fixes from Gisle Vanem to try 'AUTH SSL' before 'AUTH TLS', edited by me

This commit is contained in:
Daniel Stenberg 2003-12-02 13:21:53 +00:00
Родитель 41688a1642
Коммит 2c22feced2
1 изменённых файлов: 31 добавлений и 20 удалений

Просмотреть файл

@ -405,6 +405,10 @@ CURLcode Curl_GetFTPResponse(ssize_t *nreadp, /* return number of bytes read */
return result;
}
static char *ftpauth[]= {
"SSL", "TLS", NULL
};
/*
* Curl_ftp_connect() should do everything that is to be considered a part of
* the connection phase.
@ -417,7 +421,7 @@ CURLcode Curl_ftp_connect(struct connectdata *conn)
char *buf = data->state.buffer; /* this is our buffer */
struct FTP *ftp;
CURLcode result;
int ftpcode;
int ftpcode, try;
ftp = (struct FTP *)malloc(sizeof(struct FTP));
if(!ftp)
@ -453,7 +457,6 @@ CURLcode Curl_ftp_connect(struct connectdata *conn)
return result;
}
/* The first thing we do is wait for the "220*" line: */
result = Curl_GetFTPResponse(&nread, conn, &ftpcode);
if(result)
@ -483,10 +486,14 @@ CURLcode Curl_ftp_connect(struct connectdata *conn)
#endif
if(data->set.ftp_ssl && !conn->ssl[FIRSTSOCKET].use) {
/* we don't have a ssl connection, try a FTPS connection now */
FTPSENDF(conn, "AUTH TLS", NULL);
/* we don't have a SSL/TLS connection, try a FTPS connection now */
for (try = 0; ftpauth[try]; try++) {
FTPSENDF(conn, "AUTH %s", ftpauth[try]);
result = Curl_GetFTPResponse(&nread, conn, &ftpcode);
if(result)
return result;
@ -494,15 +501,17 @@ CURLcode Curl_ftp_connect(struct connectdata *conn)
*
* If the server is willing to accept the named security mechanism, and
* does not require any security data, it must respond with reply code
* 234.
* 234/334.
*/
if(234 == ftpcode) {
if((ftpcode == 234) || (ftpcode == 334)) {
result = Curl_SSLConnect(conn, FIRSTSOCKET);
if(result)
return result;
conn->protocol |= PROT_FTPS;
conn->ssl[SECONDARYSOCKET].use = FALSE; /* clear-text data */
break;
}
}
}
@ -549,6 +558,7 @@ CURLcode Curl_ftp_connect(struct connectdata *conn)
/* 230 User ... logged in.
(the user logged in without password) */
infof(data, "We have successfully logged in\n");
if (conn->ssl[FIRSTSOCKET].use) {
#ifdef KRB4
/* we are logged in (with Kerberos)
* now set the requested protection level
@ -565,6 +575,7 @@ CURLcode Curl_ftp_connect(struct connectdata *conn)
return result;
}
#endif
}
}
else {
failf(data, "Odd return code after USER");
@ -1759,7 +1770,7 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn)
if(conn->ssl[SECONDARYSOCKET].use) {
/* since we only have a plaintext TCP connection here, we must now
do the TLS stuff */
infof(data, "Doing the SSL/TSL handshake on the data stream\n");
infof(data, "Doing the SSL/TLS handshake on the data stream\n");
result = Curl_SSLConnect(conn, SECONDARYSOCKET);
if(result)
return result;
@ -2024,7 +2035,7 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn)
if(conn->ssl[SECONDARYSOCKET].use) {
/* since we only have a plaintext TCP connection here, we must now
do the TLS stuff */
infof(data, "Doing the SSL/TSL handshake on the data stream\n");
infof(data, "Doing the SSL/TLS handshake on the data stream\n");
result = Curl_SSLConnect(conn, SECONDARYSOCKET);
if(result)
return result;
@ -2220,7 +2231,7 @@ CURLcode ftp_perform(struct connectdata *conn,
else {
/* We have chosen (this is default) to use the PASV command */
result = ftp_use_pasv(conn, connected);
if(!result && *connected)
if(CURLE_OK == result && *connected)
infof(data, "Connected the data stream with PASV!\n");
}