From 710ee3b0e0858a3ee8283fd1de1bc35f24c2bb5b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 19 Aug 2005 14:41:09 +0000 Subject: Norbert Novotny had problems with FTPS and he helped me work out a patch that made curl run fine in his end. The key was to make sure we do the SSL/TLS negotiation immediately after the TCP connect is done and not after a few other commands have been sent like we did previously. I don't consider this change necessary to obey the standards, I think this server is pickier than what the specs allow it to be, but I can't see how this modified libcurl code can add any problems to those who are interpreting the standards more liberally. --- lib/ftp.c | 46 +++++++++++++++++++++++++++------------------- 1 file changed, 27 insertions(+), 19 deletions(-) (limited to 'lib') diff --git a/lib/ftp.c b/lib/ftp.c index 6ed0fa79b..bc30e2258 100644 --- a/lib/ftp.c +++ b/lib/ftp.c @@ -174,9 +174,13 @@ static bool isBadFtpString(const char *string) * to us. This function will sit and wait here until the server has * connected. * + * If FTP-SSL is used and SSL is requested for the data connection, this + * function will do that transport layer handshake too. + * */ static CURLcode AllowServerConnect(struct connectdata *conn) { + CURLcode result; int timeout_ms; struct SessionHandle *data = conn->data; curl_socket_t sock = conn->sock[SECONDARYSOCKET]; @@ -231,6 +235,17 @@ static CURLcode AllowServerConnect(struct connectdata *conn) break; } + /* If PASV is used, this is is made elsewhere */ + if(conn->ssl[SECONDARYSOCKET].use) { + /* since we only have a plaintext TCP connection here, we must now + do the TLS stuff */ + infof(data, "Doing the SSL/TLS handshake on the data stream\n"); + /* BLOCKING */ + result = Curl_ssl_connect(conn, SECONDARYSOCKET); + if(result) + return result; + } + return CURLE_OK; } @@ -2017,16 +2032,6 @@ static CURLcode ftp_state_stor_resp(struct connectdata *conn, return result; } - if(conn->ssl[SECONDARYSOCKET].use) { - /* since we only have a plaintext TCP connection here, we must now - do the TLS stuff */ - infof(data, "Doing the SSL/TLS handshake on the data stream\n"); - /* BLOCKING */ - result = Curl_ssl_connect(conn, SECONDARYSOCKET); - if(result) - return result; - } - *(ftp->bytecountp)=0; /* When we know we're uploading a specified file, we can get the file @@ -2126,15 +2131,6 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn, return result; } - if(conn->ssl[SECONDARYSOCKET].use) { - /* since we only have a plaintext TCP connection here, we must now - do the TLS stuff */ - infof(data, "Doing the SSL/TLS handshake on the data stream\n"); - result = Curl_ssl_connect(conn, SECONDARYSOCKET); - if(result) - return result; - } - if(size > conn->maxdownload && conn->maxdownload > 0) size = conn->size = conn->maxdownload; @@ -3096,6 +3092,18 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn) if(!ftp->no_transfer && !conn->bits.no_body) { /* a transfer is about to take place */ + if(conn->ssl[SECONDARYSOCKET].use && + !data->set.ftp_use_port) { + /* PASV is used and we just got the data connection connected, then + it is time to handshake the secure stuff. */ + + infof(data, "Doing the SSL/TLS handshake on the data stream\n"); + /* BLOCKING */ + result = Curl_ssl_connect(conn, SECONDARYSOCKET); + if(result) + return result; + } + if(data->set.upload) { NBFTPSENDF(conn, "TYPE %c", data->set.ftp_ascii?'A':'I'); state(conn, FTP_STOR_TYPE); -- cgit v1.2.3