diff -burp docs/curl.1 docs/curl.1
--- docs/curl.1	Wed Mar 15 15:21:35 2006
+++ docs/curl.1	Thu Jul  6 23:53:48 2006
@@ -396,6 +396,11 @@ in 7.11.0)
 If this option is used several times, the following occurrences make no
 difference.
 
+.IP "--ftp-site-auth"
+(FTP) When connecting to a server over FTPS using a client certificate,
+send a SITE AUTH command instead of USER and PASS. The server will
+retrieve the username from the certificate.  Required when talking to
+Tumbleweed's Secure Transport server. (Added in x.xx.x)
 .IP "--ftp-skip-pasv-ip"
 (FTP) Tell curl to not use the IP address the server suggests in its response
 to curl's PASV command when curl connects the data connection. Instead curl
diff -burp docs/libcurl/curl_easy_setopt.3 docs/libcurl/curl_easy_setopt.3
--- docs/libcurl/curl_easy_setopt.3	Fri Jul  7 10:14:52 2006
+++ docs/libcurl/curl_easy_setopt.3	Fri Jul  7 10:14:52 2006
@@ -809,6 +809,11 @@
 recommended that if used in conjunction with \fICURLOPT_TIMEOUT\fP, you set
 \fICURLOPT_FTP_RESPONSE_TIMEOUT\fP to a value smaller than
 \fICURLOPT_TIMEOUT\fP.  (Added in 7.10.8)
+.IP CURLOPT_FTP_SITE_AUTH
+Pass a long.  If the value is non-zero, curl will send the "SITE AUTH"
+command instead of logging in with the usual "USER user" and "PASS password"
+commands.  This is required when connecting to Tumbleweed's Secure Transport
+FTPS server using client certificates for authentication.
 .IP CURLOPT_FTP_SKIP_PASV_IP
 Pass a long. If set to a non-zero value, it instructs libcurl to not use the
 IP address the server suggests in its 227-response to libcurl's PASV command
diff -burp include/curl/curl.h include/curl/curl.h
--- include/curl/curl.h	Mon Mar 13 18:05:15 2006
+++ include/curl/curl.h	Thu Jul  6 23:53:48 2006
@@ -937,6 +937,11 @@ typedef enum {
      extracting it with CURLINFO_LASTSOCKET */
   CINIT(CONNECT_ONLY, LONG, 141),
 
+  /* When connecting to Tumbleweed's SecureTransport over ftps, send
+     SITE AUTH instead of USER/PASS.  The server will pull the username
+     out of the client certificate.  */
+  CINIT(FTP_SITE_AUTH, LONG, 142),
+
   CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;
 
diff -burp lib/ftp.c lib/ftp.c
--- lib/ftp.c	Mon Mar 13 17:33:46 2006
+++ lib/ftp.c	Thu Jul  6 23:53:48 2006
@@ -678,8 +678,13 @@
 {
   CURLcode result;
   struct FTP *ftp = conn->proto.ftp;
-  /* send USER */
-  NBFTPSENDF(conn, "USER %s", ftp->user?ftp->user:"");
+  if (conn->data->set.ftp_site_auth) {
+    /* send undocumented Secure Transport authentication command */
+    NBFTPSENDF(conn, "SITE AUTH", NULL);
+  } else {
+    /* send USER */
+    NBFTPSENDF(conn, "USER %s", ftp->user?ftp->user:"");
+  }
 
   state(conn, FTP_USER);
 
diff -burp lib/url.c lib/url.c
--- lib/url.c	Tue Mar  7 17:11:42 2006
+++ lib/url.c	Thu Jul  6 23:53:48 2006
@@ -1486,6 +1486,10 @@ CURLcode Curl_setopt(struct SessionHandl
     data->set.connect_only = va_arg(param, long)?TRUE:FALSE;
     break;
 
+  case CURLOPT_FTP_SITE_AUTH:
+    data->set.ftp_site_auth = va_arg(param, long)?TRUE:FALSE;
+    break;
+
   default:
     /* unknown tag and its companion, just ignore: */
     result = CURLE_FAILED_INIT; /* correct this */
diff -burp lib/urldata.h lib/urldata.h
--- lib/urldata.h	Tue Mar  7 17:11:42 2006
+++ lib/urldata.h	Thu Jul  6 23:53:48 2006
@@ -1006,6 +1006,7 @@ struct UserDefined {
   bool cookiesession;   /* new cookie session? */
   bool crlf;            /* convert crlf on ftp upload(?) */
   char *ftp_account;    /* ftp account data */
+  bool ftp_site_auth;   /* send SITE AUTH instead of USER/PASS for ftp */
   struct curl_slist *quote;     /* after connection is established */
   struct curl_slist *postquote; /* after the transfer */
   struct curl_slist *prequote; /* before the transfer, after type */
diff -burp src/main.c src/main.c
--- src/main.c	Mon Mar 13 18:07:21 2006
+++ src/main.c	Thu Jul  6 23:53:48 2006
@@ -358,6 +358,7 @@ struct Configurable {
   struct curl_slist *tp_postquote;
   struct curl_slist *tp_prequote;
   char *ftp_account; /* for ACCT */
+  bool ftp_site_auth; /* use SITE AUTH instead of USER/PASS */
   int ftp_filemethod;
 
   bool ignorecl; /* --ignore-content-length */
@@ -1338,6 +1339,7 @@ static ParameterError getparameter(char 
     {"$r", "ftp-method", TRUE},
     {"$s", "local-port", TRUE},
     {"$t", "socks4",     TRUE},
+    {"$u", "ftp-site-auth", FALSE},
 
     {"0", "http1.0",     FALSE},
     {"1", "tlsv1",       FALSE},
@@ -1774,6 +1776,9 @@ static ParameterError getparameter(char 
           }
         }
         break;
+      case 'u': /* --ftp-site-auth */
+        config->ftp_site_auth ^= TRUE;
+        break;
       }
       break;
     case '#': /* --progress-bar */
@@ -4012,6 +4017,9 @@ operate(struct Configurable *config, int
           curl_easy_setopt(curl, CURLOPT_LOCALPORT, config->localport);
           curl_easy_setopt(curl, CURLOPT_LOCALPORTRANGE, config->localportrange);
         }
+
+        /* curl x.xx.x */
+        curl_easy_setopt(curl, CURLOPT_FTP_SITE_AUTH, config->ftp_site_auth);
 
         retry_numretries = config->req_retry;