1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
Description: support TLS authentication and (optional) data connection encryption
Netkit-ftp-ssl now supports TLS authentication and (optional) data
connection encryption according to
http://www.ietf.org/internet-drafts/draft-murray-auth-ftp-ssl-16.txt .
.
The default is to fall back to insecure authentication if AUTH TLS is not
supported by the server to match the current behaviour of the AUTH SSL code.
.
If you specify "-z secure", then encryption of both the control and the data
connection are required.
Author: Andreas Oberritter <obi@saftware.de>
Origin: http://www.saftware.de/patches/ftp_tls.diff
Forwarded: no
Last-Update: 2010-04-06
Index: netkit-ftp-ssl/ftp/ftp.c
===================================================================
--- netkit-ftp-ssl.orig/ftp/ftp.c 2010-07-04 00:00:58.000000000 +0100
+++ netkit-ftp-ssl/ftp/ftp.c 2010-07-04 00:00:58.000000000 +0100
@@ -2098,8 +2098,13 @@
int n;
#ifdef USE_SSL
+ int use_tls = 0;
if (ssl_enabled) {
n = command("AUTH SSL");
+ if (n == ERROR) {
+ use_tls = 1;
+ n = command("AUTH TLS");
+ }
if (n == ERROR) { /* do normal USER/PASS */
printf("SSL not available\n");
/* spit the dummy as we will only talk ssl
@@ -2153,6 +2158,17 @@
ssl_active_flag=1;
}
+ if (use_tls) {
+ (void) command("PBSZ 0");
+ if (command("PROT P") != COMPLETE)
+ ssl_encrypt_data = 0;
+ }
+
+ if (!ssl_encrypt_data && ssl_secure_flag) {
+ fprintf(stderr, "Data connection security level refused.\n");
+ return ERROR;
+ }
+
n = command("USER %s",u);
if (n == CONTINUE) {
if(p == NULL)
|
