FTP.lua : imrprove "should_try_ssl" to take into account IBM Db2 error message (code provided)

[zaleoth]

Function "should_try_ssl" in nselib/ftp.lua is quite generic and doesn't trigger when testing a connection toward IBM Db2 server.

Therefore may I suggest replacing current code with this one:

-- Should we try STARTTLS based on this error?
local function should_try_ssl(code, message)
  return code and (
        code >= 400 and (
              message:match('[Ss][Ss][Ll]') or
              message:match('[Tt][Ll][Ss]') or
              message:match('[Ss][Ee][Cc][Uu][Rr]')
            )
        ) or (
              -- support IBM Db2 lack of TLS related error message
              code == 534 and message:match('Server requires authentication before')
        )
end

Here is the reference I used:
IBM doc for error 534

Disclaimer: I've never tried to contribute to such a project. shall I provide pull request? Anything else ?

[nnposter]

Would you mind to test the following patch?

--- a/nselib/ftp.lua	2018-03-12 12:44:05.000000000 -0600
+++ b/nselib/ftp.lua	2021-06-11 18:22:30.000000000 -0600
@@ -141,11 +141,14 @@
 
 -- Should we try STARTTLS based on this error?
 local function should_try_ssl(code, message)
-  return code and code >= 400 and (
-        message:match('[Ss][Ss][Ll]') or
-        message:match('[Tt][Ll][Ss]') or
-        message:match('[Ss][Ee][Cc][Uu][Rr]')
-        )
+  if not code or code < 400 then return false end
+  message = message:lower()
+  return message:find("ssl", 1, true) or
+         message:find("tls", 1, true) or
+         message:find("secur", 1, true) or
+         -- z/OS Communications Server
+         -- https://www.ibm.com/docs/en/zos/2.4.0?topic=codes-534-reply
+         message:find("server requires authentication before", 1, true)
 end
 
 -- Try to reconnect over STARTTLS.

[zaleoth]

Hi!
Unfortunately, I no longer have access to such a server.

I'll poke back whenever I found one or have time to build a test env.

Thanks for your answer though !