From a2902de67c3bf044a19419f8826521a963baaa7f Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 27 Sep 2005 08:46:54 +0000 Subject: [PATCH] TJ Saunders of the proftpd project identified and pointed out problems with the modified FTPS negotiation change of August 19 2005. Thus, we revert the change back to pre-7.14.1 status. --- CHANGES | 5 +++++ RELEASE-NOTES | 1 + lib/ftp.c | 46 +++++++++++++++++++--------------------------- 3 files changed, 25 insertions(+), 27 deletions(-) diff --git a/CHANGES b/CHANGES index abf83ca45..dcb8a46c4 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,11 @@ Changelog +Daniel (27 September 2005) +- TJ Saunders of the proftpd project identified and pointed out problems with + the modified FTPS negotiation change of August 19 2005. Thus, we revert the + change back to pre-7.14.1 status. + Daniel (21 September 2005) - Fixed "cut off" sentence in the libcurl-tutorial man page: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329305 diff --git a/RELEASE-NOTES b/RELEASE-NOTES index c55bed74b..0db7c9459 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -16,6 +16,7 @@ This release includes the following changes: This release includes the following bugfixes: + o FTPS negotiation timeouts/errors o SSPI works even for Windows 9x o crash in --dump-header on FTP o test 56 runs better diff --git a/lib/ftp.c b/lib/ftp.c index 5c797b938..64b903fca 100644 --- a/lib/ftp.c +++ b/lib/ftp.c @@ -174,13 +174,9 @@ static bool isBadFtpString(const char *string) * to us. This function will sit and wait here until the server has * connected. * - * If FTP-SSL is used and SSL is requested for the data connection, this - * function will do that transport layer handshake too. - * */ static CURLcode AllowServerConnect(struct connectdata *conn) { - CURLcode result; int timeout_ms; struct SessionHandle *data = conn->data; curl_socket_t sock = conn->sock[SECONDARYSOCKET]; @@ -235,17 +231,6 @@ static CURLcode AllowServerConnect(struct connectdata *conn) break; } - /* If PASV is used, this is is made elsewhere */ - if(conn->ssl[SECONDARYSOCKET].use) { - /* since we only have a plaintext TCP connection here, we must now - do the TLS stuff */ - infof(data, "Doing the SSL/TLS handshake on the data stream\n"); - /* BLOCKING */ - result = Curl_ssl_connect(conn, SECONDARYSOCKET); - if(result) - return result; - } - return CURLE_OK; } @@ -2040,6 +2025,16 @@ static CURLcode ftp_state_stor_resp(struct connectdata *conn, return result; } + if(conn->ssl[SECONDARYSOCKET].use) { + /* since we only have a plaintext TCP connection here, we must now + do the TLS stuff */ + infof(data, "Doing the SSL/TLS handshake on the data stream\n"); + /* BLOCKING */ + result = Curl_ssl_connect(conn, SECONDARYSOCKET); + if(result) + return result; + } + *(ftp->bytecountp)=0; /* When we know we're uploading a specified file, we can get the file @@ -2139,6 +2134,15 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn, return result; } + if(conn->ssl[SECONDARYSOCKET].use) { + /* since we only have a plaintext TCP connection here, we must now + do the TLS stuff */ + infof(data, "Doing the SSL/TLS handshake on the data stream\n"); + result = Curl_ssl_connect(conn, SECONDARYSOCKET); + if(result) + return result; + } + if(size > conn->maxdownload && conn->maxdownload > 0) size = conn->size = conn->maxdownload; @@ -3100,18 +3104,6 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn) if(!ftp->no_transfer && !conn->bits.no_body) { /* a transfer is about to take place */ - if(conn->ssl[SECONDARYSOCKET].use && - !data->set.ftp_use_port) { - /* PASV is used and we just got the data connection connected, then - it is time to handshake the secure stuff. */ - - infof(data, "Doing the SSL/TLS handshake on the data stream\n"); - /* BLOCKING */ - result = Curl_ssl_connect(conn, SECONDARYSOCKET); - if(result) - return result; - } - if(data->set.upload) { NBFTPSENDF(conn, "TYPE %c", data->set.ftp_ascii?'A':'I'); state(conn, FTP_STOR_TYPE);