Loading lib/ftp.c +59 −49 Original line number Diff line number Diff line Loading @@ -174,6 +174,7 @@ static CURLcode AllowServerConnect(struct connectdata *conn) } break; } return CURLE_OK; } Loading Loading @@ -504,47 +505,6 @@ CURLcode Curl_ftp_connect(struct connectdata *conn) conn->ssl[SECONDARYSOCKET].use = FALSE; /* clear-text data */ } } if(conn->ssl[FIRSTSOCKET].use) { /* PBSZ = PROTECTION BUFFER SIZE. The 'draft-murray-auth-ftp-ssl' (draft 12, page 7) says: Specifically, the PROT command MUST be preceded by a PBSZ command and a PBSZ command MUST be preceded by a successful security data exchange (the TLS negotiation in this case) ... (and on page 8): Thus the PBSZ command must still be issued, but must have a parameter of '0' to indicate that no buffering is taking place and the data connection should not be encapsulated. */ FTPSENDF(conn, "PBSZ %d", 0); result = Curl_GetFTPResponse(&nread, conn, &ftpcode); if(result) return result; /* For TLS, the data connection can have one of two security levels. 1)Clear (requested by 'PROT C') 2)Private (requested by 'PROT P') */ if(!conn->ssl[SECONDARYSOCKET].use) { FTPSENDF(conn, "PROT %c", 'P'); result = Curl_GetFTPResponse(&nread, conn, &ftpcode); if(result) return result; if(ftpcode == 200) /* We have enabled SSL for the data connection! */ conn->ssl[SECONDARYSOCKET].use = TRUE; /* FTP servers typically responds with 500 if they decide to reject our 'P' request */ } } /* send USER */ FTPSENDF(conn, "USER %s", ftp->user?ftp->user:""); Loading Loading @@ -611,6 +571,47 @@ CURLcode Curl_ftp_connect(struct connectdata *conn) return CURLE_FTP_WEIRD_USER_REPLY; } if(conn->ssl[FIRSTSOCKET].use) { /* PBSZ = PROTECTION BUFFER SIZE. The 'draft-murray-auth-ftp-ssl' (draft 12, page 7) says: Specifically, the PROT command MUST be preceded by a PBSZ command and a PBSZ command MUST be preceded by a successful security data exchange (the TLS negotiation in this case) ... (and on page 8): Thus the PBSZ command must still be issued, but must have a parameter of '0' to indicate that no buffering is taking place and the data connection should not be encapsulated. */ FTPSENDF(conn, "PBSZ %d", 0); result = Curl_GetFTPResponse(&nread, conn, &ftpcode); if(result) return result; /* For TLS, the data connection can have one of two security levels. 1)Clear (requested by 'PROT C') 2)Private (requested by 'PROT P') */ if(!conn->ssl[SECONDARYSOCKET].use) { FTPSENDF(conn, "PROT %c", 'P'); result = Curl_GetFTPResponse(&nread, conn, &ftpcode); if(result) return result; if(ftpcode == 200) /* We have enabled SSL for the data connection! */ conn->ssl[SECONDARYSOCKET].use = TRUE; /* FTP servers typically responds with 500 if they decide to reject our 'P' request */ } } /* send PWD to discover our entry point */ FTPSENDF(conn, "PWD", NULL); Loading Loading @@ -1755,6 +1756,15 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn) return result; } if(conn->ssl[SECONDARYSOCKET].use) { /* since we only have a plaintext TCP connection here, we must now do the TLS stuff */ infof(data, "Doing the SSL/TSL handshake on the data stream\n"); result = Curl_SSLConnect(conn, SECONDARYSOCKET); if(result) return result; } *bytecountp=0; /* When we know we're uploading a specified file, we can get the file Loading Loading @@ -2011,15 +2021,15 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn) return result; } #if 1 if(conn->ssl[SECONDARYSOCKET].use) { /* since we only have a TCP connection, we must now do the TLS stuff */ /* since we only have a plaintext TCP connection here, we must now do the TLS stuff */ infof(data, "Doing the SSL/TSL handshake on the data stream\n"); result = Curl_SSLConnect(conn, SECONDARYSOCKET); if(result) return result; } #endif infof(data, "Getting file with size: %d\n", size); /* FTP download: */ Loading Loading
lib/ftp.c +59 −49 Original line number Diff line number Diff line Loading @@ -174,6 +174,7 @@ static CURLcode AllowServerConnect(struct connectdata *conn) } break; } return CURLE_OK; } Loading Loading @@ -504,47 +505,6 @@ CURLcode Curl_ftp_connect(struct connectdata *conn) conn->ssl[SECONDARYSOCKET].use = FALSE; /* clear-text data */ } } if(conn->ssl[FIRSTSOCKET].use) { /* PBSZ = PROTECTION BUFFER SIZE. The 'draft-murray-auth-ftp-ssl' (draft 12, page 7) says: Specifically, the PROT command MUST be preceded by a PBSZ command and a PBSZ command MUST be preceded by a successful security data exchange (the TLS negotiation in this case) ... (and on page 8): Thus the PBSZ command must still be issued, but must have a parameter of '0' to indicate that no buffering is taking place and the data connection should not be encapsulated. */ FTPSENDF(conn, "PBSZ %d", 0); result = Curl_GetFTPResponse(&nread, conn, &ftpcode); if(result) return result; /* For TLS, the data connection can have one of two security levels. 1)Clear (requested by 'PROT C') 2)Private (requested by 'PROT P') */ if(!conn->ssl[SECONDARYSOCKET].use) { FTPSENDF(conn, "PROT %c", 'P'); result = Curl_GetFTPResponse(&nread, conn, &ftpcode); if(result) return result; if(ftpcode == 200) /* We have enabled SSL for the data connection! */ conn->ssl[SECONDARYSOCKET].use = TRUE; /* FTP servers typically responds with 500 if they decide to reject our 'P' request */ } } /* send USER */ FTPSENDF(conn, "USER %s", ftp->user?ftp->user:""); Loading Loading @@ -611,6 +571,47 @@ CURLcode Curl_ftp_connect(struct connectdata *conn) return CURLE_FTP_WEIRD_USER_REPLY; } if(conn->ssl[FIRSTSOCKET].use) { /* PBSZ = PROTECTION BUFFER SIZE. The 'draft-murray-auth-ftp-ssl' (draft 12, page 7) says: Specifically, the PROT command MUST be preceded by a PBSZ command and a PBSZ command MUST be preceded by a successful security data exchange (the TLS negotiation in this case) ... (and on page 8): Thus the PBSZ command must still be issued, but must have a parameter of '0' to indicate that no buffering is taking place and the data connection should not be encapsulated. */ FTPSENDF(conn, "PBSZ %d", 0); result = Curl_GetFTPResponse(&nread, conn, &ftpcode); if(result) return result; /* For TLS, the data connection can have one of two security levels. 1)Clear (requested by 'PROT C') 2)Private (requested by 'PROT P') */ if(!conn->ssl[SECONDARYSOCKET].use) { FTPSENDF(conn, "PROT %c", 'P'); result = Curl_GetFTPResponse(&nread, conn, &ftpcode); if(result) return result; if(ftpcode == 200) /* We have enabled SSL for the data connection! */ conn->ssl[SECONDARYSOCKET].use = TRUE; /* FTP servers typically responds with 500 if they decide to reject our 'P' request */ } } /* send PWD to discover our entry point */ FTPSENDF(conn, "PWD", NULL); Loading Loading @@ -1755,6 +1756,15 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn) return result; } if(conn->ssl[SECONDARYSOCKET].use) { /* since we only have a plaintext TCP connection here, we must now do the TLS stuff */ infof(data, "Doing the SSL/TSL handshake on the data stream\n"); result = Curl_SSLConnect(conn, SECONDARYSOCKET); if(result) return result; } *bytecountp=0; /* When we know we're uploading a specified file, we can get the file Loading Loading @@ -2011,15 +2021,15 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn) return result; } #if 1 if(conn->ssl[SECONDARYSOCKET].use) { /* since we only have a TCP connection, we must now do the TLS stuff */ /* since we only have a plaintext TCP connection here, we must now do the TLS stuff */ infof(data, "Doing the SSL/TSL handshake on the data stream\n"); result = Curl_SSLConnect(conn, SECONDARYSOCKET); if(result) return result; } #endif infof(data, "Getting file with size: %d\n", size); /* FTP download: */ Loading
