Hi All, I have been blocked on the fix of the bug https://github.com/curl/curl/issues/5523 since a while. I decided to look into the libcurl code to see and find the problem. I have been observing this mailing list. I thought I would ask the question about what I am seeing, here.
So I see this comment https://github.com/curl/curl/blob/e15e51384a423be31318b3c9c7d612a1aae661fd/lib/http_proxy.c#L46-L47 which says, https_proxy_connect will set the bit proxy_ssl_connected when the connect is complete. This method calls Curl_ssl_connect_nonblocking. Looking at the code, of Curl_ssl_connect_nonblocking, flow will not fall in https://github.com/curl/curl/blob/aecce3551cbb62a7980e8d22b40eabc091f896a0/lib/vtls/vtls.c#L320 because we havn't connected to the proxy yet. Then in line https://github.com/curl/curl/blob/aecce3551cbb62a7980e8d22b40eabc091f896a0/lib/vtls/vtls.c#L330 we are setting conn->ssl[sockindex].use to true even through our destination is not ssl. We do not know if the destination will be ssl yet. We are only sending connect to the https proxy. And because conn->ssl[sockindex].use is set whether or not the destination is ssl we send command PBSZ to ftp end point https://github.com/curl/curl/blob/42ed22fea621ca06986070815c14b9dfa25a41c1/lib/ftp.c#L2504-L2519 which is only a valid command for a secure end point and ftp end point is not secure. I think something needs to be fixed around https://github.com/curl/curl/blob/aecce3551cbb62a7980e8d22b40eabc091f896a0/lib/vtls/vtls.c#L330 Since I am looking at the libcurl code first time. I can't put a finger of what should be the fix here. I would really appreciate some guidance in terms of what is a possible fix here. I can send a pull request. This is the curl command I am sending curl -vvv -p -x <https_proxy> --proxy-cert <cert> --proxy-key <key> ftp://test.rebex.net/ --proxy-insecure --user 'demo:password' in the curl logs I can see this interaction happening. > PBSZ 0 < 503 Command valid only on secure connection > PROT P < 503 Command valid only on secure connection. Problem is the ftp server I am trying to connect, respond to these commands with 200 in place of 503. and then the client tries to do tls handshake, which fails. Ideally curl should not send these commands because they are invalid commands to ftp end point. I am blocked on this since the last couple of months, any help is really appreciated. Thanks in advance. Shilpa -- Shilpa Gupta https://shilpa-gupta.github.io [image: Mailtrack] <https://mailtrack.io?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality5&;> Sender notified by Mailtrack <https://mailtrack.io?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality5&;> 08/15/20, 10:46:46 AM
------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
