 0) size = conn->size = conn->maxdownload; @@ -3096,6 +3092,18 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn) if(!ftp->no_transfer && !conn->bits.no_body) { /* a transfer is about to take place */ + if(conn->ssl[SECONDARYSOCKET].use && + !data->set.ftp_use_port) { + /* PASV is used and we just got the data connection connected, then + it is time to handshake the secure stuff. */ + + infof(data, "Doing the SSL/TLS handshake on the data stream\n"); + /* BLOCKING */ + result = Curl_ssl_connect(conn, SECONDARYSOCKET); + if(result) + return result; + } + if(data->set.upload) { NBFTPSENDF(conn, "TYPE %c", data->set.ftp_ascii?'A':'I'); state(conn, FTP_STOR_TYPE); |