[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 182/411: ftp: separate FTPS from FTP over "HTTPS proxy"
|
From: |
gnunet |
|
Subject: |
[gnurl] 182/411: ftp: separate FTPS from FTP over "HTTPS proxy" |
|
Date: |
Wed, 13 Jan 2021 01:19:57 +0100 |
This is an automated email from the git hooks/post-receive script.
nikita pushed a commit to branch master
in repository gnurl.
commit 1397a7de6e312e019a3b339f855ba0a5cafa9127
Author: Daniel Stenberg <daniel@haxx.se>
AuthorDate: Mon Sep 21 09:15:51 2020 +0200
ftp: separate FTPS from FTP over "HTTPS proxy"
When using HTTPS proxy, SSL is used but not in the view of the FTP
protocol handler itself so separate the connection's use of SSL from the
FTP control connection's sue.
Reported-by: Mingtao Yang
Fixes #5523
Closes #6006
---
lib/ftp.c | 16 ++++++----------
lib/urldata.h | 1 +
tests/data/test1631 | 2 --
tests/data/test1632 | 2 --
4 files changed, 7 insertions(+), 14 deletions(-)
diff --git a/lib/ftp.c b/lib/ftp.c
index a5083be04..3fd9cea2c 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -2508,7 +2508,7 @@ static CURLcode ftp_state_loggedin(struct connectdata
*conn)
{
CURLcode result = CURLE_OK;
- if(conn->ssl[FIRSTSOCKET].use) {
+ if(conn->bits.ftp_use_control_ssl) {
/* PBSZ = PROTECTION BUFFER SIZE.
The 'draft-murray-auth-ftp-ssl' (draft 12, page 7) says:
@@ -2659,14 +2659,8 @@ static CURLcode ftp_statemach_act(struct connectdata
*conn)
}
#endif
- if(data->set.use_ssl &&
- (!conn->ssl[FIRSTSOCKET].use
-#ifndef CURL_DISABLE_PROXY
- || (conn->bits.proxy_ssl_connected[FIRSTSOCKET] &&
- !conn->proxy_ssl[FIRSTSOCKET].use)
-#endif
- )) {
- /* We don't have a SSL/TLS connection yet, but FTPS is
+ if(data->set.use_ssl && !conn->bits.ftp_use_control_ssl) {
+ /* We don't have a SSL/TLS control connection yet, but FTPS is
requested. Try a FTPS connection now */
ftpc->count3 = 0;
@@ -2708,6 +2702,7 @@ static CURLcode ftp_statemach_act(struct connectdata
*conn)
result = Curl_ssl_connect(conn, FIRSTSOCKET);
if(!result) {
conn->bits.ftp_use_data_ssl = FALSE; /* clear-text data */
+ conn->bits.ftp_use_control_ssl = TRUE; /* SSL on control */
result = ftp_state_user(conn);
}
}
@@ -3089,7 +3084,7 @@ static CURLcode ftp_block_statemach(struct connectdata
*conn)
*
*/
static CURLcode ftp_connect(struct connectdata *conn,
- bool *done) /* see description above */
+ bool *done) /* see description above */
{
CURLcode result;
struct ftp_conn *ftpc = &conn->proto.ftpc;
@@ -3110,6 +3105,7 @@ static CURLcode ftp_connect(struct connectdata *conn,
result = Curl_ssl_connect(conn, FIRSTSOCKET);
if(result)
return result;
+ conn->bits.ftp_use_control_ssl = TRUE;
}
Curl_pp_setup(pp); /* once per transfer */
diff --git a/lib/urldata.h b/lib/urldata.h
index d0a0625cd..5ee81770e 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -469,6 +469,7 @@ struct ConnectBits {
EPRT doesn't work we disable it for the forthcoming
requests */
BIT(ftp_use_data_ssl); /* Enabled SSL for the data connection */
+ BIT(ftp_use_control_ssl); /* Enabled SSL for the control connection */
#endif
BIT(netrc); /* name+password provided by netrc */
BIT(bound); /* set true if bind() has already been done on this socket/
diff --git a/tests/data/test1631 b/tests/data/test1631
index cd36b1d9b..878511908 100644
--- a/tests/data/test1631
+++ b/tests/data/test1631
@@ -74,8 +74,6 @@ Proxy-Connection: Keep-Alive
<protocol>
USER anonymous
PASS ftp@example.com
-PBSZ 0
-PROT P
PWD
EPSV
TYPE I
diff --git a/tests/data/test1632 b/tests/data/test1632
index b10b2a68a..94577efdd 100644
--- a/tests/data/test1632
+++ b/tests/data/test1632
@@ -89,8 +89,6 @@ Proxy-Connection: Keep-Alive
<protocol>
USER anonymous
PASS ftp@example.com
-PBSZ 0
-PROT P
PWD
EPSV
TYPE I
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [gnurl] 142/411: travis: use libressl v3.1.4 instead of master, (continued)
- [gnurl] 142/411: travis: use libressl v3.1.4 instead of master, gnunet, 2021/01/12
- [gnurl] 156/411: easy_reset: clear retry counter, gnunet, 2021/01/12
- [gnurl] 140/411: tests/FILEFORMAT: document nonewline support for <file>, gnunet, 2021/01/12
- [gnurl] 153/411: github: remove the duplicate "Security vulnerability" entry, gnunet, 2021/01/12
- [gnurl] 158/411: RELEASE-NOTES: synced, gnunet, 2021/01/12
- [gnurl] 183/411: Curl_send: return error when pre_receive_plain can't malloc, gnunet, 2021/01/12
- [gnurl] 162/411: docs/TheArtOfHttpScripting: convert to markdown, gnunet, 2021/01/12
- [gnurl] 149/411: multi: reuse WinSock events variable in Curl_multi_wait, gnunet, 2021/01/12
- [gnurl] 148/411: TODO: dynamically decide to use socketpair, gnunet, 2021/01/12
- [gnurl] 139/411: tool_writeout: add new writeout variable, %{num_headers}, gnunet, 2021/01/12
- [gnurl] 182/411: ftp: separate FTPS from FTP over "HTTPS proxy",
gnunet <=
- [gnurl] 197/411: configure: use "no" instead of "disabled" for the end summary, gnunet, 2021/01/12
- [gnurl] 232/411: CI/tests: use verification curl for test reporting APIs, gnunet, 2021/01/12
- [gnurl] 233/411: strerror: Revert to local codepage for Windows error string, gnunet, 2021/01/12
- [gnurl] 226/411: mbedtls: add missing header when defining MBEDTLS_DEBUG, gnunet, 2021/01/12
- [gnurl] 159/411: CHECKSRC: document two missing warnings, gnunet, 2021/01/12
- [gnurl] 133/411: curl: make file2memory use dynbuf, gnunet, 2021/01/12
- [gnurl] 154/411: man pages: switch to https://example.com URLs, gnunet, 2021/01/12
- [gnurl] 259/411: packages/OS400: make the source code-style compliant, gnunet, 2021/01/12
- [gnurl] 241/411: src/tool_filetime: disable -Wformat on mingw for this file, gnunet, 2021/01/12
- [gnurl] 132/411: curl: make file2string use dynbuf, gnunet, 2021/01/12