cURL / Mailing Lists / curl-users / Single Mail

curl-users

Unencrypted ftps data channel and PROT C with cURL

From: tom.suhrstedt <Tom.Suhrstedt_at_noaa.gov>
Date: Tue, 18 May 2010 13:08:51 -0400

I am running the Windows 7.20.1 binary downloaded from the cURL web site:

  curl 7.20.1 (i386-pc-win32) libcurl/7.20.1 OpenSSL/0.9.8n zlib/1.2.5
  Protocols: dict file ftp ftps http https imap imaps ldap pop3 pop3s
rtsp smtp smtps telnet tftp
  Features: AsynchDNS Largefile NTLM SSL SSPI libz

I am trying to find an ftps client that can negotiate an unencrypted
data channel after it does an encrypted authentication to our vsftpd
server. The cURL man page would lead me to believe that the
"ftp-ssl-control" argument would support this:

--ftp-ssl-control
(FTP) Require SSL/TLS for the FTP login, clear for transfer. Allows
secure authentication, but non-encrypted data transfers for efficiency.
Fails the transfer if the server doesn't support SSL/TLS. (Added in 7.16.0)

My client is newer than the 7.16 requirement for this feature, but when
I issue what I think would be the proper command, I do not see the
expected PROT C command issued to the server:

>curl -v -k --ftp-ssl-control --ftp-ssl
ftp://<user>:<password>@<host>/testfile
> AUTH SSL
< 234 Proceed with negotiation.
...
< 230 Login successful.
> PBSZ 0
< 200 PBSZ set to 0.
> PROT P
< 200 PROT now Private.
...

I searched the curl-users mailing list and found one old thread that
referred to the lack of this support in curllib:
--------
  From: Daniel Stenberg <daniel_at_haxx.se>
  Date: Mon, 6 Mar 2006 14:07:49 +0100 (CET)

  On Mon, 6 Mar 2006, Peter Heuchert wrote:
> I have problems using the option CURLOPT_FTP_SSL. I set the option to
> CURLFTPSSL_CONTROL and noticed that data and control channel are
encrypted.
> So there is no difference between the options CURLFTPSSL_CONTROL and
> CURLFTPSSL_ALL.

  Oops. You're right. I never completed support for the all the alternatives
  you can set that option to...
--------

I have found one client that does support unencrypted data channel and
sends the PROT C command, after which my server sends the data
unencrypted. I would like to know if anyone can provide definitive
information on whether the cURL client can support this, or if there are
plans for enhancement.

Thanks.
Tom S.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-05-18