1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
Backport of:
From 1397a7de6e312e019a3b339f855ba0a5cafa9127 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 21 Sep 2020 09:15:51 +0200
Subject: [PATCH] ftp: separate FTPS from FTP over "HTTPS proxy"
When using HTTPS proxy, SSL is used but not in the view of the FTP
protocol handler itself so separate the connection's use of SSL from the
FTP control connection's sue.
Reported-by: Mingtao Yang
Fixes #5523
Closes #6006
Upstream-Status: backport from 7.68.0-1ubuntu2.7
Signed-off-by: Mike Crowe <mac@mcrowe.com>
---
lib/ftp.c | 13 ++++++-------
lib/urldata.h | 1 +
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/lib/ftp.c b/lib/ftp.c
index 3382772..677527f 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -2488,7 +2488,7 @@ static CURLcode ftp_state_loggedin(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
- if(conn->ssl[FIRSTSOCKET].use) {
+ if(conn->bits.ftp_use_control_ssl) {
/* PBSZ = PROTECTION BUFFER SIZE.
The 'draft-murray-auth-ftp-ssl' (draft 12, page 7) says:
@@ -2633,11 +2633,8 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
}
#endif
- if(data->set.use_ssl &&
- (!conn->ssl[FIRSTSOCKET].use ||
- (conn->bits.proxy_ssl_connected[FIRSTSOCKET] &&
- !conn->proxy_ssl[FIRSTSOCKET].use))) {
- /* We don't have a SSL/TLS connection yet, but FTPS is
+ if(data->set.use_ssl && !conn->bits.ftp_use_control_ssl) {
+ /* We don't have a SSL/TLS control connection yet, but FTPS is
requested. Try a FTPS connection now */
ftpc->count3 = 0;
@@ -2682,6 +2679,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
result = Curl_ssl_connect(conn, FIRSTSOCKET);
if(!result) {
conn->bits.ftp_use_data_ssl = FALSE; /* clear-text data */
+ conn->bits.ftp_use_control_ssl = TRUE; /* SSL on control */
result = ftp_state_user(conn);
}
}
@@ -3072,7 +3070,7 @@ static CURLcode ftp_block_statemach(struct connectdata *conn)
*
*/
static CURLcode ftp_connect(struct connectdata *conn,
- bool *done) /* see description above */
+ bool *done) /* see description above */
{
CURLcode result;
struct ftp_conn *ftpc = &conn->proto.ftpc;
@@ -3093,6 +3091,7 @@ static CURLcode ftp_connect(struct connectdata *conn,
result = Curl_ssl_connect(conn, FIRSTSOCKET);
if(result)
return result;
+ conn->bits.ftp_use_control_ssl = TRUE;
}
Curl_pp_init(pp); /* init the generic pingpong data */
diff --git a/lib/urldata.h b/lib/urldata.h
index ff2d686..d1fb4a9 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -461,6 +461,7 @@ struct ConnectBits {
EPRT doesn't work we disable it for the forthcoming
requests */
BIT(ftp_use_data_ssl); /* Enabled SSL for the data connection */
+ BIT(ftp_use_control_ssl); /* Enabled SSL for the control connection */
#endif
BIT(netrc); /* name+password provided by netrc */
BIT(userpwd_in_url); /* name+password found in url */
|
