diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2005-08-19 14:41:09 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2005-08-19 14:41:09 +0000 |
| commit | 710ee3b0e0858a3ee8283fd1de1bc35f24c2bb5b (patch) | |
| tree | 3ec8318f73231edafa96817e5bfbd745b008bcfa | |
| parent | 7a8993892de12781c5554697696affc85eac174c (diff) | |
| download | gnurl-710ee3b0e0858a3ee8283fd1de1bc35f24c2bb5b.tar.gz gnurl-710ee3b0e0858a3ee8283fd1de1bc35f24c2bb5b.tar.bz2 gnurl-710ee3b0e0858a3ee8283fd1de1bc35f24c2bb5b.zip | |
Norbert Novotny had problems with FTPS and he helped me work out a patch
that made curl run fine in his end. The key was to make sure we do the
SSL/TLS negotiation immediately after the TCP connect is done and not after
a few other commands have been sent like we did previously. I don't consider
this change necessary to obey the standards, I think this server is pickier
than what the specs allow it to be, but I can't see how this modified
libcurl code can add any problems to those who are interpreting the
standards more liberally.
| -rw-r--r-- | CHANGES | 10 | ||||
| -rw-r--r-- | RELEASE-NOTES | 6 | ||||
| -rw-r--r-- | lib/ftp.c | 46 |
3 files changed, 41 insertions, 21 deletions
@@ -7,6 +7,16 @@ Changelog +Daniel (19 August 2005) +- Norbert Novotny had problems with FTPS and he helped me work out a patch + that made curl run fine in his end. The key was to make sure we do the + SSL/TLS negotiation immediately after the TCP connect is done and not after + a few other commands have been sent like we did previously. I don't consider + this change necessary to obey the standards, I think this server is pickier + than what the specs allow it to be, but I can't see how this modified + libcurl code can add any problems to those who are interpreting the + standards more liberally. + Daniel (17 August 2005) - Jeff Pohlmeyer found out that if you ask libcurl to load a cookiefile (with CURLOPT_COOKIEFILE), add a cookie (with CURLOPT_COOKIELIST), tell it to diff --git a/RELEASE-NOTES b/RELEASE-NOTES index adad93014..7ff1fbb58 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -7,10 +7,11 @@ Curl and libcurl 7.14.1 Number of public functions in libcurl: 46 Amount of public web site mirrors: 25 Number of known libcurl bindings: 31 - Number of contributors: 437 + Number of contributors: 447 This release includes the following changes: + o negotiates data connection SSL earlier when doing FTPS with PASV o CURLOPT_COOKIELIST and CURLINFO_COOKIELIST o trailer support for chunked encoded data streams o -x/CURL_PROXY strings may now contain user+password @@ -60,6 +61,7 @@ advice from friends like these: John McGowan, Georg Wicherski, Andres Garcia, Eric Cooper, Todd Kulesza, Tupone Alfredo, Gisle Vanem, David Shaw, Andrew Bushnell, Dan Fandrich, Adrian Schuur, Diego Casorran, Peteris Krumins, Jon Grubbs, Christopher - R. Palmer, Mario Schroeder, Richard Clayton, James Bursa, Jeff Pohlmeyer + R. Palmer, Mario Schroeder, Richard Clayton, James Bursa, Jeff Pohlmeyer, + Norbert Novotny Thanks! (and sorry if I forgot to mention someone) @@ -174,9 +174,13 @@ static bool isBadFtpString(const char *string) * to us. This function will sit and wait here until the server has * connected. * + * If FTP-SSL is used and SSL is requested for the data connection, this + * function will do that transport layer handshake too. + * */ static CURLcode AllowServerConnect(struct connectdata *conn) { + CURLcode result; int timeout_ms; struct SessionHandle *data = conn->data; curl_socket_t sock = conn->sock[SECONDARYSOCKET]; @@ -231,6 +235,17 @@ static CURLcode AllowServerConnect(struct connectdata *conn) break; } + /* If PASV is used, this is is made elsewhere */ + if(conn->ssl[SECONDARYSOCKET].use) { + /* since we only have a plaintext TCP connection here, we must now + do the TLS stuff */ + infof(data, "Doing the SSL/TLS handshake on the data stream\n"); + /* BLOCKING */ + result = Curl_ssl_connect(conn, SECONDARYSOCKET); + if(result) + return result; + } + return CURLE_OK; } @@ -2017,16 +2032,6 @@ static CURLcode ftp_state_stor_resp(struct connectdata *conn, return result; } - if(conn->ssl[SECONDARYSOCKET].use) { - /* since we only have a plaintext TCP connection here, we must now - do the TLS stuff */ - infof(data, "Doing the SSL/TLS handshake on the data stream\n"); - /* BLOCKING */ - result = Curl_ssl_connect(conn, SECONDARYSOCKET); - if(result) - return result; - } - *(ftp->bytecountp)=0; /* When we know we're uploading a specified file, we can get the file @@ -2126,15 +2131,6 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn, return result; } - if(conn->ssl[SECONDARYSOCKET].use) { - /* since we only have a plaintext TCP connection here, we must now - do the TLS stuff */ - infof(data, "Doing the SSL/TLS handshake on the data stream\n"); - result = Curl_ssl_connect(conn, SECONDARYSOCKET); - if(result) - return result; - } - if(size > conn->maxdownload && conn->maxdownload > 0) size = conn->size = conn->maxdownload; @@ -3096,6 +3092,18 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn) if(!ftp->no_transfer && !conn->bits.no_body) { /* a transfer is about to take place */ + if(conn->ssl[SECONDARYSOCKET].use && + !data->set.ftp_use_port) { + /* PASV is used and we just got the data connection connected, then + it is time to handshake the secure stuff. */ + + infof(data, "Doing the SSL/TLS handshake on the data stream\n"); + /* BLOCKING */ + result = Curl_ssl_connect(conn, SECONDARYSOCKET); + if(result) + return result; + } + if(data->set.upload) { NBFTPSENDF(conn, "TYPE %c", data->set.ftp_ascii?'A':'I'); state(conn, FTP_STOR_TYPE); |