From a2902de67c3bf044a19419f8826521a963baaa7f Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 27 Sep 2005 08:46:54 +0000 Subject: TJ Saunders of the proftpd project identified and pointed out problems with the modified FTPS negotiation change of August 19 2005. Thus, we revert the change back to pre-7.14.1 status. --- lib/ftp.c | 46 +++++++++++++++++++--------------------------- 1 file changed, 19 insertions(+), 27 deletions(-) (limited to 'lib/ftp.c') diff --git a/lib/ftp.c b/lib/ftp.c index 5c797b938..64b903fca 100644 --- a/lib/ftp.c +++ b/lib/ftp.c @@ -174,13 +174,9 @@ static bool isBadFtpString(const char *string) * to us. This function will sit and wait here until the server has * connected. * - * If FTP-SSL is used and SSL is requested for the data connection, this - * function will do that transport layer handshake too. - * */ static CURLcode AllowServerConnect(struct connectdata *conn) { - CURLcode result; int timeout_ms; struct SessionHandle *data = conn->data; curl_socket_t sock = conn->sock[SECONDARYSOCKET]; @@ -235,17 +231,6 @@ static CURLcode AllowServerConnect(struct connectdata *conn) break; } - /* If PASV is used, this is is made elsewhere */ - if(conn->ssl[SECONDARYSOCKET].use) { - /* since we only have a plaintext TCP connection here, we must now - do the TLS stuff */ - infof(data, "Doing the SSL/TLS handshake on the data stream\n"); - /* BLOCKING */ - result = Curl_ssl_connect(conn, SECONDARYSOCKET); - if(result) - return result; - } - return CURLE_OK; } @@ -2040,6 +2025,16 @@ static CURLcode ftp_state_stor_resp(struct connectdata *conn, return result; } + if(conn->ssl[SECONDARYSOCKET].use) { + /* since we only have a plaintext TCP connection here, we must now + do the TLS stuff */ + infof(data, "Doing the SSL/TLS handshake on the data stream\n"); + /* BLOCKING */ + result = Curl_ssl_connect(conn, SECONDARYSOCKET); + if(result) + return result; + } + *(ftp->bytecountp)=0; /* When we know we're uploading a specified file, we can get the file @@ -2139,6 +2134,15 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn, return result; } + if(conn->ssl[SECONDARYSOCKET].use) { + /* since we only have a plaintext TCP connection here, we must now + do the TLS stuff */ + infof(data, "Doing the SSL/TLS handshake on the data stream\n"); + result = Curl_ssl_connect(conn, SECONDARYSOCKET); + if(result) + return result; + } + if(size > conn->maxdownload && conn->maxdownload > 0) size = conn->size = conn->maxdownload; @@ -3100,18 +3104,6 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn) if(!ftp->no_transfer && !conn->bits.no_body) { /* a transfer is about to take place */ - if(conn->ssl[SECONDARYSOCKET].use && - !data->set.ftp_use_port) { - /* PASV is used and we just got the data connection connected, then - it is time to handshake the secure stuff. */ - - infof(data, "Doing the SSL/TLS handshake on the data stream\n"); - /* BLOCKING */ - result = Curl_ssl_connect(conn, SECONDARYSOCKET); - if(result) - return result; - } - if(data->set.upload) { NBFTPSENDF(conn, "TYPE %c", data->set.ftp_ascii?'A':'I'); state(conn, FTP_STOR_TYPE); -- cgit v1.2.3