From: Stefan Eissing <stefan@eissing.org>
Date: Fri, 18 Nov 2022 20:33:37 +0000 (+0100)
Subject: ftp: fix "AUTH TLS" on primary conn and for SSL in PASV second conn
X-Git-Tag: curl-7_87_0~131
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8ed97ad2bd5a2e94f649a96a415c655c2f898490;p=thirdparty%2Fcurl.git

ftp: fix "AUTH TLS" on primary conn and for SSL in PASV second conn

Follow-up to dafdb20a26d0c89

Reported-by: Anthony Hu
Closes #9948
---

diff --git a/lib/ftp.c b/lib/ftp.c
index 4f7c12faa8..f25d17a7a9 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -2747,6 +2747,13 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
       if((ftpcode == 234) || (ftpcode == 334)) {
         /* this was BLOCKING, keep it so for now */
         bool done;
+        if(!Curl_cfilter_ssl_added(data, conn, FIRSTSOCKET)) {
+          result = Curl_cfilter_ssl_add(data, conn, FIRSTSOCKET);
+          if(result) {
+            /* we failed and bail out */
+            return CURLE_USE_SSL_FAILED;
+          }
+        }
         result = Curl_cfilter_connect(data, conn, FIRSTSOCKET, TRUE, &done);
         if(!result) {
           conn->bits.ftp_use_data_ssl = FALSE; /* clear-text data */
@@ -3557,7 +3564,8 @@ static CURLcode ftp_do_more(struct Curl_easy *data, int *completep)
   if(conn->cfilter[SECONDARYSOCKET]) {
     result = Curl_cfilter_connect(data, conn, SECONDARYSOCKET,
                                   FALSE, &connected);
-    if(result || !connected) {
+    if(result ||
+      (!connected && conn->sock[SECONDARYSOCKET] == CURL_SOCKET_BAD)) {
       if(result && (ftpc->count1 == 0)) {
         *completep = -1; /* go back to DOING please */
         /* this is a EPSV connect failing, try PASV instead */