aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGES11
-rw-r--r--RELEASE-NOTES3
-rw-r--r--docs/libcurl/curl_easy_setopt.312
-rw-r--r--include/curl/curl.h21
-rw-r--r--lib/ftp.c21
-rw-r--r--lib/url.c7
-rw-r--r--lib/urldata.h1
7 files changed, 73 insertions, 3 deletions
diff --git a/CHANGES b/CHANGES
index 57f2f35f5..714db8417 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,15 @@
Changelog
Daniel (16 September 2004)
+- Daniel at touchtunes uses the FTP+SSL server "BSDFTPD-SSL from
+ http://bsdftpd-ssl.sc.ru/" which accordingly doesn't properly work with curl
+ when "AUTH SSL" is issued (although the server responds fine and everything)
+ but requires that curl issues "AUTH TLS" instead. See
+ http://curl.haxx.se/feedback/display.cgi?id=10951944937603&support=yes
+
+ Introducing CURLOPT_FTPSSLAUTH that allows the application to select which
+ of the AUTH strings to attempt first.
+
- Anonymous filed bug report #1029478 which identified a bug when you 1) used
a URL without properly seperating the host name and the parameters with a
slash. 2) the URL had parameters to the right of a ? that contains a slash
@@ -17,7 +26,7 @@ Daniel (16 September 2004)
Test case 187 was added to verify that this was fixed properly.
Daniel (11 September 2004)
-- Added parsedate.[ch] that contains a rewrite of the date parser currently
+- Added parsedate.c that contains a rewrite of the date parser currently
provided by getdate.y. The new one is MUCH smaller and will allow us to run
away from the yacc/bison jungle. It is also slightly lacking in features
compared to the old one, but it supports parsing of all date formats HTTP
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index b99a5467b..cc3a7bd10 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -10,6 +10,7 @@ Curl and libcurl 7.12.2
This release includes the following changes:
+ o added CURLOPT_FTPSSLAUTH
o curl_getdate() completely rewritten, which may affect curl -z use cases.
This release includes the following bugfixes:
@@ -37,6 +38,6 @@ advice from friends like these:
Casey O'Donnell, Roland Krikava, Alex, Alexander Krasnostavsky, Kjetil
Jacobsen, Ling Thio, Roman Koifman, Harshal Pradhan, Jonas Forsman, David
- Tarendash
+ Tarendash, Daniel at touchtunes
Thanks! (and sorry if I forgot to mention someone)
diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
index 23e66d0b8..3e0bfcf13 100644
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -720,6 +720,18 @@ Require SSL for the control connection or fail with \fICURLE_FTP_SSL_FAILED\fP.
.IP CURLFTPSSL_ALL
Require SSL for all communication or fail with \fICURLE_FTP_SSL_FAILED\fP.
.RE
+.IP CURLOPT_FTPSSLAUTH
+Pass a long using one of the values from below, to alter how libcurl issues
+\&"AUTH TLS" or "AUTH SSL" when FTP over SSL is activated (see
+\fICURLOPT_FTP_SSL\fP).
+.RS
+.IP CURLFTPAUTH_DEFAULT
+Allow libcurl to decide
+.IP CURLFTPAUTH_SSL
+Try "AUTH SSL" first, and only if that fails try "AUTH TLS"
+.IP CURLFTPAUTH_TLS
+Try "AUTH TLS" first, and only if that fails try "AUTH SSL"
+.RE
.SH PROTOCOL OPTIONS
.IP CURLOPT_TRANSFERTEXT
A non-zero parameter tells the library to use ASCII mode for ftp transfers,
diff --git a/include/curl/curl.h b/include/curl/curl.h
index 4da5f1aa1..767a833c8 100644
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -303,6 +303,7 @@ typedef enum {
#define CURL_ERROR_SIZE 256
+/* parameter for the CURLOPT_FTP_SSL option */
typedef enum {
CURLFTPSSL_NONE, /* do not attempt to use SSL */
CURLFTPSSL_TRY, /* try using SSL, proceed anyway otherwise */
@@ -311,6 +312,14 @@ typedef enum {
CURLFTPSSL_LAST /* not an option, never use */
} curl_ftpssl;
+/* parameter for the CURLOPT_FTPSSLAUTH option */
+typedef enum {
+ CURLFTPAUTH_DEFAULT, /* let libcurl decide */
+ CURLFTPAUTH_SSL, /* use "AUTH SSL" */
+ CURLFTPAUTH_TLS, /* use "AUTH TLS" */
+ CURLFTPAUTH_LAST /* not an option, never use */
+} curl_ftpauth;
+
/* long may be 32 or 64 bits, but we should never depend on anything else
but 32 */
#define CURLOPTTYPE_LONG 0
@@ -813,6 +822,18 @@ typedef enum {
of commands with this */
CINIT(SOURCE_POSTQUOTE, OBJECTPOINT, 128),
+ /* When FTP over SSL/TLS is selected (with CURLOPT_FTP_SSL), this option
+ can be used to change libcurl's default action which is to first try
+ "AUTH SSL" and then "AUTH TLS" in this order, and proceed when a OK
+ response has been received.
+
+ Available parameters are:
+ CURLFTPAUTH_DEFAULT - let libcurl decide
+ CURLFTPAUTH_SSL - try "AUTH SSL" first, then TLS
+ CURLFTPAUTH_TLS - try "AUTH TLS" first, then SSL
+ */
+ CINIT(FTPSSLAUTH, LONG, 129),
+
CURLOPT_LASTENTRY /* the last unused */
} CURLoption;
diff --git a/lib/ftp.c b/lib/ftp.c
index 1cea72c7a..710dbf701 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -540,8 +540,27 @@ CURLcode Curl_ftp_connect(struct connectdata *conn)
if(data->set.ftp_ssl && !conn->ssl[FIRSTSOCKET].use) {
/* we don't have a SSL/TLS connection, try a FTPS connection now */
+ int start;
+ int trynext;
+ int count=0;
+
+ switch(data->set.ftpsslauth) {
+ case CURLFTPAUTH_DEFAULT:
+ case CURLFTPAUTH_SSL:
+ start = 0;
+ trynext = 1;
+ break;
+ case CURLFTPAUTH_TLS:
+ start = 1;
+ trynext = 0;
+ break;
+ default:
+ failf(data, "unsupported parameter to CURLOPT_FTPSSLAUTH: %d\n",
+ data->set.ftpsslauth);
+ return CURLE_FAILED_INIT; /* we don't know what to do */
+ }
- for (try = 0; ftpauth[try]; try++) {
+ for (try = start; ftpauth[count]; try=trynext, count++) {
FTPSENDF(conn, "AUTH %s", ftpauth[try]);
diff --git a/lib/url.c b/lib/url.c
index 8bf89cf01..9e915f4fa 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -1338,6 +1338,13 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...)
data->set.ftp_ssl = (curl_ftpssl)va_arg(param, long);
break;
+ case CURLOPT_FTPSSLAUTH:
+ /*
+ * Set a specific auth for FTP-SSL transfers.
+ */
+ data->set.ftpsslauth = (curl_ftpauth)va_arg(param, long);
+ break;
+
case CURLOPT_IPRESOLVE:
data->set.ip_version = va_arg(param, long);
break;
diff --git a/lib/urldata.h b/lib/urldata.h
index e50a589ca..f1de21904 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -920,6 +920,7 @@ struct UserDefined {
bool ftp_use_epsv; /* if EPSV is to be attempted or not */
bool ftp_use_eprt; /* if EPRT is to be attempted or not */
curl_ftpssl ftp_ssl; /* if AUTH TLS is to be attempted etc */
+ curl_ftpauth ftpsslauth; /* what AUTH XXX to be attempted */
bool no_signal; /* do not use any signal/alarm handler */
bool global_dns_cache; /* subject for future removal */
bool tcp_nodelay; /* whether to enable TCP_NODELAY or not */