aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/ftp.c108
1 files changed, 59 insertions, 49 deletions
diff --git a/lib/ftp.c b/lib/ftp.c
index d0c6255a8..b0bc61800 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -174,6 +174,7 @@ static CURLcode AllowServerConnect(struct connectdata *conn)
}
break;
}
+
return CURLE_OK;
}
@@ -504,47 +505,6 @@ CURLcode Curl_ftp_connect(struct connectdata *conn)
conn->ssl[SECONDARYSOCKET].use = FALSE; /* clear-text data */
}
}
- if(conn->ssl[FIRSTSOCKET].use) {
- /* PBSZ = PROTECTION BUFFER SIZE.
-
- The 'draft-murray-auth-ftp-ssl' (draft 12, page 7) says:
-
- Specifically, the PROT command MUST be preceded by a PBSZ command
- and a PBSZ command MUST be preceded by a successful security data
- exchange (the TLS negotiation in this case)
-
- ... (and on page 8):
-
- Thus the PBSZ command must still be issued, but must have a parameter
- of '0' to indicate that no buffering is taking place and the data
- connection should not be encapsulated.
- */
- FTPSENDF(conn, "PBSZ %d", 0);
- result = Curl_GetFTPResponse(&nread, conn, &ftpcode);
- if(result)
- return result;
-
- /* For TLS, the data connection can have one of two security levels.
-
- 1)Clear (requested by 'PROT C')
-
- 2)Private (requested by 'PROT P')
- */
- if(!conn->ssl[SECONDARYSOCKET].use) {
- FTPSENDF(conn, "PROT %c", 'P');
- result = Curl_GetFTPResponse(&nread, conn, &ftpcode);
- if(result)
- return result;
-
- if(ftpcode == 200)
- /* We have enabled SSL for the data connection! */
- conn->ssl[SECONDARYSOCKET].use = TRUE;
-
- /* FTP servers typically responds with 500 if they decide to reject
- our 'P' request */
- }
- }
-
/* send USER */
FTPSENDF(conn, "USER %s", ftp->user?ftp->user:"");
@@ -611,6 +571,47 @@ CURLcode Curl_ftp_connect(struct connectdata *conn)
return CURLE_FTP_WEIRD_USER_REPLY;
}
+ if(conn->ssl[FIRSTSOCKET].use) {
+ /* PBSZ = PROTECTION BUFFER SIZE.
+
+ The 'draft-murray-auth-ftp-ssl' (draft 12, page 7) says:
+
+ Specifically, the PROT command MUST be preceded by a PBSZ command
+ and a PBSZ command MUST be preceded by a successful security data
+ exchange (the TLS negotiation in this case)
+
+ ... (and on page 8):
+
+ Thus the PBSZ command must still be issued, but must have a parameter
+ of '0' to indicate that no buffering is taking place and the data
+ connection should not be encapsulated.
+ */
+ FTPSENDF(conn, "PBSZ %d", 0);
+ result = Curl_GetFTPResponse(&nread, conn, &ftpcode);
+ if(result)
+ return result;
+
+ /* For TLS, the data connection can have one of two security levels.
+
+ 1)Clear (requested by 'PROT C')
+
+ 2)Private (requested by 'PROT P')
+ */
+ if(!conn->ssl[SECONDARYSOCKET].use) {
+ FTPSENDF(conn, "PROT %c", 'P');
+ result = Curl_GetFTPResponse(&nread, conn, &ftpcode);
+ if(result)
+ return result;
+
+ if(ftpcode == 200)
+ /* We have enabled SSL for the data connection! */
+ conn->ssl[SECONDARYSOCKET].use = TRUE;
+
+ /* FTP servers typically responds with 500 if they decide to reject
+ our 'P' request */
+ }
+ }
+
/* send PWD to discover our entry point */
FTPSENDF(conn, "PWD", NULL);
@@ -1611,7 +1612,7 @@ CURLcode ftp_use_pasv(struct connectdata *conn,
/* this just dumps information about this second connection */
ftp_pasv_verbose(conn, conninfo, newhostp, connectport);
- if (data->set.tunnel_thru_httpproxy) {
+ if(data->set.tunnel_thru_httpproxy) {
/* We want "seamless" FTP operations through HTTP proxy tunnel */
result = Curl_ConnectHTTPProxyTunnel(conn, SECONDARYSOCKET,
newhostp, newport);
@@ -1755,6 +1756,15 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn)
return result;
}
+ if(conn->ssl[SECONDARYSOCKET].use) {
+ /* since we only have a plaintext TCP connection here, we must now
+ do the TLS stuff */
+ infof(data, "Doing the SSL/TSL handshake on the data stream\n");
+ result = Curl_SSLConnect(conn, SECONDARYSOCKET);
+ if(result)
+ return result;
+ }
+
*bytecountp=0;
/* When we know we're uploading a specified file, we can get the file
@@ -2011,15 +2021,15 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn)
return result;
}
-#if 1
if(conn->ssl[SECONDARYSOCKET].use) {
- /* since we only have a TCP connection, we must now do the TLS stuff */
- infof(data, "Doing the SSL/TSL handshake on the data stream\n");
- result = Curl_SSLConnect(conn, SECONDARYSOCKET);
- if(result)
- return result;
+ /* since we only have a plaintext TCP connection here, we must now
+ do the TLS stuff */
+ infof(data, "Doing the SSL/TSL handshake on the data stream\n");
+ result = Curl_SSLConnect(conn, SECONDARYSOCKET);
+ if(result)
+ return result;
}
-#endif
+
infof(data, "Getting file with size: %d\n", size);
/* FTP download: */