Norbert Novotny had problems with FTPS and he helped me work out a patch
that made curl run fine in his end. The key was to make sure we do the SSL/TLS negotiation immediately after the TCP connect is done and not after a few other commands have been sent like we did previously. I don't consider this change necessary to obey the standards, I think this server is pickier than what the specs allow it to be, but I can't see how this modified libcurl code can add any problems to those who are interpreting the standards more liberally.
This commit is contained in:
Daniel Stenberg
46
lib/ftp.c
46
lib/ftp.c
@@ -174,9 +174,13 @@ static bool isBadFtpString(const char *string)
|
||||
* to us. This function will sit and wait here until the server has
|
||||
* connected.
|
||||
*
|
||||
* If FTP-SSL is used and SSL is requested for the data connection, this
|
||||
* function will do that transport layer handshake too.
|
||||
*
|
||||
*/
|
||||
static CURLcode AllowServerConnect(struct connectdata *conn)
|
||||
{
|
||||
CURLcode result;
|
||||
int timeout_ms;
|
||||
struct SessionHandle *data = conn->data;
|
||||
curl_socket_t sock = conn->sock[SECONDARYSOCKET];
|
||||
@@ -231,6 +235,17 @@ static CURLcode AllowServerConnect(struct connectdata *conn)
|
||||
break;
|
||||
}
|
||||
|
||||
/* If PASV is used, this is is made elsewhere */
|
||||
if(conn->ssl[SECONDARYSOCKET].use) {
|
||||
/* since we only have a plaintext TCP connection here, we must now
|
||||
do the TLS stuff */
|
||||
infof(data, "Doing the SSL/TLS handshake on the data stream\n");
|
||||
/* BLOCKING */
|
||||
result = Curl_ssl_connect(conn, SECONDARYSOCKET);
|
||||
if(result)
|
||||
return result;
|
||||
}
|
||||
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
||||
@@ -2017,16 +2032,6 @@ static CURLcode ftp_state_stor_resp(struct connectdata *conn,
|
||||
return result;
|
||||
}
|
||||
|
||||
if(conn->ssl[SECONDARYSOCKET].use) {
|
||||
/* since we only have a plaintext TCP connection here, we must now
|
||||
do the TLS stuff */
|
||||
infof(data, "Doing the SSL/TLS handshake on the data stream\n");
|
||||
/* BLOCKING */
|
||||
result = Curl_ssl_connect(conn, SECONDARYSOCKET);
|
||||
if(result)
|
||||
return result;
|
||||
}
|
||||
|
||||
*(ftp->bytecountp)=0;
|
||||
|
||||
/* When we know we're uploading a specified file, we can get the file
|
||||
@@ -2126,15 +2131,6 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn,
|
||||
return result;
|
||||
}
|
||||
|
||||
if(conn->ssl[SECONDARYSOCKET].use) {
|
||||
/* since we only have a plaintext TCP connection here, we must now
|
||||
do the TLS stuff */
|
||||
infof(data, "Doing the SSL/TLS handshake on the data stream\n");
|
||||
result = Curl_ssl_connect(conn, SECONDARYSOCKET);
|
||||
if(result)
|
||||
return result;
|
||||
}
|
||||
|
||||
if(size > conn->maxdownload && conn->maxdownload > 0)
|
||||
size = conn->size = conn->maxdownload;
|
||||
|
||||
@@ -3096,6 +3092,18 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn)
|
||||
if(!ftp->no_transfer && !conn->bits.no_body) {
|
||||
/* a transfer is about to take place */
|
||||
|
||||
if(conn->ssl[SECONDARYSOCKET].use &&
|
||||
!data->set.ftp_use_port) {
|
||||
/* PASV is used and we just got the data connection connected, then
|
||||
it is time to handshake the secure stuff. */
|
||||
|
||||
infof(data, "Doing the SSL/TLS handshake on the data stream\n");
|
||||
/* BLOCKING */
|
||||
result = Curl_ssl_connect(conn, SECONDARYSOCKET);
|
||||
if(result)
|
||||
return result;
|
||||
}
|
||||
|
||||
if(data->set.upload) {
|
||||
NBFTPSENDF(conn, "TYPE %c", data->set.ftp_ascii?'A':'I');
|
||||
state(conn, FTP_STOR_TYPE);
|
||||
|
||||
Reference in New Issue
Block a user