generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fixes from Gisle Vanem to try 'AUTH SSL' before 'AUTH TLS', edited by me

Browse Source
This commit is contained in:
Daniel Stenberg 2003-12-02 13:21:53 +00:00
parent 41688a1642
commit 2c22feced2
1 changed files with 31 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
lib/ftp.c
View File

@ -405,6 +405,10 @@ CURLcode Curl_GetFTPResponse(ssize_t *nreadp, /* return number of bytes read */
return result; return result;
} }
static char *ftpauth[]= {
"SSL", "TLS", NULL
};
/* /*
* Curl_ftp_connect() should do everything that is to be considered a part of * Curl_ftp_connect() should do everything that is to be considered a part of
* the connection phase. * the connection phase.
@ -417,7 +421,7 @@ CURLcode Curl_ftp_connect(struct connectdata *conn)
char *buf = data->state.buffer; /* this is our buffer */ char *buf = data->state.buffer; /* this is our buffer */
struct FTP *ftp; struct FTP *ftp;
CURLcode result; CURLcode result;
int ftpcode; int ftpcode, try;
ftp = (struct FTP *)malloc(sizeof(struct FTP)); ftp = (struct FTP *)malloc(sizeof(struct FTP));
if(!ftp) if(!ftp)
@ -453,7 +457,6 @@ CURLcode Curl_ftp_connect(struct connectdata *conn)
return result; return result;
} }
/* The first thing we do is wait for the "220*" line: */ /* The first thing we do is wait for the "220*" line: */
result = Curl_GetFTPResponse(&nread, conn, &ftpcode); result = Curl_GetFTPResponse(&nread, conn, &ftpcode);
if(result) if(result)
@ -483,26 +486,32 @@ CURLcode Curl_ftp_connect(struct connectdata *conn)
#endif #endif
if(data->set.ftp_ssl && !conn->ssl[FIRSTSOCKET].use) { if(data->set.ftp_ssl && !conn->ssl[FIRSTSOCKET].use) {
/* we don't have a ssl connection, try a FTPS connection now */ /* we don't have a SSL/TLS connection, try a FTPS connection now */
FTPSENDF(conn, "AUTH TLS", NULL);
result = Curl_GetFTPResponse(&nread, conn, &ftpcode); for (try = 0; ftpauth[try]; try++) {
if(result)
return result;
/* RFC2228 (page 5) says: FTPSENDF(conn, "AUTH %s", ftpauth[try]);
*
* If the server is willing to accept the named security mechanism, and result = Curl_GetFTPResponse(&nread, conn, &ftpcode);
* does not require any security data, it must respond with reply code
* 234.
*/
if(234 == ftpcode) {
result = Curl_SSLConnect(conn, FIRSTSOCKET);
if(result) if(result)
return result; return result;
conn->protocol |= PROT_FTPS;
conn->ssl[SECONDARYSOCKET].use = FALSE; /* clear-text data */ /* RFC2228 (page 5) says:
*
* If the server is willing to accept the named security mechanism, and
* does not require any security data, it must respond with reply code
* 234/334.
*/
if((ftpcode == 234) || (ftpcode == 334)) {
result = Curl_SSLConnect(conn, FIRSTSOCKET);
if(result)
return result;
conn->protocol |= PROT_FTPS;
conn->ssl[SECONDARYSOCKET].use = FALSE; /* clear-text data */
break;
}
} }
} }
@ -549,6 +558,7 @@ CURLcode Curl_ftp_connect(struct connectdata *conn)
/* 230 User ... logged in. /* 230 User ... logged in.
(the user logged in without password) */ (the user logged in without password) */
infof(data, "We have successfully logged in\n"); infof(data, "We have successfully logged in\n");
if (conn->ssl[FIRSTSOCKET].use) {
#ifdef KRB4 #ifdef KRB4
/* we are logged in (with Kerberos) /* we are logged in (with Kerberos)
* now set the requested protection level * now set the requested protection level
@ -565,6 +575,7 @@ CURLcode Curl_ftp_connect(struct connectdata *conn)
return result; return result;
} }
#endif #endif
}
} }
else { else {
failf(data, "Odd return code after USER"); failf(data, "Odd return code after USER");
@ -1759,7 +1770,7 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn)
if(conn->ssl[SECONDARYSOCKET].use) { if(conn->ssl[SECONDARYSOCKET].use) {
/* since we only have a plaintext TCP connection here, we must now /* since we only have a plaintext TCP connection here, we must now
do the TLS stuff */ do the TLS stuff */
infof(data, "Doing the SSL/TSL handshake on the data stream\n"); infof(data, "Doing the SSL/TLS handshake on the data stream\n");
result = Curl_SSLConnect(conn, SECONDARYSOCKET); result = Curl_SSLConnect(conn, SECONDARYSOCKET);
if(result) if(result)
return result; return result;
@ -2024,7 +2035,7 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn)
if(conn->ssl[SECONDARYSOCKET].use) { if(conn->ssl[SECONDARYSOCKET].use) {
/* since we only have a plaintext TCP connection here, we must now /* since we only have a plaintext TCP connection here, we must now
do the TLS stuff */ do the TLS stuff */
infof(data, "Doing the SSL/TSL handshake on the data stream\n"); infof(data, "Doing the SSL/TLS handshake on the data stream\n");
result = Curl_SSLConnect(conn, SECONDARYSOCKET); result = Curl_SSLConnect(conn, SECONDARYSOCKET);
if(result) if(result)
return result; return result;
@ -2220,7 +2231,7 @@ CURLcode ftp_perform(struct connectdata *conn,
else { else {
/* We have chosen (this is default) to use the PASV command */ /* We have chosen (this is default) to use the PASV command */
result = ftp_use_pasv(conn, connected); result = ftp_use_pasv(conn, connected);
if(!result && *connected) if(CURLE_OK == result && *connected)
infof(data, "Connected the data stream with PASV!\n"); infof(data, "Connected the data stream with PASV!\n");
} }