David McCreedy added --ftp-ssl-reqd which makes curl *require* SSL for both

control and data connection, as the existing --ftp-ssl option only requests
it.

4 files changed, 28 insertions, 5 deletions

diff --git a/CHANGES b/CHANGES
index 2478c1766..e645c41c0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,10 @@
                                   Changelog
 
 Daniel (27 July 2006)
+- David McCreedy added --ftp-ssl-reqd which makes curl *require* SSL for both
+  control and data connection, as the existing --ftp-ssl option only requests
+  it.
+
 - [Hiper-related work] Added a function called curl_multi_assign() that will
   set a private pointer added to the internal libcurl hash table for the
   particular socket passed in to this function:
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 40c8082eb..3dd713883 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -2,7 +2,7 @@ Curl and libcurl 7.15.5
 
  Public curl release number:               95
  Releases counted from the very beginning: 122
- Available command line options:           113
+ Available command line options:           114
  Available curl_easy_setopt() options:     133
  Number of public functions in libcurl:    54
  Amount of public web site mirrors:        33
@@ -11,14 +11,15 @@ Curl and libcurl 7.15.5
 
 This release includes the following changes:
 
+ o added --ftp-ssl-reqd
  o modified the prototype for the socket callback set with
    CURLMOPT_SOCKETFUNCTION
  o added curl_multi_assign()
  o added CURLOPT_FTP_ALTERNATIVE_TO_USER and --ftp-alternative-to-user
- o now includes a vcproj file for building libcurl
+ o added a vcproj file for building libcurl
  o added curl_formget()
  o added CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE
- o configure --enable-hidden-symbols
+ o added configure --enable-hidden-symbols
  o Made -K on a file that couldn't be read cause a warning to be displayed
 
 This release includes the following bugfixes:
diff --git a/docs/curl.1 b/docs/curl.1
index de72eb5b6..59f2c67fb 100644
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -412,7 +412,15 @@ This option has no effect if PORT, EPRT or EPSV is used instead of PASV.
 If this option is used twice, the second will again use the server's suggested
 address.
 .IP "--ftp-ssl"
-(FTP) Make the FTP connection switch to use SSL/TLS. (Added in 7.11.0)
+(FTP) Try to use SSL/TLS for the FTP connection.
+Reverts to a non-secure connection if the server doesn't support SSL/TLS.
+(Added in 7.11.0)
+
+If this option is used twice, the second will again disable this.
+.IP "--ftp-ssl-reqd"
+(FTP) Require SSL/TLS for the FTP connection.
+Terminates the connection if the server doesn't support SSL/TLS.
+(Added in 7.15.5)
 
 If this option is used twice, the second will again disable this.
 .IP "-F/--form <name=content>"
diff --git a/src/main.c b/src/main.c
index af20a396c..dd6920d5c 100644
--- a/src/main.c
+++ b/src/main.c
@@ -338,6 +338,7 @@ struct Configurable {
   struct timeval lastrecvtime;
   size_t lastrecvsize;
   bool ftp_ssl;
+  bool ftp_ssl_reqd;
 
   char *socksproxy; /* set to server string */
   int socksver;     /* set to CURLPROXY_SOCKS* define */
@@ -516,7 +517,8 @@ static void help(void)
     "    --ftp-method [multicwd/nocwd/singlecwd] Control CWD usage (F)",
     "    --ftp-pasv      Use PASV/EPSV instead of PORT (F)",
     "    --ftp-skip-pasv-ip Skip the IP address for PASV (F)\n"
-    "    --ftp-ssl       Enable SSL/TLS for the ftp transfer (F)",
+    "    --ftp-ssl       Try SSL/TLS for the ftp transfer (F)",
+    "    --ftp-ssl-reqd  Require SSL/TLS for the ftp transfer (F)",
     " -F/--form <name=content> Specify HTTP multipart POST data (H)",
     "    --form-string <name=string> Specify HTTP multipart POST data (H)",
     " -g/--globoff       Disable URL sequences and ranges using {} and []",
@@ -1342,6 +1344,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
     {"$s", "local-port", TRUE},
     {"$t", "socks4",     TRUE},
     {"$u", "ftp-alternative-to-user", TRUE},
+    {"$v", "ftp-ssl-reqd", FALSE},
 
     {"0", "http1.0",     FALSE},
     {"1", "tlsv1",       FALSE},
@@ -1781,6 +1784,9 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
       case 'u': /* --ftp-alternative-to-user */
         GetStr(&config->ftp_alternative_to_user, nextarg);
         break;
+      case 'v': /* --ftp-ssl-reqd */
+        config->ftp_ssl_reqd ^= TRUE;
+        break;
       }
       break;
     case '#': /* --progress-bar */
@@ -3975,6 +3981,10 @@ operate(struct Configurable *config, int argc, char *argv[])
         if(config->ftp_ssl)
           curl_easy_setopt(curl, CURLOPT_FTP_SSL, CURLFTPSSL_TRY);
 
+        /* new in curl 7.15.5 */
+        if(config->ftp_ssl_reqd)
+          curl_easy_setopt(curl, CURLOPT_FTP_SSL, CURLFTPSSL_ALL);
+
         /* new in curl 7.11.1, modified in 7.15.2 */
         if(config->socksproxy) {
           curl_easy_setopt(curl, CURLOPT_PROXY, config->socksproxy);