Re: [PATCH] Support FTP-over-SSL/TLS for regular FTP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

Sunday 24 February 2013 22:44:14 rašė:
> Modestas Vainius <modestas@xxxxxxxxxx> writes:
> > Hello,
> > 
> > Saturday 12 January 2013 06:25:21 rašė:
> >> On Sat, Jan 12, 2013 at 03:59:52PM +0200, Modestas Vainius wrote:
> >> > @@ -306,6 +311,11 @@ static CURL *get_curl_handle(void)
> >> > 
> >> >  	if (curl_ftp_no_epsv)
> >> >  	
> >> >  		curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0);
> >> > 
> >> > +#ifdef CURLOPT_USE_SSL
> >> > +    if (curl_ssl_try)
> >> > +		curl_easy_setopt(result, CURLOPT_USE_SSL, CURLUSESSL_TRY);
> >> > +#endif
> >> > +
> >> > 
> >> >  	if (curl_http_proxy) {
> >> >  	
> >> >  		curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy);
> >> >  		curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
> >> 
> >> It looks like the indentation of the "if" line you added is messed up.
> > 
> > Yeah, sorry about that. I will fix it.
> 
> Did anything happen to this topic since then?

I'm very sorry about delay. Fixed patch is below.

>From 4f39352fe8dd85aa99f2141baa6a096da727c53e Mon Sep 17 00:00:00 2001
From: Modestas Vainius <modestas@xxxxxxxxxx>
Date: Sun, 7 Apr 2013 22:08:10 +0300
Subject: [PATCH] Support FTP-over-SSL/TLS for regular FTP

Add a boolean http.sslTry option which allows to enable AUTH SSL/TLS and
encrypted data transfers when connecting via regular FTP protocol.

Default is false since it might trigger certificate verification errors on
misconfigured servers.

Signed-off-by: Modestas Vainius <modestas@xxxxxxxxxx>
---
 Documentation/config.txt |    8 ++++++++
 http.c                   |   10 ++++++++++
 http.h                   |    9 +++++++++
 3 files changed, 27 insertions(+)

diff --git a/Documentation/config.txt b/Documentation/config.txt
index f79184c..da30cfd 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -1447,6 +1447,14 @@ http.sslCAPath::
 	with when fetching or pushing over HTTPS. Can be overridden
 	by the 'GIT_SSL_CAPATH' environment variable.
 
+http.sslTry::
+	Attempt to use AUTH SSL/TLS and encrypted data transfers
+	when connecting via regular FTP protocol. This might be needed
+	if the FTP server requires it for security reasons or you wish
+	to connect securely whenever remote FTP server supports it.
+	Default is false since it might trigger certificate verification
+	errors on misconfigured servers.
+
 http.maxRequests::
 	How many HTTP requests to launch in parallel. Can be overridden
 	by the 'GIT_HTTP_MAX_REQUESTS' environment variable. Default is 5.
diff --git a/http.c b/http.c
index 8803c70..f791fcb 100644
--- a/http.c
+++ b/http.c
@@ -31,6 +31,7 @@ static CURL *curl_default;
 char curl_errorstr[CURL_ERROR_SIZE];
 
 static int curl_ssl_verify = -1;
+static int curl_ssl_try;
 static const char *ssl_cert;
 #if LIBCURL_VERSION_NUM >= 0x070903
 static const char *ssl_key;
@@ -163,6 +164,10 @@ static int http_options(const char *var, const char *value, void *cb)
 			ssl_cert_password_required = 1;
 		return 0;
 	}
+	if (!strcmp("http.ssltry", var)) {
+		curl_ssl_try = git_config_bool(var, value);
+		return 0;
+	}
 	if (!strcmp("http.minsessions", var)) {
 		min_curl_sessions = git_config_int(var, value);
 #ifndef USE_CURL_MULTI
@@ -307,6 +312,11 @@ static CURL *get_curl_handle(void)
 	if (curl_ftp_no_epsv)
 		curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0);
 
+#ifdef CURLOPT_USE_SSL
+	if (curl_ssl_try)
+		curl_easy_setopt(result, CURLOPT_USE_SSL, CURLUSESSL_TRY);
+#endif
+
 	if (curl_http_proxy) {
 		curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy);
 		curl_easy_setopt(result, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
diff --git a/http.h b/http.h
index 25d1931..097514d 100644
--- a/http.h
+++ b/http.h
@@ -42,6 +42,15 @@
 #define NO_CURL_IOCTL
 #endif
 
+/*
+ * CURLOPT_USE_SSL was known as CURLOPT_FTP_SSL up to 7.16.4,
+ * and the constants were known as CURLFTPSSL_*
+*/
+#if !defined(CURLOPT_USE_SSL) && defined(CURLOPT_FTP_SSL)
+#define CURLOPT_USE_SSL CURLOPT_FTP_SSL
+#define CURLUSESSL_TRY CURLFTPSSL_TRY
+#endif
+
 struct slot_results {
 	CURLcode curl_result;
 	long http_code;
-- 
1.7.10.4



-- 
Modestas Vainius <modestas@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]