On Wed, Nov 02, 2005 at 02:22:57PM +0100, PEYRICHOU, Romain (SOGETI-TRANSICIEL
TECHNOLOGY) wrote:
> We are actually using, in hour company an FTP server used in PASV mode. The
> external connections are done (through firewalls) in FTPS.
> The problem is that, if we not use CCC, the firewall can't see server's
> response to PASV command, and can't dinamically open the data port for client.
I see. Please test this patch. Use "set ftp:ssl-use-ccc" to enable CCC usage.
--
Alexander.
Index: ftpclass.cc
===================================================================
RCS file: /home/lav/cvsroot/lftp/src/ftpclass.cc,v
retrieving revision 1.363
diff -u -p -r1.363 ftpclass.cc
--- ftpclass.cc 20 Oct 2005 08:08:57 -0000 1.363
+++ ftpclass.cc 4 Nov 2005 09:46:07 -0000
@@ -1104,6 +1104,9 @@ void Ftp::Connection::SavePeerAddress()
// Create buffers after control socket had been connected.
void Ftp::Connection::MakeBuffers()
{
+ control_ssl=0;
+ delete control_send;
+ delete control_recv;
control_send=new IOBufferFDStream(
new FDStream(control_sock,"control-socket"),IOBuffer::PUT);
control_recv=new IOBufferFDStream(
@@ -1454,6 +1457,11 @@ int Ftp::Do()
{
conn->SendCmd("PBSZ 0");
expect->Push(Expect::IGNORE);
+ if(QueryBool("ssl-use-ccc"))
+ {
+ conn->SendCmd("CCC");
+ expect->Push(Expect::CCC);
+ }
}
#endif // USE_SSL
@@ -1469,7 +1477,8 @@ int Ftp::Do()
if(expect->Has(Expect::FEAT)
|| expect->Has(Expect::OPTS_UTF8)
- || expect->Has(Expect::LANG))
+ || expect->Has(Expect::LANG)
+ || expect->Has(Expect::CCC))
goto usual_return;
if(!conn->utf8_activated && charset && *charset)
@@ -3217,6 +3226,7 @@ void Ftp::ExpectQueue::Close()
case(Expect::AUTH_TLS):
case(Expect::PROT):
case(Expect::SSCN):
+ case(Expect::CCC):
#endif
break;
case(Expect::CWD_CURR):
@@ -3899,6 +3909,16 @@ void Ftp::CheckResp(int act)
else if(cmd_unsupported(act))
conn->sscn_supported=false;
break;
+ case Expect::CCC:
+ if(is2XX(act))
+ {
+ conn->MakeBuffers();
+ if(conn->prot=='P')
+ {
+ conn->SendCmd("PROT C");
+ expect->Push(new Expect(Expect::PROT,"C"));
+ }
+ }
#endif // USE_SSL
} /* end switch */
Index: ftpclass.h
===================================================================
RCS file: /home/lav/cvsroot/lftp/src/ftpclass.h,v
retrieving revision 1.126
diff -u -p -r1.126 ftpclass.h
--- ftpclass.h 18 May 2005 05:57:09 -0000 1.126
+++ ftpclass.h 4 Nov 2005 09:13:51 -0000
@@ -181,7 +181,7 @@ class Ftp : public NetAccess
SITE_UTIME,
QUOTED // check response for any command submitted by QUOTE_CMD
#if USE_SSL
- ,AUTH_TLS,PROT,SSCN
+ ,AUTH_TLS,PROT,SSCN,CCC
#endif
};
Index: lftp_ssl.cc
===================================================================
RCS file: /home/lav/cvsroot/lftp/src/lftp_ssl.cc,v
retrieving revision 1.23
diff -u -p -r1.23 lftp_ssl.cc
--- lftp_ssl.cc 28 Sep 2005 04:37:45 -0000 1.23
+++ lftp_ssl.cc 4 Nov 2005 09:27:28 -0000
@@ -303,6 +303,8 @@ lftp_ssl_gnutls::lftp_ssl_gnutls(int fd1
}
lftp_ssl_gnutls::~lftp_ssl_gnutls()
{
+ if(handshake_done)
+ gnutls_bye(session,GNUTLS_SHUT_RDWR); // FIXME - E_AGAIN
gnutls_certificate_free_credentials(cred);
gnutls_deinit(session);
}
@@ -828,6 +830,8 @@ lftp_ssl_openssl::lftp_ssl_openssl(int f
}
lftp_ssl_openssl::~lftp_ssl_openssl()
{
+ if(handshake_done)
+ SSL_shutdown(ssl);
SSL_free(ssl);
}
Index: resource.cc
===================================================================
RCS file: /home/lav/cvsroot/lftp/src/resource.cc,v
retrieving revision 1.121
diff -u -p -r1.121 resource.cc
--- resource.cc 30 Sep 2005 05:47:34 -0000 1.121
+++ resource.cc 4 Nov 2005 09:37:34 -0000
@@ -221,6 +221,7 @@ static ResDecl
ResDecl11f("ftp:ssl-protect-list", "yes", ResMgr::BoolValidate,0),
ResDecl11d("ftp:ssl-auth", "TLS", AuthArgValidate,0),
ResDecl11e("ftp:ssl-allow-anonymous", "no",
ResMgr::BoolValidate,0),
+ ResDecl11i("ftp:ssl-use-ccc", "no", ResMgr::BoolValidate,0),
ResDecl11h("ftps:initial-prot", "", ProtValidate,0),
#endif
ResDecl12 ("ftp:stat-interval", "1", ResMgr::UNumberValidate,0),
