ftp: separate FTPS from FTP over "HTTPS proxy"
When using HTTPS proxy, SSL is used but not in the view of the FTP protocol handler itself so separate the connection's use of SSL from the FTP control connection's sue. Reported-by: Mingtao Yang Fixes #5523 Closes #6006
This commit is contained in:
Daniel Stenberg
Родитель
93653ef9e2
Коммит
1397a7de6e
16
lib/ftp.c
16
lib/ftp.c
|
|
@ -2508,7 +2508,7 @@ static CURLcode ftp_state_loggedin(struct connectdata *conn)
|
|||
{
|
||||
CURLcode result = CURLE_OK;
|
||||
|
||||
if(conn->ssl[FIRSTSOCKET].use) {
|
||||
if(conn->bits.ftp_use_control_ssl) {
|
||||
/* PBSZ = PROTECTION BUFFER SIZE.
|
||||
|
||||
The 'draft-murray-auth-ftp-ssl' (draft 12, page 7) says:
|
||||
|
|
@ -2659,14 +2659,8 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
|
|||
}
|
||||
#endif
|
||||
|
||||
if(data->set.use_ssl &&
|
||||
(!conn->ssl[FIRSTSOCKET].use
|
||||
#ifndef CURL_DISABLE_PROXY
|
||||
|| (conn->bits.proxy_ssl_connected[FIRSTSOCKET] &&
|
||||
!conn->proxy_ssl[FIRSTSOCKET].use)
|
||||
#endif
|
||||
)) {
|
||||
/* We don't have a SSL/TLS connection yet, but FTPS is
|
||||
if(data->set.use_ssl && !conn->bits.ftp_use_control_ssl) {
|
||||
/* We don't have a SSL/TLS control connection yet, but FTPS is
|
||||
requested. Try a FTPS connection now */
|
||||
|
||||
ftpc->count3 = 0;
|
||||
|
|
@ -2708,6 +2702,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
|
|||
result = Curl_ssl_connect(conn, FIRSTSOCKET);
|
||||
if(!result) {
|
||||
conn->bits.ftp_use_data_ssl = FALSE; /* clear-text data */
|
||||
conn->bits.ftp_use_control_ssl = TRUE; /* SSL on control */
|
||||
result = ftp_state_user(conn);
|
||||
}
|
||||
}
|
||||
|
|
@ -3089,7 +3084,7 @@ static CURLcode ftp_block_statemach(struct connectdata *conn)
|
|||
*
|
||||
*/
|
||||
static CURLcode ftp_connect(struct connectdata *conn,
|
||||
bool *done) /* see description above */
|
||||
bool *done) /* see description above */
|
||||
{
|
||||
CURLcode result;
|
||||
struct ftp_conn *ftpc = &conn->proto.ftpc;
|
||||
|
|
@ -3110,6 +3105,7 @@ static CURLcode ftp_connect(struct connectdata *conn,
|
|||
result = Curl_ssl_connect(conn, FIRSTSOCKET);
|
||||
if(result)
|
||||
return result;
|
||||
conn->bits.ftp_use_control_ssl = TRUE;
|
||||
}
|
||||
|
||||
Curl_pp_setup(pp); /* once per transfer */
|
||||
|
|
|
|||
|
|
@ -469,6 +469,7 @@ struct ConnectBits {
|
|||
EPRT doesn't work we disable it for the forthcoming
|
||||
requests */
|
||||
BIT(ftp_use_data_ssl); /* Enabled SSL for the data connection */
|
||||
BIT(ftp_use_control_ssl); /* Enabled SSL for the control connection */
|
||||
#endif
|
||||
BIT(netrc); /* name+password provided by netrc */
|
||||
BIT(bound); /* set true if bind() has already been done on this socket/
|
||||
|
|
|
|||
|
|
@ -74,8 +74,6 @@ Proxy-Connection: Keep-Alive
|
|||
<protocol>
|
||||
USER anonymous
|
||||
PASS ftp@example.com
|
||||
PBSZ 0
|
||||
PROT P
|
||||
PWD
|
||||
EPSV
|
||||
TYPE I
|
||||
|
|
|
|||
|
|
@ -89,8 +89,6 @@ Proxy-Connection: Keep-Alive
|
|||
<protocol>
|
||||
USER anonymous
|
||||
PASS ftp@example.com
|
||||
PBSZ 0
|
||||
PROT P
|
||||
PWD
|
||||
EPSV
|
||||
TYPE I
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче