mirror of https://github.com/moparisthebest/curl
Norbert Novotny had problems with FTPS and he helped me work out a patch
that made curl run fine in his end. The key was to make sure we do the SSL/TLS negotiation immediately after the TCP connect is done and not after a few other commands have been sent like we did previously. I don't consider this change necessary to obey the standards, I think this server is pickier than what the specs allow it to be, but I can't see how this modified libcurl code can add any problems to those who are interpreting the standards more liberally.
This commit is contained in:
Daniel Stenberg
parent
7a8993892d
commit
710ee3b0e0
10
CHANGES
10
CHANGES
|
|
@ -7,6 +7,16 @@
|
|||
Changelog
|
||||
|
||||
|
||||
Daniel (19 August 2005)
|
||||
- Norbert Novotny had problems with FTPS and he helped me work out a patch
|
||||
that made curl run fine in his end. The key was to make sure we do the
|
||||
SSL/TLS negotiation immediately after the TCP connect is done and not after
|
||||
a few other commands have been sent like we did previously. I don't consider
|
||||
this change necessary to obey the standards, I think this server is pickier
|
||||
than what the specs allow it to be, but I can't see how this modified
|
||||
libcurl code can add any problems to those who are interpreting the
|
||||
standards more liberally.
|
||||
|
||||
Daniel (17 August 2005)
|
||||
- Jeff Pohlmeyer found out that if you ask libcurl to load a cookiefile (with
|
||||
CURLOPT_COOKIEFILE), add a cookie (with CURLOPT_COOKIELIST), tell it to
|
||||
|
|
|
|||
|
|
@ -7,10 +7,11 @@ Curl and libcurl 7.14.1
|
|||
Number of public functions in libcurl: 46
|
||||
Amount of public web site mirrors: 25
|
||||
Number of known libcurl bindings: 31
|
||||
Number of contributors: 437
|
||||
Number of contributors: 447
|
||||
|
||||
This release includes the following changes:
|
||||
|
||||
o negotiates data connection SSL earlier when doing FTPS with PASV
|
||||
o CURLOPT_COOKIELIST and CURLINFO_COOKIELIST
|
||||
o trailer support for chunked encoded data streams
|
||||
o -x/CURL_PROXY strings may now contain user+password
|
||||
|
|
@ -60,6 +61,7 @@ advice from friends like these:
|
|||
John McGowan, Georg Wicherski, Andres Garcia, Eric Cooper, Todd Kulesza,
|
||||
Tupone Alfredo, Gisle Vanem, David Shaw, Andrew Bushnell, Dan Fandrich,
|
||||
Adrian Schuur, Diego Casorran, Peteris Krumins, Jon Grubbs, Christopher
|
||||
R. Palmer, Mario Schroeder, Richard Clayton, James Bursa, Jeff Pohlmeyer
|
||||
R. Palmer, Mario Schroeder, Richard Clayton, James Bursa, Jeff Pohlmeyer,
|
||||
Norbert Novotny
|
||||
|
||||
Thanks! (and sorry if I forgot to mention someone)
|
||||
|
|
|
|||
46
lib/ftp.c
46
lib/ftp.c
|
|
@ -174,9 +174,13 @@ static bool isBadFtpString(const char *string)
|
|||
* to us. This function will sit and wait here until the server has
|
||||
* connected.
|
||||
*
|
||||
* If FTP-SSL is used and SSL is requested for the data connection, this
|
||||
* function will do that transport layer handshake too.
|
||||
*
|
||||
*/
|
||||
static CURLcode AllowServerConnect(struct connectdata *conn)
|
||||
{
|
||||
CURLcode result;
|
||||
int timeout_ms;
|
||||
struct SessionHandle *data = conn->data;
|
||||
curl_socket_t sock = conn->sock[SECONDARYSOCKET];
|
||||
|
|
@ -231,6 +235,17 @@ static CURLcode AllowServerConnect(struct connectdata *conn)
|
|||
break;
|
||||
}
|
||||
|
||||
/* If PASV is used, this is is made elsewhere */
|
||||
if(conn->ssl[SECONDARYSOCKET].use) {
|
||||
/* since we only have a plaintext TCP connection here, we must now
|
||||
do the TLS stuff */
|
||||
infof(data, "Doing the SSL/TLS handshake on the data stream\n");
|
||||
/* BLOCKING */
|
||||
result = Curl_ssl_connect(conn, SECONDARYSOCKET);
|
||||
if(result)
|
||||
return result;
|
||||
}
|
||||
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
||||
|
|
@ -2017,16 +2032,6 @@ static CURLcode ftp_state_stor_resp(struct connectdata *conn,
|
|||
return result;
|
||||
}
|
||||
|
||||
if(conn->ssl[SECONDARYSOCKET].use) {
|
||||
/* since we only have a plaintext TCP connection here, we must now
|
||||
do the TLS stuff */
|
||||
infof(data, "Doing the SSL/TLS handshake on the data stream\n");
|
||||
/* BLOCKING */
|
||||
result = Curl_ssl_connect(conn, SECONDARYSOCKET);
|
||||
if(result)
|
||||
return result;
|
||||
}
|
||||
|
||||
*(ftp->bytecountp)=0;
|
||||
|
||||
/* When we know we're uploading a specified file, we can get the file
|
||||
|
|
@ -2126,15 +2131,6 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn,
|
|||
return result;
|
||||
}
|
||||
|
||||
if(conn->ssl[SECONDARYSOCKET].use) {
|
||||
/* since we only have a plaintext TCP connection here, we must now
|
||||
do the TLS stuff */
|
||||
infof(data, "Doing the SSL/TLS handshake on the data stream\n");
|
||||
result = Curl_ssl_connect(conn, SECONDARYSOCKET);
|
||||
if(result)
|
||||
return result;
|
||||
}
|
||||
|
||||
if(size > conn->maxdownload && conn->maxdownload > 0)
|
||||
size = conn->size = conn->maxdownload;
|
||||
|
||||
|
|
@ -3096,6 +3092,18 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn)
|
|||
if(!ftp->no_transfer && !conn->bits.no_body) {
|
||||
/* a transfer is about to take place */
|
||||
|
||||
if(conn->ssl[SECONDARYSOCKET].use &&
|
||||
!data->set.ftp_use_port) {
|
||||
/* PASV is used and we just got the data connection connected, then
|
||||
it is time to handshake the secure stuff. */
|
||||
|
||||
infof(data, "Doing the SSL/TLS handshake on the data stream\n");
|
||||
/* BLOCKING */
|
||||
result = Curl_ssl_connect(conn, SECONDARYSOCKET);
|
||||
if(result)
|
||||
return result;
|
||||
}
|
||||
|
||||
if(data->set.upload) {
|
||||
NBFTPSENDF(conn, "TYPE %c", data->set.ftp_ascii?'A':'I');
|
||||
state(conn, FTP_STOR_TYPE);
|
||||
|
|
|
|||
Loading…
Reference in New Issue