New FTP CCC functionality - adds passive and active mode to accomodate for... (2f5e99ca) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

docs/curl.1

+9 −1

Original line number	Diff line number	Diff line
		@@ -448,10 +448,18 @@ If this option is used twice, the second will again disable this.
		(FTP) Use CCC (Clear Command Channel)
		Shuts down the SSL/TLS layer after authenticating. The rest of the
		control channel communication will be unencrypted. This allows
		NAT routers to follow the FTP transaction.
		NAT routers to follow the FTP transaction. The default mode is
		passive. See --ftp-ssl-ccc-mode for other modes.
		(Added in 7.16.1)

		If this option is used twice, the second will again disable this.
		.IP "--ftp-ssl-ccc-mode [active/passive]"
		(FTP) Use CCC (Clear Command Channel)
		Sets the CCC mode. The passive mode will not initiate the shutdown, but
		instead wait for the server to do it, and will not reply to the
		shutdown from the server. The active mode initiates the shutdown and
		waits for a reply from the server.
		(Added in 7.16.2)
		.IP "-F/--form <name=content>"
		(HTTP) This lets curl emulate a filled in form in which a user has pressed the
		submit button. This causes curl to POST data using the Content-Type

+14 −5

Original line number	Diff line number	Diff line
		@@ -936,11 +936,20 @@ Try "AUTH SSL" first, and only if that fails try "AUTH TLS"
		Try "AUTH TLS" first, and only if that fails try "AUTH SSL"
		.RE
		.IP CURLOPT_FTP_SSL_CCC
		Pass a long that is set to 0 to disable and 1 to enable. If enabled, this
		option makes libcurl use CCC (Clear Command Channel). It shuts down the
		SSL/TLS layer after authenticating. The rest of the control channel
		communication will be unencrypted. This allows NAT routers to follow the FTP
		transaction. (Added in 7.16.1)
		If enabled, this option makes libcurl use CCC (Clear Command Channel). It
		shuts down the SSL/TLS layer after authenticating. The rest of the
		control channel communication will be unencrypted. This allows NAT routers
		to follow the FTP transaction. Pass a long using one of the values below.
		(Added in 7.16.1)
		.RS
		.IP CURLFTPSSL_CCC_NONE
		Don't attempt to use CCC.
		.IP CURLFTPSSL_CCC_PASSIVE
		Do not initiate the shutdown, but wait for the server to do it. Do not send
		a reply.
		.IP CURLFTPSSL_CCC_ACTIVE
		Initiate the shutdown and wait for a reply.
		.RE
		.IP CURLOPT_FTP_ACCOUNT
		Pass a pointer to a zero-terminated string (or NULL to disable). When an FTP
		server asks for "account data" after user name and password has been provided,

+8 −0

Original line number	Diff line number	Diff line
		@@ -465,6 +465,14 @@ typedef enum {
		CURLFTPSSL_LAST /* not an option, never use */
		} curl_ftpssl;

		/* parameter for the CURLOPT_FTP_SSL_CCC option */
		typedef enum {
		CURLFTPSSL_CCC_NONE, /* do not send CCC */
		CURLFTPSSL_CCC_PASSIVE, /* Let the server initiate the shutdown */
		CURLFTPSSL_CCC_ACTIVE, /* Initiate the shutdown */
		CURLFTPSSL_CCC_LAST /* not an option, never use */
		} curl_ftpccc;

		/* parameter for the CURLOPT_FTPSSLAUTH option */
		typedef enum {
		CURLFTPAUTH_DEFAULT, /* let libcurl decide */

+1 −1

Original line number	Diff line number	Diff line
		@@ -2566,7 +2566,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
		/* we failed and bails out */
		return CURLE_FTP_SSL_FAILED;

		if(data->set.ftp_use_ccc) {
		if(data->set.ftp_ccc) {
		/* CCC - Clear Command Channel
		*/
		NBFTPSENDF(conn, "CCC", NULL);

+3 −0

Original line number	Diff line number	Diff line
		@@ -533,6 +533,9 @@ int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
		response. Thus we wait for a close notify alert from the server, but
		we do not send one. Let's hope other servers do the same... */

		if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
		gnutls_bye(conn->ssl[sockindex].session, GNUTLS_SHUT_WR);

		if(conn->ssl[sockindex].session) {
		while(!done) {
		int what = Curl_select(conn->sock[sockindex],