mirror of https://github.com/moparisthebest/curl
Norbert Novotny had problems with FTPS and he helped me work out a patch
that made curl run fine in his end. The key was to make sure we do the SSL/TLS negotiation immediately after the TCP connect is done and not after a few other commands have been sent like we did previously. I don't consider this change necessary to obey the standards, I think this server is pickier than what the specs allow it to be, but I can't see how this modified libcurl code can add any problems to those who are interpreting the standards more liberally.
This commit is contained in:
parent
7a8993892d
commit
710ee3b0e0
10
CHANGES
10
CHANGES
|
@ -7,6 +7,16 @@
|
||||||
Changelog
|
Changelog
|
||||||
|
|
||||||
|
|
||||||
|
Daniel (19 August 2005)
|
||||||
|
- Norbert Novotny had problems with FTPS and he helped me work out a patch
|
||||||
|
that made curl run fine in his end. The key was to make sure we do the
|
||||||
|
SSL/TLS negotiation immediately after the TCP connect is done and not after
|
||||||
|
a few other commands have been sent like we did previously. I don't consider
|
||||||
|
this change necessary to obey the standards, I think this server is pickier
|
||||||
|
than what the specs allow it to be, but I can't see how this modified
|
||||||
|
libcurl code can add any problems to those who are interpreting the
|
||||||
|
standards more liberally.
|
||||||
|
|
||||||
Daniel (17 August 2005)
|
Daniel (17 August 2005)
|
||||||
- Jeff Pohlmeyer found out that if you ask libcurl to load a cookiefile (with
|
- Jeff Pohlmeyer found out that if you ask libcurl to load a cookiefile (with
|
||||||
CURLOPT_COOKIEFILE), add a cookie (with CURLOPT_COOKIELIST), tell it to
|
CURLOPT_COOKIEFILE), add a cookie (with CURLOPT_COOKIELIST), tell it to
|
||||||
|
|
|
@ -7,10 +7,11 @@ Curl and libcurl 7.14.1
|
||||||
Number of public functions in libcurl: 46
|
Number of public functions in libcurl: 46
|
||||||
Amount of public web site mirrors: 25
|
Amount of public web site mirrors: 25
|
||||||
Number of known libcurl bindings: 31
|
Number of known libcurl bindings: 31
|
||||||
Number of contributors: 437
|
Number of contributors: 447
|
||||||
|
|
||||||
This release includes the following changes:
|
This release includes the following changes:
|
||||||
|
|
||||||
|
o negotiates data connection SSL earlier when doing FTPS with PASV
|
||||||
o CURLOPT_COOKIELIST and CURLINFO_COOKIELIST
|
o CURLOPT_COOKIELIST and CURLINFO_COOKIELIST
|
||||||
o trailer support for chunked encoded data streams
|
o trailer support for chunked encoded data streams
|
||||||
o -x/CURL_PROXY strings may now contain user+password
|
o -x/CURL_PROXY strings may now contain user+password
|
||||||
|
@ -60,6 +61,7 @@ advice from friends like these:
|
||||||
John McGowan, Georg Wicherski, Andres Garcia, Eric Cooper, Todd Kulesza,
|
John McGowan, Georg Wicherski, Andres Garcia, Eric Cooper, Todd Kulesza,
|
||||||
Tupone Alfredo, Gisle Vanem, David Shaw, Andrew Bushnell, Dan Fandrich,
|
Tupone Alfredo, Gisle Vanem, David Shaw, Andrew Bushnell, Dan Fandrich,
|
||||||
Adrian Schuur, Diego Casorran, Peteris Krumins, Jon Grubbs, Christopher
|
Adrian Schuur, Diego Casorran, Peteris Krumins, Jon Grubbs, Christopher
|
||||||
R. Palmer, Mario Schroeder, Richard Clayton, James Bursa, Jeff Pohlmeyer
|
R. Palmer, Mario Schroeder, Richard Clayton, James Bursa, Jeff Pohlmeyer,
|
||||||
|
Norbert Novotny
|
||||||
|
|
||||||
Thanks! (and sorry if I forgot to mention someone)
|
Thanks! (and sorry if I forgot to mention someone)
|
||||||
|
|
46
lib/ftp.c
46
lib/ftp.c
|
@ -174,9 +174,13 @@ static bool isBadFtpString(const char *string)
|
||||||
* to us. This function will sit and wait here until the server has
|
* to us. This function will sit and wait here until the server has
|
||||||
* connected.
|
* connected.
|
||||||
*
|
*
|
||||||
|
* If FTP-SSL is used and SSL is requested for the data connection, this
|
||||||
|
* function will do that transport layer handshake too.
|
||||||
|
*
|
||||||
*/
|
*/
|
||||||
static CURLcode AllowServerConnect(struct connectdata *conn)
|
static CURLcode AllowServerConnect(struct connectdata *conn)
|
||||||
{
|
{
|
||||||
|
CURLcode result;
|
||||||
int timeout_ms;
|
int timeout_ms;
|
||||||
struct SessionHandle *data = conn->data;
|
struct SessionHandle *data = conn->data;
|
||||||
curl_socket_t sock = conn->sock[SECONDARYSOCKET];
|
curl_socket_t sock = conn->sock[SECONDARYSOCKET];
|
||||||
|
@ -231,6 +235,17 @@ static CURLcode AllowServerConnect(struct connectdata *conn)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* If PASV is used, this is is made elsewhere */
|
||||||
|
if(conn->ssl[SECONDARYSOCKET].use) {
|
||||||
|
/* since we only have a plaintext TCP connection here, we must now
|
||||||
|
do the TLS stuff */
|
||||||
|
infof(data, "Doing the SSL/TLS handshake on the data stream\n");
|
||||||
|
/* BLOCKING */
|
||||||
|
result = Curl_ssl_connect(conn, SECONDARYSOCKET);
|
||||||
|
if(result)
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
return CURLE_OK;
|
return CURLE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2017,16 +2032,6 @@ static CURLcode ftp_state_stor_resp(struct connectdata *conn,
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(conn->ssl[SECONDARYSOCKET].use) {
|
|
||||||
/* since we only have a plaintext TCP connection here, we must now
|
|
||||||
do the TLS stuff */
|
|
||||||
infof(data, "Doing the SSL/TLS handshake on the data stream\n");
|
|
||||||
/* BLOCKING */
|
|
||||||
result = Curl_ssl_connect(conn, SECONDARYSOCKET);
|
|
||||||
if(result)
|
|
||||||
return result;
|
|
||||||
}
|
|
||||||
|
|
||||||
*(ftp->bytecountp)=0;
|
*(ftp->bytecountp)=0;
|
||||||
|
|
||||||
/* When we know we're uploading a specified file, we can get the file
|
/* When we know we're uploading a specified file, we can get the file
|
||||||
|
@ -2126,15 +2131,6 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn,
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(conn->ssl[SECONDARYSOCKET].use) {
|
|
||||||
/* since we only have a plaintext TCP connection here, we must now
|
|
||||||
do the TLS stuff */
|
|
||||||
infof(data, "Doing the SSL/TLS handshake on the data stream\n");
|
|
||||||
result = Curl_ssl_connect(conn, SECONDARYSOCKET);
|
|
||||||
if(result)
|
|
||||||
return result;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(size > conn->maxdownload && conn->maxdownload > 0)
|
if(size > conn->maxdownload && conn->maxdownload > 0)
|
||||||
size = conn->size = conn->maxdownload;
|
size = conn->size = conn->maxdownload;
|
||||||
|
|
||||||
|
@ -3096,6 +3092,18 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn)
|
||||||
if(!ftp->no_transfer && !conn->bits.no_body) {
|
if(!ftp->no_transfer && !conn->bits.no_body) {
|
||||||
/* a transfer is about to take place */
|
/* a transfer is about to take place */
|
||||||
|
|
||||||
|
if(conn->ssl[SECONDARYSOCKET].use &&
|
||||||
|
!data->set.ftp_use_port) {
|
||||||
|
/* PASV is used and we just got the data connection connected, then
|
||||||
|
it is time to handshake the secure stuff. */
|
||||||
|
|
||||||
|
infof(data, "Doing the SSL/TLS handshake on the data stream\n");
|
||||||
|
/* BLOCKING */
|
||||||
|
result = Curl_ssl_connect(conn, SECONDARYSOCKET);
|
||||||
|
if(result)
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
if(data->set.upload) {
|
if(data->set.upload) {
|
||||||
NBFTPSENDF(conn, "TYPE %c", data->set.ftp_ascii?'A':'I');
|
NBFTPSENDF(conn, "TYPE %c", data->set.ftp_ascii?'A':'I');
|
||||||
state(conn, FTP_STOR_TYPE);
|
state(conn, FTP_STOR_TYPE);
|
||||||
|
|
Loading…
Reference in New Issue