cURL / Mailing Lists / curl-library / Single Mail


FTPS: curllib does not use PROT C

From: Peter Heuchert <>
Date: Mon, 6 Mar 2006 13:57:49 +0100

I have problems using the option CURLOPT_FTP_SSL. I set the option to
CURLFTPSSL_CONTROL and noticed that data and control channel are
encrypted. So there is no difference between the options

Both are using the FTP command "PROT P". Option CURLFTPSSL_CONTROL
should use "PROT C" and open an unencrypted data channel. I noticed the
problem while the CPU usage did increase dramaticaly on connections which
should encrpyt the control channel only (for password encryption).

Here is the example program I used:

  #include <stdio.h>

  #include <curl/curl.h>
  #include <curl/types.h>
  #include <curl/easy.h>

  int main(void)
    CURL *curl;
    CURLcode res;


    curl = curl_easy_init();
    if(curl) {
       * Get curl 7.9.2 from's FTP site. curl 7.9.2 is most
likely not
       * present there by the time you read this, so you'd better replace
       * URL with one that works!
      curl_easy_setopt(curl, CURLOPT_URL,
      /* Define our callback to get called when there's data to be written
      /* Set a pointer to our struct to pass to the callback */

      /* Switch on full protocol/debug output */
      curl_easy_setopt(curl, CURLOPT_VERBOSE, TRUE);
      curl_easy_setopt(curl, CURLOPT_FTP_SSL, CURLFTPSSL_CONTROL);
      curl_easy_setopt(curl, CURLOPT_FTPSSLAUTH,CURLFTPAUTH_TLS);
      curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE );
      curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, FALSE);

      res = curl_easy_perform(curl);

      /* always cleanup */

      if(CURLE_OK != res) {
        /* we failed */
        fprintf(stderr, "curl told us %d\n", res);


    return 0;

And here relevant part of the output:
> PBSZ 0
< 200 PBSZ 0 successful
< 200 Protection set to Private
< 257 "/" is current directory.
* Entry path is '/'

I'm using libcurl 7.15.1 on AIX 5.3

Best regards

Peter Heuchert
Received on 2006-03-06