cURL / Mailing Lists / curl-library / Single Mail

curl-library

Force SSL for Active Mode FTPS does not force

From: <curl.ronnyliu_at_spamgourmet.com>
Date: Mon, 9 Mar 2009 21:26:33 -0700 (PDT)

Hello, I am using curl version 7.12.3 on a Linux box. I have access to a command line version of curl 7.15.5 and tested with that also (I know it is a little outdated). I am attempting to write code to do an explicit ftps using active mode. My code uses the flags:

   curl_easy_setopt(curl, CURLOPT_FTP_SSL, CURLFTPSSL_CONTROL);
   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false);
   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, false);
   curl_easy_setopt(curl, CURLOPT_FTPPORT, '-');
   curl_easy_setopt(curl, CURLOPT_URL, "ftp://<ip>/tmp");

which I translated to this for the command line utility:

   curl --ftp-ssl --verbose --ftp-port - -disable-eprt --insecure ftp://<ip>/tmp

I have two ftp servers, one is setup to accept FTPS the other is not. When I run the above command against the FTPS server, I successfully connect via FTPS.

curl --ftp-ssl --verbose --ftp-port - -disable-eprt --insecure --user xxx:xxx ftp://<ftpsServer>/tmp
* About to connect() to ftpsServer port 21
*   Trying <ip>... connected
* Connected to ftpsServer (<ip>) port 21
> AUTH SSL
< 234 Proceed with negotiation.
* successfully set certificate verify locations:
... etc
* SSL certificate verify result: self signed certificate (18), continuing anyway.
> USER xxx
< 331 Please specify the password.
> PASS xxx
< 230 Login successful.
> PBSZ 0
< 200 PBSZ set to 0.
> PROT P
< 200 PROT now Private.
> PWD
< 257 "/home/xxx"
* Entry path is '/home/xxx'
> PORT <ip>,134,100
< 200 PORT command successful. Consider using PASV.
* Connect data stream actively
> TYPE A
< 200 Switching to ASCII mode.
> LIST
< 150 Here comes the directory listing.
* Connection accepted from server
... etc

When I connect to the FTP only server, I successfully connect. However, I thought the behavior of setting --ftp-ssl or the "CURLOPT_FTP_SSL/CURLOPT_USE_SSL" flag should result in the error "CURLE_USE_SSL_FAILED" to be returned if unable to connect via SSL.

curl --ftp-ssl --verbose --ftp-port - -disable-eprt --insecure --user xxx:xxx ftp://<ftpOnlyServer>/tmp
* About to connect() to ftpOnlyServer port 21
*   Trying <ip>... connected
* Connected to ftpOnlyServer (<ip>) port 21
< 220 (vsFTPd 2.0.1)
> AUTH SSL
< 530 Please login with USER and PASS.
> AUTH TLS
< 530 Please login with USER and PASS.
> USER xxx
< 331 Please specify the password.
> PASS xxx
< 230 Login successful.
> PWD
< 257 "/home/xxx"
* Entry path is '/home/xxx'
> PORT <ip>,134,129
< 200 PORT command successful. Consider using PASV.
* Connect data stream actively
> TYPE A
< 200 Switching to ASCII mode.
> LIST
< 150 Here comes the directory listing.
* Connection accepted from server
... etc

Am I forgetting something? Any help would be appreciated. If this is fixed in a later release, do you know the version? I need approval before I can request a more recent version to be installed (I know it is a hassle). Thanks.
- Ronny Liu
Received on 2009-03-10