Issue 2250 – Configurable FTP TLS shutdown procedure

https://winscp.net/tracker/2250 Source commit: 509a6c3b0efed21c398810e7ead00bd9235ee35d
winscp · Jan 15, 2024 · c97a8ab · c97a8ab
1 parent 1cb620c
commit c97a8ab
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 6 deletions.
diff --git a/source/core/FtpFileSystem.cpp b/source/core/FtpFileSystem.cpp
@@ -2862,10 +2862,17 @@ int __fastcall TFTPFileSystem::GetOptionVal(int OptionID) const
       break;
 
     case OPTION_MPEXT_COMPLETE_TLS_SHUTDOWN:
-      // As of FileZilla Server 1.6.1 this does not seem to be needed. It's still needed with 1.5.1.
-      // It was possibly fixed by 1.6.0 (2022-12-06) change:
-      // Fixed an issue in the networking code when dealing with TLS close_notify alerts
-      Result = FFileZilla ? FALSE : TRUE;
+      if (Data->CompleteTlsShutdown == asAuto)
+      {
+        // As of FileZilla Server 1.6.1 this does not seem to be needed. It's still needed with 1.5.1.
+        // It was possibly fixed by 1.6.0 (2022-12-06) change:
+        // Fixed an issue in the networking code when dealing with TLS close_notify alerts
+        Result = FFileZilla ? -1 : 0;
+      }
+      else
+      {
+        Result = (Data->CompleteTlsShutdown == asOn) ? 1 : -1;
+      }
       break;
 
     case OPTION_MPEXT_WORK_FROM_CWD:

diff --git a/source/core/SessionData.cpp b/source/core/SessionData.cpp
@@ -336,6 +336,7 @@ void __fastcall TSessionData::DefaultSettings()
   Ftps = ftpsNone;
   MinTlsVersion = tlsDefaultMin;
   MaxTlsVersion = tlsMax;
+  CompleteTlsShutdown = asAuto;
   FtpListAll = asAuto;
   FtpHost = asAuto;
   FtpWorkFromCwd = asAuto;
@@ -524,6 +525,7 @@ void __fastcall TSessionData::NonPersistant()
   \
   PROPERTY(MinTlsVersion); \
   PROPERTY(MaxTlsVersion); \
+  PROPERTY(CompleteTlsShutdown); \
   \
   PROPERTY(WinTitle); \
   \
@@ -927,6 +929,7 @@ void __fastcall TSessionData::DoLoad(THierarchicalStorage * Storage, bool PuttyI
 
   MinTlsVersion = static_cast<TTlsVersion>(Storage->ReadInteger(L"MinTlsVersion", MinTlsVersion));
   MaxTlsVersion = static_cast<TTlsVersion>(Storage->ReadInteger(L"MaxTlsVersion", MaxTlsVersion));
+  CompleteTlsShutdown = Storage->ReadEnum(L"CompleteTlsShutdown", CompleteTlsShutdown, AutoSwitchMapping);
 
   LOAD_PASSWORD(EncryptKey, L"EncryptKeyPlain");
 
@@ -1234,6 +1237,7 @@ void __fastcall TSessionData::DoSave(THierarchicalStorage * Storage,
 
     WRITE_DATA(Integer, MinTlsVersion);
     WRITE_DATA(Integer, MaxTlsVersion);
+    WRITE_DATA(Integer, CompleteTlsShutdown);
 
     WRITE_DATA(Bool, WebDavLiberalEscaping);
     WRITE_DATA(Bool, WebDavAuthLegacy);
@@ -4496,6 +4500,11 @@ void __fastcall TSessionData::SetLogicalHostName(UnicodeString value)
 {
   SET_SESSION_PROPERTY(LogicalHostName);
 }
+//---------------------------------------------------------------------------
+void TSessionData::SetCompleteTlsShutdown(TAutoSwitch value)
+{
+  SET_SESSION_PROPERTY(CompleteTlsShutdown);
+}
 //---------------------------------------------------------------------
 void __fastcall TSessionData::SetFtpListAll(TAutoSwitch value)
 {

diff --git a/source/core/SessionData.h b/source/core/SessionData.h
@@ -228,6 +228,7 @@ friend class TStoredSessionList;
   TFtps FFtps;
   TTlsVersion FMinTlsVersion;
   TTlsVersion FMaxTlsVersion;
+  TAutoSwitch FCompleteTlsShutdown;
   TAutoSwitch FNotUtf;
   int FInternalEditorEncoding;
   UnicodeString FS3DefaultRegion;
@@ -421,6 +422,7 @@ friend class TStoredSessionList;
   void __fastcall SetFtps(TFtps value);
   void __fastcall SetMinTlsVersion(TTlsVersion value);
   void __fastcall SetMaxTlsVersion(TTlsVersion value);
+  void SetCompleteTlsShutdown(TAutoSwitch value);
   void __fastcall SetNotUtf(TAutoSwitch value);
   void __fastcall SetInternalEditorEncoding(int value);
   void __fastcall SetS3DefaultRegion(UnicodeString value);
@@ -705,6 +707,7 @@ friend class TStoredSessionList;
   __property TFtps Ftps = { read = FFtps, write = SetFtps };
   __property TTlsVersion MinTlsVersion = { read = FMinTlsVersion, write = SetMinTlsVersion };
   __property TTlsVersion MaxTlsVersion = { read = FMaxTlsVersion, write = SetMaxTlsVersion };
+  __property TAutoSwitch CompleteTlsShutdown = { read = FCompleteTlsShutdown, write = SetCompleteTlsShutdown };
   __property UnicodeString LogicalHostName = { read = FLogicalHostName, write = SetLogicalHostName };
   __property TAutoSwitch NotUtf = { read = FNotUtf, write = SetNotUtf };
   __property int InternalEditorEncoding = { read = FInternalEditorEncoding, write = SetInternalEditorEncoding };

diff --git a/source/filezilla/AsyncSslSocketLayer.cpp b/source/filezilla/AsyncSslSocketLayer.cpp
@@ -1015,8 +1015,9 @@ BOOL CAsyncSslSocketLayer::ShutDown(int nHow /*=sends*/)
       // Without bi-directional shutdown, file uploads are incomplete on some servers
       res = SSL_shutdown(m_ssl);
 
-      if ((SSL_version(m_ssl) <= TLS1_2_VERSION) ||
-          !GetSocketOptionVal(OPTION_MPEXT_COMPLETE_TLS_SHUTDOWN))
+      int completeShutdown = GetSocketOptionVal(OPTION_MPEXT_COMPLETE_TLS_SHUTDOWN);
+      if ((completeShutdown < 0) ||
+          ((completeShutdown == 0) && (SSL_version(m_ssl) <= TLS1_2_VERSION)))
       {
         LogSocketMessageRaw(FZ_LOG_INFO, L"Not waiting for complete TLS shutdown");
         res = 0;