return result;
}
+static char *ftpauth[]= {
+ "SSL", "TLS", NULL
+};
+
/*
* Curl_ftp_connect() should do everything that is to be considered a part of
* the connection phase.
char *buf = data->state.buffer; /* this is our buffer */
struct FTP *ftp;
CURLcode result;
- int ftpcode;
+ int ftpcode, try;
ftp = (struct FTP *)malloc(sizeof(struct FTP));
if(!ftp)
return result;
}
-
/* The first thing we do is wait for the "220*" line: */
result = Curl_GetFTPResponse(&nread, conn, &ftpcode);
if(result)
#endif
if(data->set.ftp_ssl && !conn->ssl[FIRSTSOCKET].use) {
- /* we don't have a ssl connection, try a FTPS connection now */
- FTPSENDF(conn, "AUTH TLS", NULL);
+ /* we don't have a SSL/TLS connection, try a FTPS connection now */
- result = Curl_GetFTPResponse(&nread, conn, &ftpcode);
- if(result)
- return result;
+ for (try = 0; ftpauth[try]; try++) {
- /* RFC2228 (page 5) says:
- *
- * If the server is willing to accept the named security mechanism, and
- * does not require any security data, it must respond with reply code
- * 234.
- */
+ FTPSENDF(conn, "AUTH %s", ftpauth[try]);
+
+ result = Curl_GetFTPResponse(&nread, conn, &ftpcode);
- if(234 == ftpcode) {
- result = Curl_SSLConnect(conn, FIRSTSOCKET);
if(result)
return result;
- conn->protocol |= PROT_FTPS;
- conn->ssl[SECONDARYSOCKET].use = FALSE; /* clear-text data */
+
+ /* RFC2228 (page 5) says:
+ *
+ * If the server is willing to accept the named security mechanism, and
+ * does not require any security data, it must respond with reply code
+ * 234/334.
+ */
+
+ if((ftpcode == 234) || (ftpcode == 334)) {
+ result = Curl_SSLConnect(conn, FIRSTSOCKET);
+ if(result)
+ return result;
+ conn->protocol |= PROT_FTPS;
+ conn->ssl[SECONDARYSOCKET].use = FALSE; /* clear-text data */
+ break;
+ }
}
}
/* 230 User ... logged in.
(the user logged in without password) */
infof(data, "We have successfully logged in\n");
+ if (conn->ssl[FIRSTSOCKET].use) {
#ifdef KRB4
/* we are logged in (with Kerberos)
* now set the requested protection level
return result;
}
#endif
+ }
}
else {
failf(data, "Odd return code after USER");
if(conn->ssl[SECONDARYSOCKET].use) {
/* since we only have a plaintext TCP connection here, we must now
do the TLS stuff */
- infof(data, "Doing the SSL/TSL handshake on the data stream\n");
+ infof(data, "Doing the SSL/TLS handshake on the data stream\n");
result = Curl_SSLConnect(conn, SECONDARYSOCKET);
if(result)
return result;
if(conn->ssl[SECONDARYSOCKET].use) {
/* since we only have a plaintext TCP connection here, we must now
do the TLS stuff */
- infof(data, "Doing the SSL/TSL handshake on the data stream\n");
+ infof(data, "Doing the SSL/TLS handshake on the data stream\n");
result = Curl_SSLConnect(conn, SECONDARYSOCKET);
if(result)
return result;
else {
/* We have chosen (this is default) to use the PASV command */
result = ftp_use_pasv(conn, connected);
- if(!result && *connected)
+ if(CURLE_OK == result && *connected)
infof(data, "Connected the data stream with PASV!\n");
}