diff options
| -rw-r--r-- | CHANGES | 3 | ||||
| -rw-r--r-- | RELEASE-NOTES | 4 | ||||
| -rw-r--r-- | docs/curl.1 | 13 | ||||
| -rw-r--r-- | src/main.c | 18 |
4 files changed, 30 insertions, 8 deletions
@@ -7,6 +7,9 @@ Changelog Daniel (23 September 2006) +- Mike Protts added --ftp-ssl-control to make curl use FTP-SSL, but only + encrypt the control connection and use the data connection "plain". + - Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 4a5c6c85d..769a20552 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -11,6 +11,7 @@ Curl and libcurl 7.16.0 This release includes the following changes: + o (FTP) --ftp-ssl-control was added o CURLOPT_SSL_SESSIONID_CACHE and --no-sessionid added o CURLMOPT_PIPELINING added for enabling pipelined transfers o multi handles now have a shared connection cache @@ -52,6 +53,7 @@ advice from friends like these: Domenico Andreoli, Armel Asselin, Gisle Vanem, Yang Tse, Andrew Biggs, Peter Sylvester, David McCreedy, Dmitriy Sergeyev, Dmitry Rechkin, - Jari Sundell, Ravi Pratap, Michele Bini, Jeff Pohlmeyer, Michael Wallner + Jari Sundell, Ravi Pratap, Michele Bini, Jeff Pohlmeyer, Michael Wallner, + Mike Protts Thanks! (and sorry if I forgot to mention someone) diff --git a/docs/curl.1 b/docs/curl.1 index 057d265f3..2262e7295 100644 --- a/docs/curl.1 +++ b/docs/curl.1 @@ -412,9 +412,16 @@ This option has no effect if PORT, EPRT or EPSV is used instead of PASV. If this option is used twice, the second will again use the server's suggested address. .IP "--ftp-ssl" -(FTP) Try to use SSL/TLS for the FTP connection. -Reverts to a non-secure connection if the server doesn't support SSL/TLS. -(Added in 7.11.0) +(FTP) Try to use SSL/TLS for the FTP connection. Reverts to a non-secure +connection if the server doesn't support SSL/TLS. See also +\fI--ftp-ssl-control\fP and \fI--ftp-ssl-reqd\fP for different levels of +encryption required. (Added in 7.11.0) + +If this option is used twice, the second will again disable this. +.IP "--ftp-ssl-control" +(FTP) Try SSL/TLS for the ftp login, clear for transfer. Allows secure +authentication, but non-encrypted data transfers for efficiency. Fails the +transfer if the server doesn't support SSL/TLS. (Added in 7.16.0) If this option is used twice, the second will again disable this. .IP "--ftp-ssl-reqd" diff --git a/src/main.c b/src/main.c index fda0f2bb4..2a433cae5 100644 --- a/src/main.c +++ b/src/main.c @@ -339,6 +339,7 @@ struct Configurable { size_t lastrecvsize; bool ftp_ssl; bool ftp_ssl_reqd; + bool ftp_ssl_control; char *socksproxy; /* set to server string */ int socksver; /* set to CURLPROXY_SOCKS* define */ @@ -519,6 +520,7 @@ static void help(void) " --ftp-pasv Use PASV/EPSV instead of PORT (F)", " --ftp-skip-pasv-ip Skip the IP address for PASV (F)\n" " --ftp-ssl Try SSL/TLS for the ftp transfer (F)", + " --ftp-ssl-control Try SSL/TLS for the ftp login, clear for transfer (F)", " --ftp-ssl-reqd Require SSL/TLS for the ftp transfer (F)", " -F/--form <name=content> Specify HTTP multipart POST data (H)", " --form-string <name=string> Specify HTTP multipart POST data (H)", @@ -1351,6 +1353,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */ {"$u", "ftp-alternative-to-user", TRUE}, {"$v", "ftp-ssl-reqd", FALSE}, {"$w", "no-sessionid", FALSE}, + {"$x", "ftp-ssl-control", FALSE}, {"0", "http1.0", FALSE}, {"1", "tlsv1", FALSE}, @@ -1801,6 +1804,9 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */ case 'w': /* --no-sessionid */ config->disable_sessionid ^= TRUE; break; + case 'x': /* --ftp-ssl-control */ + config->ftp_ssl_control ^= TRUE; + break; } break; case '#': /* --progress-bar */ @@ -3991,14 +3997,18 @@ operate(struct Configurable *config, int argc, char *argv[]) else curl_easy_setopt(curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_WHATEVER); - /* new in curl 7.11.0 */ - if(config->ftp_ssl) - curl_easy_setopt(curl, CURLOPT_FTP_SSL, CURLFTPSSL_TRY); - /* new in curl 7.15.5 */ if(config->ftp_ssl_reqd) curl_easy_setopt(curl, CURLOPT_FTP_SSL, CURLFTPSSL_ALL); + /* new in curl 7.11.0 */ + else if(config->ftp_ssl) + curl_easy_setopt(curl, CURLOPT_FTP_SSL, CURLFTPSSL_TRY); + + /* new in curl 7.16.0 */ + else if(config->ftp_ssl_control) + curl_easy_setopt(curl, CURLOPT_FTP_SSL, CURLFTPSSL_CONTROL); + /* new in curl 7.11.1, modified in 7.15.2 */ if(config->socksproxy) { curl_easy_setopt(curl, CURLOPT_PROXY, config->socksproxy); |