]> git.ipfire.org Git - thirdparty/curl.git/commitdiff
projects / thirdparty / curl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 62b8a4d)
curl: warn for --ssl use, considered insecure
authorDaniel Stenberg <daniel@haxx.se>
Fri, 16 Sep 2022 17:03:49 +0000 (19:03 +0200)
committerDaniel Stenberg <daniel@haxx.se>
Fri, 16 Sep 2022 19:27:20 +0000 (21:27 +0200)
Closes #9519

docs/cmdline-opts/ssl.d patch | blob | blame | history
src/tool_getparam.c patch | blob | blame | history

diff --git a/docs/cmdline-opts/ssl.d b/docs/cmdline-opts/ssl.d
index e9f23a38529abacfee7740fbe357698382d44965..b46c1eaba3e93de8d9eeeeffc7c89c6adb0e357b 100644 (file)
--- a/docs/cmdline-opts/ssl.d
+++ b/docs/cmdline-opts/ssl.d
@@ -6,8 +6,11 @@ Protocols: FTP IMAP POP3 SMTP LDAP
 Added: 7.20.0
 Category: tls
 Example: --ssl pop3://example.com/
-See-also: insecure ciphers
+See-also: ssl-reqd insecure ciphers
 ---
+Warning: this is considered an insecure option. Consider using --ssl-reqd
+instead to be sure curl upgrades to a secure connection.
+
 Try to use SSL/TLS for the connection. Reverts to a non-secure connection if
 the server does not support SSL/TLS. See also --ftp-ssl-control and --ssl-reqd
 for different levels of encryption required.
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 6b1e1d0a7479925294858f0a88746d600812d58c..351b07ad119becf9bfdbe8eff00ab0a85ba4661a 100644 (file)
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -1007,6 +1007,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
         if(toggle && !(curlinfo->features & CURL_VERSION_SSL))
           return PARAM_LIBCURL_DOESNT_SUPPORT;
         config->ftp_ssl = toggle;
+        if(config->ftp_ssl)
+          warnf(global,
+                "--ssl is an insecure option, consider --ssl-reqd instead\n");
         break;
       case 'b': /* --ftp-pasv */
         Curl_safefree(config->ftpport);
Mirror of https://github.com/curl/curl.git