Changelog
Daniel (16 September 2004)
+- Daniel at touchtunes uses the FTP+SSL server "BSDFTPD-SSL from
+ http://bsdftpd-ssl.sc.ru/" which accordingly doesn't properly work with curl
+ when "AUTH SSL" is issued (although the server responds fine and everything)
+ but requires that curl issues "AUTH TLS" instead. See
+ http://curl.haxx.se/feedback/display.cgi?id=10951944937603&support=yes
+
+ Introducing CURLOPT_FTPSSLAUTH that allows the application to select which
+ of the AUTH strings to attempt first.
+
- Anonymous filed bug report #1029478 which identified a bug when you 1) used
a URL without properly seperating the host name and the parameters with a
slash. 2) the URL had parameters to the right of a ? that contains a slash
Test case 187 was added to verify that this was fixed properly.
Daniel (11 September 2004)
-- Added parsedate.[ch] that contains a rewrite of the date parser currently
+- Added parsedate.c that contains a rewrite of the date parser currently
provided by getdate.y. The new one is MUCH smaller and will allow us to run
away from the yacc/bison jungle. It is also slightly lacking in features
compared to the old one, but it supports parsing of all date formats HTTP
This release includes the following changes:
+ o added CURLOPT_FTPSSLAUTH
o curl_getdate() completely rewritten, which may affect curl -z use cases.
This release includes the following bugfixes:
Casey O'Donnell, Roland Krikava, Alex, Alexander Krasnostavsky, Kjetil
Jacobsen, Ling Thio, Roman Koifman, Harshal Pradhan, Jonas Forsman, David
- Tarendash
+ Tarendash, Daniel at touchtunes
Thanks! (and sorry if I forgot to mention someone)
.IP CURLFTPSSL_ALL
Require SSL for all communication or fail with \fICURLE_FTP_SSL_FAILED\fP.
.RE
+.IP CURLOPT_FTPSSLAUTH
+Pass a long using one of the values from below, to alter how libcurl issues
+\&"AUTH TLS" or "AUTH SSL" when FTP over SSL is activated (see
+\fICURLOPT_FTP_SSL\fP).
+.RS
+.IP CURLFTPAUTH_DEFAULT
+Allow libcurl to decide
+.IP CURLFTPAUTH_SSL
+Try "AUTH SSL" first, and only if that fails try "AUTH TLS"
+.IP CURLFTPAUTH_TLS
+Try "AUTH TLS" first, and only if that fails try "AUTH SSL"
+.RE
.SH PROTOCOL OPTIONS
.IP CURLOPT_TRANSFERTEXT
A non-zero parameter tells the library to use ASCII mode for ftp transfers,
#define CURL_ERROR_SIZE 256
+/* parameter for the CURLOPT_FTP_SSL option */
typedef enum {
CURLFTPSSL_NONE, /* do not attempt to use SSL */
CURLFTPSSL_TRY, /* try using SSL, proceed anyway otherwise */
CURLFTPSSL_LAST /* not an option, never use */
} curl_ftpssl;
+/* parameter for the CURLOPT_FTPSSLAUTH option */
+typedef enum {
+ CURLFTPAUTH_DEFAULT, /* let libcurl decide */
+ CURLFTPAUTH_SSL, /* use "AUTH SSL" */
+ CURLFTPAUTH_TLS, /* use "AUTH TLS" */
+ CURLFTPAUTH_LAST /* not an option, never use */
+} curl_ftpauth;
+
/* long may be 32 or 64 bits, but we should never depend on anything else
but 32 */
#define CURLOPTTYPE_LONG 0
of commands with this */
CINIT(SOURCE_POSTQUOTE, OBJECTPOINT, 128),
+ /* When FTP over SSL/TLS is selected (with CURLOPT_FTP_SSL), this option
+ can be used to change libcurl's default action which is to first try
+ "AUTH SSL" and then "AUTH TLS" in this order, and proceed when a OK
+ response has been received.
+
+ Available parameters are:
+ CURLFTPAUTH_DEFAULT - let libcurl decide
+ CURLFTPAUTH_SSL - try "AUTH SSL" first, then TLS
+ CURLFTPAUTH_TLS - try "AUTH TLS" first, then SSL
+ */
+ CINIT(FTPSSLAUTH, LONG, 129),
+
CURLOPT_LASTENTRY /* the last unused */
} CURLoption;
if(data->set.ftp_ssl && !conn->ssl[FIRSTSOCKET].use) {
/* we don't have a SSL/TLS connection, try a FTPS connection now */
+ int start;
+ int trynext;
+ int count=0;
+
+ switch(data->set.ftpsslauth) {
+ case CURLFTPAUTH_DEFAULT:
+ case CURLFTPAUTH_SSL:
+ start = 0;
+ trynext = 1;
+ break;
+ case CURLFTPAUTH_TLS:
+ start = 1;
+ trynext = 0;
+ break;
+ default:
+ failf(data, "unsupported parameter to CURLOPT_FTPSSLAUTH: %d\n",
+ data->set.ftpsslauth);
+ return CURLE_FAILED_INIT; /* we don't know what to do */
+ }
- for (try = 0; ftpauth[try]; try++) {
+ for (try = start; ftpauth[count]; try=trynext, count++) {
FTPSENDF(conn, "AUTH %s", ftpauth[try]);
data->set.ftp_ssl = (curl_ftpssl)va_arg(param, long);
break;
+ case CURLOPT_FTPSSLAUTH:
+ /*
+ * Set a specific auth for FTP-SSL transfers.
+ */
+ data->set.ftpsslauth = (curl_ftpauth)va_arg(param, long);
+ break;
+
case CURLOPT_IPRESOLVE:
data->set.ip_version = va_arg(param, long);
break;
bool ftp_use_epsv; /* if EPSV is to be attempted or not */
bool ftp_use_eprt; /* if EPRT is to be attempted or not */
curl_ftpssl ftp_ssl; /* if AUTH TLS is to be attempted etc */
+ curl_ftpauth ftpsslauth; /* what AUTH XXX to be attempted */
bool no_signal; /* do not use any signal/alarm handler */
bool global_dns_cache; /* subject for future removal */
bool tcp_nodelay; /* whether to enable TCP_NODELAY or not */
projects / curl / commitdiff