Mike Protts added --ftp-ssl-control to make curl use FTP-SSL, but only

encrypt the control connection and use the data connection "plain".

diff --git a/CHANGES b/CHANGES
index 510c0ad3f853b3891b5507df9b3cda031098c8eb..7c60922f4d1118554436d2f47778a9ff77cb4176 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,9 @@
                                   Changelog
 
 Daniel (23 September 2006)
+- Mike Protts added --ftp-ssl-control to make curl use FTP-SSL, but only
+  encrypt the control connection and use the data connection "plain".
+
 - Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better
   as it now will read the full data sent from servers. The SOCKS-related code
   was also moved to the new lib/socks.c source file.

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 4a5c6c85de20342a9b8d79fe77abade78501b2a3..769a20552a6483a2ed40b9b504c4c3ee6dad0101 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -11,6 +11,7 @@ Curl and libcurl 7.16.0
 
 This release includes the following changes:
 
+ o (FTP) --ftp-ssl-control was added
  o CURLOPT_SSL_SESSIONID_CACHE and --no-sessionid added
  o CURLMOPT_PIPELINING added for enabling pipelined transfers
  o multi handles now have a shared connection cache
@@ -52,6 +53,7 @@ advice from friends like these:
 
  Domenico Andreoli, Armel Asselin, Gisle Vanem, Yang Tse, Andrew Biggs,
  Peter Sylvester, David McCreedy, Dmitriy Sergeyev, Dmitry Rechkin,
- Jari Sundell, Ravi Pratap, Michele Bini, Jeff Pohlmeyer, Michael Wallner
+ Jari Sundell, Ravi Pratap, Michele Bini, Jeff Pohlmeyer, Michael Wallner,
+ Mike Protts
 
         Thanks! (and sorry if I forgot to mention someone)

diff --git a/docs/curl.1 b/docs/curl.1
index 057d265f3a0850e25743064af5fd05b106289948..2262e7295d61320b57fedaec79d2618072f5491c 100644 (file)
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -412,9 +412,16 @@ This option has no effect if PORT, EPRT or EPSV is used instead of PASV.
 If this option is used twice, the second will again use the server's suggested
 address.
 .IP "--ftp-ssl"
-(FTP) Try to use SSL/TLS for the FTP connection.
-Reverts to a non-secure connection if the server doesn't support SSL/TLS.
-(Added in 7.11.0)
+(FTP) Try to use SSL/TLS for the FTP connection.  Reverts to a non-secure
+connection if the server doesn't support SSL/TLS.  See also
+\fI--ftp-ssl-control\fP and \fI--ftp-ssl-reqd\fP for different levels of
+encryption required. (Added in 7.11.0)
+
+If this option is used twice, the second will again disable this.
+.IP "--ftp-ssl-control"
+(FTP) Try SSL/TLS for the ftp login, clear for transfer.  Allows secure
+authentication, but non-encrypted data transfers for efficiency.  Fails the
+transfer if the server doesn't support SSL/TLS.  (Added in 7.16.0)
 
 If this option is used twice, the second will again disable this.
 .IP "--ftp-ssl-reqd"

diff --git a/src/main.c b/src/main.c
index fda0f2bb423b580f64f8bd72925f31938f8e3167..2a433cae5d60e97be72be9b54eeb2a1fab405b73 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -339,6 +339,7 @@ struct Configurable {
   size_t lastrecvsize;
   bool ftp_ssl;
   bool ftp_ssl_reqd;
+  bool ftp_ssl_control;
 
   char *socksproxy; /* set to server string */
   int socksver;     /* set to CURLPROXY_SOCKS* define */
@@ -519,6 +520,7 @@ static void help(void)
     "    --ftp-pasv      Use PASV/EPSV instead of PORT (F)",
     "    --ftp-skip-pasv-ip Skip the IP address for PASV (F)\n"
     "    --ftp-ssl       Try SSL/TLS for the ftp transfer (F)",
+    "    --ftp-ssl-control Try SSL/TLS for the ftp login, clear for transfer (F)",
     "    --ftp-ssl-reqd  Require SSL/TLS for the ftp transfer (F)",
     " -F/--form <name=content> Specify HTTP multipart POST data (H)",
     "    --form-string <name=string> Specify HTTP multipart POST data (H)",
@@ -1351,6 +1353,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
     {"$u", "ftp-alternative-to-user", TRUE},
     {"$v", "ftp-ssl-reqd", FALSE},
     {"$w", "no-sessionid", FALSE},
+    {"$x", "ftp-ssl-control", FALSE},
 
     {"0", "http1.0",     FALSE},
     {"1", "tlsv1",       FALSE},
@@ -1801,6 +1804,9 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
       case 'w': /* --no-sessionid */
         config->disable_sessionid ^= TRUE;
         break;
+      case 'x': /* --ftp-ssl-control */
+        config->ftp_ssl_control ^= TRUE;
+        break;
       }
       break;
     case '#': /* --progress-bar */
@@ -3991,14 +3997,18 @@ operate(struct Configurable *config, int argc, char *argv[])
         else
           curl_easy_setopt(curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_WHATEVER);
 
-        /* new in curl 7.11.0 */
-        if(config->ftp_ssl)
-          curl_easy_setopt(curl, CURLOPT_FTP_SSL, CURLFTPSSL_TRY);
-
         /* new in curl 7.15.5 */
         if(config->ftp_ssl_reqd)
           curl_easy_setopt(curl, CURLOPT_FTP_SSL, CURLFTPSSL_ALL);
 
+        /* new in curl 7.11.0 */
+        else if(config->ftp_ssl)
+          curl_easy_setopt(curl, CURLOPT_FTP_SSL, CURLFTPSSL_TRY);
+
+        /* new in curl 7.16.0 */
+        else if(config->ftp_ssl_control)
+          curl_easy_setopt(curl, CURLOPT_FTP_SSL, CURLFTPSSL_CONTROL);
+
         /* new in curl 7.11.1, modified in 7.15.2 */
         if(config->socksproxy) {
           curl_easy_setopt(curl, CURLOPT_PROXY, config->socksproxy);