cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Problem using FTPS through HTTP Proxy (crash in cURL library)

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 13 Sep 2006 09:59:59 +0200 (CEST)

On Wed, 13 Sep 2006, Daniel Stenberg wrote:

>> cURL erroneously assumes that the Connection-Request to the HTTP-Proxy (for
>> setting-up the data channel) is SSL encrypted. Then it calls SSL_write
>> passing a non-initialized ssl-handle, which leads to a crash in the libssl.
>
> I'm not really following here. Why is that connection not encrypted then?

Ok, I read the message about FTPS over HTTP-proxy from Robert Gonzalez on the
curl-users list and I now think I understand what you're saying.

The actual CONNECT-request should be sent non-encrypted (which it doesn't seem
to be doing now), while it should then talk encrypted to the (FTPS) server
behind it.

Does your suggested patch really enable that? What version of libcurl did you
try that patch on?

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
Received on 2006-09-13