From e8442e4ffcecf3e290c7e26c44e4aa313e016f9a Mon Sep 17 00:00:00 2001
From: Jay Satiro <raysatiro@yahoo.com>
Date: Tue, 16 Jul 2019 03:35:54 -0400
Subject: libcurl: Restrict redirect schemes (follow-up)

- Allow FTPS on redirect.

- Update default allowed redirect protocols in documentation.

Follow-up to 6080ea0.

Ref: https://github.com/curl/curl/pull/4094

Closes https://github.com/curl/curl/pull/4115
---
 docs/libcurl/libcurl-security.3 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'docs/libcurl/libcurl-security.3')

diff --git a/docs/libcurl/libcurl-security.3 b/docs/libcurl/libcurl-security.3
index cdb97915c..da45ed7f6 100644
--- a/docs/libcurl/libcurl-security.3
+++ b/docs/libcurl/libcurl-security.3
@@ -97,8 +97,8 @@ Never ever switch off certificate verification.
 The \fICURLOPT_FOLLOWLOCATION(3)\fP option automatically follows HTTP
 redirects sent by a remote server.  These redirects can refer to any kind of
 URL, not just HTTP. libcurl restricts the protocols allowed to be used in
-redirects for security reasons: only HTTP, HTTPS and FTP are enabled by
-default. Applications may opt to restrict thus set further.
+redirects for security reasons: only HTTP, HTTPS, FTP and FTPS are
+enabled by default. Applications may opt to restrict that set further.
 
 A redirect to a file: URL would cause the libcurl to read (or write) arbitrary
 files from the local filesystem.  If the application returns the data back to
-- 
cgit v1.2.3