TJ Saunders of the proftpd project identified and pointed out problems with

the modified FTPS negotiation change of August 19 2005. Thus, we revert the change back to pre-7.14.1 status.
2005-09-27 08:46:54 +00:00 · 2005-09-27 08:46:54 +00:00 · a2902de67c
parent da192f7955
commit a2902de67c
3 changed files with 25 additions and 27 deletions
--- a/5
+++ b/5
@ -7,6 +7,11 @@
                                  Changelog


+Daniel (27 September 2005)
+- TJ Saunders of the proftpd project identified and pointed out problems with
+  the modified FTPS negotiation change of August 19 2005. Thus, we revert the
+  change back to pre-7.14.1 status.
+
 Daniel (21 September 2005)
 - Fixed "cut off" sentence in the libcurl-tutorial man page:
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329305
--- a/1
+++ b/1
@ -16,6 +16,7 @@ This release includes the following changes:

 This release includes the following bugfixes:

+ o FTPS negotiation timeouts/errors
 o SSPI works even for Windows 9x
 o crash in --dump-header on FTP
 o test 56 runs better
--- a/lib/ftp.c
+++ b/lib/ftp.c
@ -174,13 +174,9 @@ static bool isBadFtpString(const char *string)
 * to us. This function will sit and wait here until the server has
 * connected.
 *
- * If FTP-SSL is used and SSL is requested for the data connection, this
- * function will do that transport layer handshake too.
- *
 */
 static CURLcode AllowServerConnect(struct connectdata *conn)
 {
-  CURLcode result;
  int timeout_ms;
  struct SessionHandle *data = conn->data;
  curl_socket_t sock = conn->sock[SECONDARYSOCKET];
@ -235,17 +231,6 @@ static CURLcode AllowServerConnect(struct connectdata *conn)
    break;
  }

-  /* If PASV is used, this is is made elsewhere */
-  if(conn->ssl[SECONDARYSOCKET].use) {
-    /* since we only have a plaintext TCP connection here, we must now
-       do the TLS stuff */
-    infof(data, "Doing the SSL/TLS handshake on the data stream\n");
-    /* BLOCKING */
-    result = Curl_ssl_connect(conn, SECONDARYSOCKET);
-    if(result)
-      return result;
-  }
-
  return CURLE_OK;
 }

@ -2040,6 +2025,16 @@ static CURLcode ftp_state_stor_resp(struct connectdata *conn,
      return result;
  }

+  if(conn->ssl[SECONDARYSOCKET].use) {
+    /* since we only have a plaintext TCP connection here, we must now
+       do the TLS stuff */
+    infof(data, "Doing the SSL/TLS handshake on the data stream\n");
+    /* BLOCKING */
+    result = Curl_ssl_connect(conn, SECONDARYSOCKET);
+    if(result)
+      return result;
+  }
+
  *(ftp->bytecountp)=0;

  /* When we know we're uploading a specified file, we can get the file
@ -2139,6 +2134,15 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn,
        return result;
    }

+    if(conn->ssl[SECONDARYSOCKET].use) {
+      /* since we only have a plaintext TCP connection here, we must now
+         do the TLS stuff */
+      infof(data, "Doing the SSL/TLS handshake on the data stream\n");
+      result = Curl_ssl_connect(conn, SECONDARYSOCKET);
+      if(result)
+        return result;
+    }
+
    if(size > conn->maxdownload && conn->maxdownload > 0)
      size = conn->size = conn->maxdownload;

@ -3100,18 +3104,6 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn)
  if(!ftp->no_transfer && !conn->bits.no_body) {
    /* a transfer is about to take place */

-    if(conn->ssl[SECONDARYSOCKET].use &&
-       !data->set.ftp_use_port) {
-      /* PASV is used and we just got the data connection connected, then
-         it is time to handshake the secure stuff. */
-
-      infof(data, "Doing the SSL/TLS handshake on the data stream\n");
-      /* BLOCKING */
-      result = Curl_ssl_connect(conn, SECONDARYSOCKET);
-      if(result)
-        return result;
-    }
-
    if(data->set.upload) {
      NBFTPSENDF(conn, "TYPE %c", data->set.ftp_ascii?'A':'I');
      state(conn, FTP_STOR_TYPE);