ftp: separate FTPS from FTP over "HTTPS proxy"

When using HTTPS proxy, SSL is used but not in the view of the FTP
protocol handler itself so separate the connection's use of SSL from the
FTP control connection's sue.

Reported-by: Mingtao Yang
Fixes #5523
Closes #6006

diff --git a/lib/ftp.c b/lib/ftp.c
index a5083be04dd67635fdd16de835d7003e40a8c06f..3fd9cea2c4cd21e93ccf9fe1f5a825d84f65b5dd 100644 (file)
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -2508,7 +2508,7 @@ static CURLcode ftp_state_loggedin(struct connectdata *conn)
 {
   CURLcode result = CURLE_OK;
 
-  if(conn->ssl[FIRSTSOCKET].use) {
+  if(conn->bits.ftp_use_control_ssl) {
     /* PBSZ = PROTECTION BUFFER SIZE.
 
     The 'draft-murray-auth-ftp-ssl' (draft 12, page 7) says:
@@ -2659,14 +2659,8 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
       }
 #endif
 
-      if(data->set.use_ssl &&
-         (!conn->ssl[FIRSTSOCKET].use
-#ifndef CURL_DISABLE_PROXY
-          || (conn->bits.proxy_ssl_connected[FIRSTSOCKET] &&
-              !conn->proxy_ssl[FIRSTSOCKET].use)
-#endif
-           )) {
-        /* We don't have a SSL/TLS connection yet, but FTPS is
+      if(data->set.use_ssl && !conn->bits.ftp_use_control_ssl) {
+        /* We don't have a SSL/TLS control connection yet, but FTPS is
            requested. Try a FTPS connection now */
 
         ftpc->count3 = 0;
@@ -2708,6 +2702,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
         result = Curl_ssl_connect(conn, FIRSTSOCKET);
         if(!result) {
           conn->bits.ftp_use_data_ssl = FALSE; /* clear-text data */
+          conn->bits.ftp_use_control_ssl = TRUE; /* SSL on control */
           result = ftp_state_user(conn);
         }
       }
@@ -3089,7 +3084,7 @@ static CURLcode ftp_block_statemach(struct connectdata *conn)
  *
  */
 static CURLcode ftp_connect(struct connectdata *conn,
-                                 bool *done) /* see description above */
+                            bool *done) /* see description above */
 {
   CURLcode result;
   struct ftp_conn *ftpc = &conn->proto.ftpc;
@@ -3110,6 +3105,7 @@ static CURLcode ftp_connect(struct connectdata *conn,
     result = Curl_ssl_connect(conn, FIRSTSOCKET);
     if(result)
       return result;
+    conn->bits.ftp_use_control_ssl = TRUE;
   }
 
   Curl_pp_setup(pp); /* once per transfer */

diff --git a/lib/urldata.h b/lib/urldata.h
index d0a0625cdcd913d04485b7c42810920624173c49..5ee81770eaef2a540709481f71c775367f526238 100644 (file)
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -469,6 +469,7 @@ struct ConnectBits {
                          EPRT doesn't work we disable it for the forthcoming
                          requests */
   BIT(ftp_use_data_ssl); /* Enabled SSL for the data connection */
+  BIT(ftp_use_control_ssl); /* Enabled SSL for the control connection */
 #endif
   BIT(netrc);         /* name+password provided by netrc */
   BIT(bound); /* set true if bind() has already been done on this socket/

diff --git a/tests/data/test1631 b/tests/data/test1631
index cd36b1d9b0b366ff37c20813c6b5787ba43065cc..87851190889d7f3cd601b2b4e94d25b05aa20012 100644 (file)
--- a/tests/data/test1631
+++ b/tests/data/test1631
@@ -74,8 +74,6 @@ Proxy-Connection: Keep-Alive
 <protocol>
 USER anonymous\r
 PASS ftp@example.com\r
-PBSZ 0\r
-PROT P\r
 PWD\r
 EPSV\r
 TYPE I\r

diff --git a/tests/data/test1632 b/tests/data/test1632
index b10b2a68ad3d9b1a491ad5d4a47b910a3fc85ba9..94577efddabf82a344b1aa7a972341f3283df52c 100644 (file)
--- a/tests/data/test1632
+++ b/tests/data/test1632
@@ -89,8 +89,6 @@ Proxy-Connection: Keep-Alive
 <protocol>
 USER anonymous\r
 PASS ftp@example.com\r
-PBSZ 0\r
-PROT P\r
 PWD\r
 EPSV\r
 TYPE I\r