aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGES5
-rw-r--r--RELEASE-NOTES1
-rw-r--r--lib/ftp.c46
3 files changed, 25 insertions, 27 deletions
diff --git a/CHANGES b/CHANGES
index abf83ca45..dcb8a46c4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,11 @@
Changelog
+Daniel (27 September 2005)
+- TJ Saunders of the proftpd project identified and pointed out problems with
+ the modified FTPS negotiation change of August 19 2005. Thus, we revert the
+ change back to pre-7.14.1 status.
+
Daniel (21 September 2005)
- Fixed "cut off" sentence in the libcurl-tutorial man page:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329305
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index c55bed74b..0db7c9459 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -16,6 +16,7 @@ This release includes the following changes:
This release includes the following bugfixes:
+ o FTPS negotiation timeouts/errors
o SSPI works even for Windows 9x
o crash in --dump-header on FTP
o test 56 runs better
diff --git a/lib/ftp.c b/lib/ftp.c
index 5c797b938..64b903fca 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -174,13 +174,9 @@ static bool isBadFtpString(const char *string)
* to us. This function will sit and wait here until the server has
* connected.
*
- * If FTP-SSL is used and SSL is requested for the data connection, this
- * function will do that transport layer handshake too.
- *
*/
static CURLcode AllowServerConnect(struct connectdata *conn)
{
- CURLcode result;
int timeout_ms;
struct SessionHandle *data = conn->data;
curl_socket_t sock = conn->sock[SECONDARYSOCKET];
@@ -235,17 +231,6 @@ static CURLcode AllowServerConnect(struct connectdata *conn)
break;
}
- /* If PASV is used, this is is made elsewhere */
- if(conn->ssl[SECONDARYSOCKET].use) {
- /* since we only have a plaintext TCP connection here, we must now
- do the TLS stuff */
- infof(data, "Doing the SSL/TLS handshake on the data stream\n");
- /* BLOCKING */
- result = Curl_ssl_connect(conn, SECONDARYSOCKET);
- if(result)
- return result;
- }
-
return CURLE_OK;
}
@@ -2040,6 +2025,16 @@ static CURLcode ftp_state_stor_resp(struct connectdata *conn,
return result;
}
+ if(conn->ssl[SECONDARYSOCKET].use) {
+ /* since we only have a plaintext TCP connection here, we must now
+ do the TLS stuff */
+ infof(data, "Doing the SSL/TLS handshake on the data stream\n");
+ /* BLOCKING */
+ result = Curl_ssl_connect(conn, SECONDARYSOCKET);
+ if(result)
+ return result;
+ }
+
*(ftp->bytecountp)=0;
/* When we know we're uploading a specified file, we can get the file
@@ -2139,6 +2134,15 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn,
return result;
}
+ if(conn->ssl[SECONDARYSOCKET].use) {
+ /* since we only have a plaintext TCP connection here, we must now
+ do the TLS stuff */
+ infof(data, "Doing the SSL/TLS handshake on the data stream\n");
+ result = Curl_ssl_connect(conn, SECONDARYSOCKET);
+ if(result)
+ return result;
+ }
+
if(size > conn->maxdownload && conn->maxdownload > 0)
size = conn->size = conn->maxdownload;
@@ -3100,18 +3104,6 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn)
if(!ftp->no_transfer && !conn->bits.no_body) {
/* a transfer is about to take place */
- if(conn->ssl[SECONDARYSOCKET].use &&
- !data->set.ftp_use_port) {
- /* PASV is used and we just got the data connection connected, then
- it is time to handshake the secure stuff. */
-
- infof(data, "Doing the SSL/TLS handshake on the data stream\n");
- /* BLOCKING */
- result = Curl_ssl_connect(conn, SECONDARYSOCKET);
- if(result)
- return result;
- }
-
if(data->set.upload) {
NBFTPSENDF(conn, "TYPE %c", data->set.ftp_ascii?'A':'I');
state(conn, FTP_STOR_TYPE);