aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGES10
-rw-r--r--RELEASE-NOTES6
-rw-r--r--lib/ftp.c46
3 files changed, 41 insertions, 21 deletions
diff --git a/CHANGES b/CHANGES
index cd1a3448e..548fbc6a9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,16 @@
Changelog
+Daniel (19 August 2005)
+- Norbert Novotny had problems with FTPS and he helped me work out a patch
+ that made curl run fine in his end. The key was to make sure we do the
+ SSL/TLS negotiation immediately after the TCP connect is done and not after
+ a few other commands have been sent like we did previously. I don't consider
+ this change necessary to obey the standards, I think this server is pickier
+ than what the specs allow it to be, but I can't see how this modified
+ libcurl code can add any problems to those who are interpreting the
+ standards more liberally.
+
Daniel (17 August 2005)
- Jeff Pohlmeyer found out that if you ask libcurl to load a cookiefile (with
CURLOPT_COOKIEFILE), add a cookie (with CURLOPT_COOKIELIST), tell it to
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index adad93014..7ff1fbb58 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -7,10 +7,11 @@ Curl and libcurl 7.14.1
Number of public functions in libcurl: 46
Amount of public web site mirrors: 25
Number of known libcurl bindings: 31
- Number of contributors: 437
+ Number of contributors: 447
This release includes the following changes:
+ o negotiates data connection SSL earlier when doing FTPS with PASV
o CURLOPT_COOKIELIST and CURLINFO_COOKIELIST
o trailer support for chunked encoded data streams
o -x/CURL_PROXY strings may now contain user+password
@@ -60,6 +61,7 @@ advice from friends like these:
John McGowan, Georg Wicherski, Andres Garcia, Eric Cooper, Todd Kulesza,
Tupone Alfredo, Gisle Vanem, David Shaw, Andrew Bushnell, Dan Fandrich,
Adrian Schuur, Diego Casorran, Peteris Krumins, Jon Grubbs, Christopher
- R. Palmer, Mario Schroeder, Richard Clayton, James Bursa, Jeff Pohlmeyer
+ R. Palmer, Mario Schroeder, Richard Clayton, James Bursa, Jeff Pohlmeyer,
+ Norbert Novotny
Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/ftp.c b/lib/ftp.c
index 6ed0fa79b..bc30e2258 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -174,9 +174,13 @@ static bool isBadFtpString(const char *string)
* to us. This function will sit and wait here until the server has
* connected.
*
+ * If FTP-SSL is used and SSL is requested for the data connection, this
+ * function will do that transport layer handshake too.
+ *
*/
static CURLcode AllowServerConnect(struct connectdata *conn)
{
+ CURLcode result;
int timeout_ms;
struct SessionHandle *data = conn->data;
curl_socket_t sock = conn->sock[SECONDARYSOCKET];
@@ -231,6 +235,17 @@ static CURLcode AllowServerConnect(struct connectdata *conn)
break;
}
+ /* If PASV is used, this is is made elsewhere */
+ if(conn->ssl[SECONDARYSOCKET].use) {
+ /* since we only have a plaintext TCP connection here, we must now
+ do the TLS stuff */
+ infof(data, "Doing the SSL/TLS handshake on the data stream\n");
+ /* BLOCKING */
+ result = Curl_ssl_connect(conn, SECONDARYSOCKET);
+ if(result)
+ return result;
+ }
+
return CURLE_OK;
}
@@ -2017,16 +2032,6 @@ static CURLcode ftp_state_stor_resp(struct connectdata *conn,
return result;
}
- if(conn->ssl[SECONDARYSOCKET].use) {
- /* since we only have a plaintext TCP connection here, we must now
- do the TLS stuff */
- infof(data, "Doing the SSL/TLS handshake on the data stream\n");
- /* BLOCKING */
- result = Curl_ssl_connect(conn, SECONDARYSOCKET);
- if(result)
- return result;
- }
-
*(ftp->bytecountp)=0;
/* When we know we're uploading a specified file, we can get the file
@@ -2126,15 +2131,6 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn,
return result;
}
- if(conn->ssl[SECONDARYSOCKET].use) {
- /* since we only have a plaintext TCP connection here, we must now
- do the TLS stuff */
- infof(data, "Doing the SSL/TLS handshake on the data stream\n");
- result = Curl_ssl_connect(conn, SECONDARYSOCKET);
- if(result)
- return result;
- }
-
if(size > conn->maxdownload && conn->maxdownload > 0)
size = conn->size = conn->maxdownload;
@@ -3096,6 +3092,18 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn)
if(!ftp->no_transfer && !conn->bits.no_body) {
/* a transfer is about to take place */
+ if(conn->ssl[SECONDARYSOCKET].use &&
+ !data->set.ftp_use_port) {
+ /* PASV is used and we just got the data connection connected, then
+ it is time to handshake the secure stuff. */
+
+ infof(data, "Doing the SSL/TLS handshake on the data stream\n");
+ /* BLOCKING */
+ result = Curl_ssl_connect(conn, SECONDARYSOCKET);
+ if(result)
+ return result;
+ }
+
if(data->set.upload) {
NBFTPSENDF(conn, "TYPE %c", data->set.ftp_ascii?'A':'I');
state(conn, FTP_STOR_TYPE);