mirror of
https://github.com/moparisthebest/curl
synced 2024-08-13 17:03:50 -04:00
ftp: separate FTPS from FTP over "HTTPS proxy"
When using HTTPS proxy, SSL is used but not in the view of the FTP protocol handler itself so separate the connection's use of SSL from the FTP control connection's sue. Reported-by: Mingtao Yang Fixes #5523 Closes #6006
This commit is contained in:
parent
93653ef9e2
commit
1397a7de6e
14
lib/ftp.c
14
lib/ftp.c
@ -2508,7 +2508,7 @@ static CURLcode ftp_state_loggedin(struct connectdata *conn)
|
|||||||
{
|
{
|
||||||
CURLcode result = CURLE_OK;
|
CURLcode result = CURLE_OK;
|
||||||
|
|
||||||
if(conn->ssl[FIRSTSOCKET].use) {
|
if(conn->bits.ftp_use_control_ssl) {
|
||||||
/* PBSZ = PROTECTION BUFFER SIZE.
|
/* PBSZ = PROTECTION BUFFER SIZE.
|
||||||
|
|
||||||
The 'draft-murray-auth-ftp-ssl' (draft 12, page 7) says:
|
The 'draft-murray-auth-ftp-ssl' (draft 12, page 7) says:
|
||||||
@ -2659,14 +2659,8 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if(data->set.use_ssl &&
|
if(data->set.use_ssl && !conn->bits.ftp_use_control_ssl) {
|
||||||
(!conn->ssl[FIRSTSOCKET].use
|
/* We don't have a SSL/TLS control connection yet, but FTPS is
|
||||||
#ifndef CURL_DISABLE_PROXY
|
|
||||||
|| (conn->bits.proxy_ssl_connected[FIRSTSOCKET] &&
|
|
||||||
!conn->proxy_ssl[FIRSTSOCKET].use)
|
|
||||||
#endif
|
|
||||||
)) {
|
|
||||||
/* We don't have a SSL/TLS connection yet, but FTPS is
|
|
||||||
requested. Try a FTPS connection now */
|
requested. Try a FTPS connection now */
|
||||||
|
|
||||||
ftpc->count3 = 0;
|
ftpc->count3 = 0;
|
||||||
@ -2708,6 +2702,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
|
|||||||
result = Curl_ssl_connect(conn, FIRSTSOCKET);
|
result = Curl_ssl_connect(conn, FIRSTSOCKET);
|
||||||
if(!result) {
|
if(!result) {
|
||||||
conn->bits.ftp_use_data_ssl = FALSE; /* clear-text data */
|
conn->bits.ftp_use_data_ssl = FALSE; /* clear-text data */
|
||||||
|
conn->bits.ftp_use_control_ssl = TRUE; /* SSL on control */
|
||||||
result = ftp_state_user(conn);
|
result = ftp_state_user(conn);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -3110,6 +3105,7 @@ static CURLcode ftp_connect(struct connectdata *conn,
|
|||||||
result = Curl_ssl_connect(conn, FIRSTSOCKET);
|
result = Curl_ssl_connect(conn, FIRSTSOCKET);
|
||||||
if(result)
|
if(result)
|
||||||
return result;
|
return result;
|
||||||
|
conn->bits.ftp_use_control_ssl = TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
Curl_pp_setup(pp); /* once per transfer */
|
Curl_pp_setup(pp); /* once per transfer */
|
||||||
|
@ -469,6 +469,7 @@ struct ConnectBits {
|
|||||||
EPRT doesn't work we disable it for the forthcoming
|
EPRT doesn't work we disable it for the forthcoming
|
||||||
requests */
|
requests */
|
||||||
BIT(ftp_use_data_ssl); /* Enabled SSL for the data connection */
|
BIT(ftp_use_data_ssl); /* Enabled SSL for the data connection */
|
||||||
|
BIT(ftp_use_control_ssl); /* Enabled SSL for the control connection */
|
||||||
#endif
|
#endif
|
||||||
BIT(netrc); /* name+password provided by netrc */
|
BIT(netrc); /* name+password provided by netrc */
|
||||||
BIT(bound); /* set true if bind() has already been done on this socket/
|
BIT(bound); /* set true if bind() has already been done on this socket/
|
||||||
|
@ -74,8 +74,6 @@ Proxy-Connection: Keep-Alive
|
|||||||
<protocol>
|
<protocol>
|
||||||
USER anonymous
|
USER anonymous
|
||||||
PASS ftp@example.com
|
PASS ftp@example.com
|
||||||
PBSZ 0
|
|
||||||
PROT P
|
|
||||||
PWD
|
PWD
|
||||||
EPSV
|
EPSV
|
||||||
TYPE I
|
TYPE I
|
||||||
|
@ -89,8 +89,6 @@ Proxy-Connection: Keep-Alive
|
|||||||
<protocol>
|
<protocol>
|
||||||
USER anonymous
|
USER anonymous
|
||||||
PASS ftp@example.com
|
PASS ftp@example.com
|
||||||
PBSZ 0
|
|
||||||
PROT P
|
|
||||||
PWD
|
PWD
|
||||||
EPSV
|
EPSV
|
||||||
TYPE I
|
TYPE I
|
||||||
|
Loading…
Reference in New Issue
Block a user