diff options
-rw-r--r-- | CHANGES | 11 | ||||
-rw-r--r-- | RELEASE-NOTES | 3 | ||||
-rw-r--r-- | docs/libcurl/curl_easy_setopt.3 | 12 | ||||
-rw-r--r-- | include/curl/curl.h | 21 | ||||
-rw-r--r-- | lib/ftp.c | 21 | ||||
-rw-r--r-- | lib/url.c | 7 | ||||
-rw-r--r-- | lib/urldata.h | 1 |
7 files changed, 73 insertions, 3 deletions
@@ -7,6 +7,15 @@ Changelog Daniel (16 September 2004) +- Daniel at touchtunes uses the FTP+SSL server "BSDFTPD-SSL from + http://bsdftpd-ssl.sc.ru/" which accordingly doesn't properly work with curl + when "AUTH SSL" is issued (although the server responds fine and everything) + but requires that curl issues "AUTH TLS" instead. See + http://curl.haxx.se/feedback/display.cgi?id=10951944937603&support=yes + + Introducing CURLOPT_FTPSSLAUTH that allows the application to select which + of the AUTH strings to attempt first. + - Anonymous filed bug report #1029478 which identified a bug when you 1) used a URL without properly seperating the host name and the parameters with a slash. 2) the URL had parameters to the right of a ? that contains a slash @@ -17,7 +26,7 @@ Daniel (16 September 2004) Test case 187 was added to verify that this was fixed properly. Daniel (11 September 2004) -- Added parsedate.[ch] that contains a rewrite of the date parser currently +- Added parsedate.c that contains a rewrite of the date parser currently provided by getdate.y. The new one is MUCH smaller and will allow us to run away from the yacc/bison jungle. It is also slightly lacking in features compared to the old one, but it supports parsing of all date formats HTTP diff --git a/RELEASE-NOTES b/RELEASE-NOTES index b99a5467b..cc3a7bd10 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -10,6 +10,7 @@ Curl and libcurl 7.12.2 This release includes the following changes: + o added CURLOPT_FTPSSLAUTH o curl_getdate() completely rewritten, which may affect curl -z use cases. This release includes the following bugfixes: @@ -37,6 +38,6 @@ advice from friends like these: Casey O'Donnell, Roland Krikava, Alex, Alexander Krasnostavsky, Kjetil Jacobsen, Ling Thio, Roman Koifman, Harshal Pradhan, Jonas Forsman, David - Tarendash + Tarendash, Daniel at touchtunes Thanks! (and sorry if I forgot to mention someone) diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3 index 23e66d0b8..3e0bfcf13 100644 --- a/docs/libcurl/curl_easy_setopt.3 +++ b/docs/libcurl/curl_easy_setopt.3 @@ -720,6 +720,18 @@ Require SSL for the control connection or fail with \fICURLE_FTP_SSL_FAILED\fP. .IP CURLFTPSSL_ALL Require SSL for all communication or fail with \fICURLE_FTP_SSL_FAILED\fP. .RE +.IP CURLOPT_FTPSSLAUTH +Pass a long using one of the values from below, to alter how libcurl issues +\&"AUTH TLS" or "AUTH SSL" when FTP over SSL is activated (see +\fICURLOPT_FTP_SSL\fP). +.RS +.IP CURLFTPAUTH_DEFAULT +Allow libcurl to decide +.IP CURLFTPAUTH_SSL +Try "AUTH SSL" first, and only if that fails try "AUTH TLS" +.IP CURLFTPAUTH_TLS +Try "AUTH TLS" first, and only if that fails try "AUTH SSL" +.RE .SH PROTOCOL OPTIONS .IP CURLOPT_TRANSFERTEXT A non-zero parameter tells the library to use ASCII mode for ftp transfers, diff --git a/include/curl/curl.h b/include/curl/curl.h index 4da5f1aa1..767a833c8 100644 --- a/include/curl/curl.h +++ b/include/curl/curl.h @@ -303,6 +303,7 @@ typedef enum { #define CURL_ERROR_SIZE 256 +/* parameter for the CURLOPT_FTP_SSL option */ typedef enum { CURLFTPSSL_NONE, /* do not attempt to use SSL */ CURLFTPSSL_TRY, /* try using SSL, proceed anyway otherwise */ @@ -311,6 +312,14 @@ typedef enum { CURLFTPSSL_LAST /* not an option, never use */ } curl_ftpssl; +/* parameter for the CURLOPT_FTPSSLAUTH option */ +typedef enum { + CURLFTPAUTH_DEFAULT, /* let libcurl decide */ + CURLFTPAUTH_SSL, /* use "AUTH SSL" */ + CURLFTPAUTH_TLS, /* use "AUTH TLS" */ + CURLFTPAUTH_LAST /* not an option, never use */ +} curl_ftpauth; + /* long may be 32 or 64 bits, but we should never depend on anything else but 32 */ #define CURLOPTTYPE_LONG 0 @@ -813,6 +822,18 @@ typedef enum { of commands with this */ CINIT(SOURCE_POSTQUOTE, OBJECTPOINT, 128), + /* When FTP over SSL/TLS is selected (with CURLOPT_FTP_SSL), this option + can be used to change libcurl's default action which is to first try + "AUTH SSL" and then "AUTH TLS" in this order, and proceed when a OK + response has been received. + + Available parameters are: + CURLFTPAUTH_DEFAULT - let libcurl decide + CURLFTPAUTH_SSL - try "AUTH SSL" first, then TLS + CURLFTPAUTH_TLS - try "AUTH TLS" first, then SSL + */ + CINIT(FTPSSLAUTH, LONG, 129), + CURLOPT_LASTENTRY /* the last unused */ } CURLoption; @@ -540,8 +540,27 @@ CURLcode Curl_ftp_connect(struct connectdata *conn) if(data->set.ftp_ssl && !conn->ssl[FIRSTSOCKET].use) { /* we don't have a SSL/TLS connection, try a FTPS connection now */ + int start; + int trynext; + int count=0; + + switch(data->set.ftpsslauth) { + case CURLFTPAUTH_DEFAULT: + case CURLFTPAUTH_SSL: + start = 0; + trynext = 1; + break; + case CURLFTPAUTH_TLS: + start = 1; + trynext = 0; + break; + default: + failf(data, "unsupported parameter to CURLOPT_FTPSSLAUTH: %d\n", + data->set.ftpsslauth); + return CURLE_FAILED_INIT; /* we don't know what to do */ + } - for (try = 0; ftpauth[try]; try++) { + for (try = start; ftpauth[count]; try=trynext, count++) { FTPSENDF(conn, "AUTH %s", ftpauth[try]); @@ -1338,6 +1338,13 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...) data->set.ftp_ssl = (curl_ftpssl)va_arg(param, long); break; + case CURLOPT_FTPSSLAUTH: + /* + * Set a specific auth for FTP-SSL transfers. + */ + data->set.ftpsslauth = (curl_ftpauth)va_arg(param, long); + break; + case CURLOPT_IPRESOLVE: data->set.ip_version = va_arg(param, long); break; diff --git a/lib/urldata.h b/lib/urldata.h index e50a589ca..f1de21904 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -920,6 +920,7 @@ struct UserDefined { bool ftp_use_epsv; /* if EPSV is to be attempted or not */ bool ftp_use_eprt; /* if EPRT is to be attempted or not */ curl_ftpssl ftp_ssl; /* if AUTH TLS is to be attempted etc */ + curl_ftpauth ftpsslauth; /* what AUTH XXX to be attempted */ bool no_signal; /* do not use any signal/alarm handler */ bool global_dns_cache; /* subject for future removal */ bool tcp_nodelay; /* whether to enable TCP_NODELAY or not */ |