1 files changed, 357 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2021-22947.patch b/meta/recipes-support/curl/curl/CVE-2021-22947.patch
new file mode 100644
index 0000000000..9bd9890d72
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2021-22947.patch
@@ -0,0 +1,357 @@
+From f3f2d2554d09ca0e13039e4915b83faaa55961c4 Mon Sep 17 00:00:00 2001
+From: Patrick Monnerat <patrick@monnerat.net>
+Date: Tue, 7 Sep 2021 13:26:42 +0200
+Subject: [PATCH] ftp,imap,pop3,smtp: reject STARTTLS server response
+ pipelining
+If a server pipelines future responses within the STARTTLS response, the
+former are preserved in the pingpong cache across TLS negotiation and
+used as responses to the encrypted commands.
+This fix detects pipelined STARTTLS responses and rejects them with an
+error.
+CVE-2021-22947
+Bug: https://curl.se/docs/CVE-2021-22947.html
+Upstream-Status: Backport [https://github.com/curl/curl/commit/8ef147c43646e91fdaad5d0e7b60351f842e5c68]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/ftp.c               |  3 +++
+ lib/imap.c              |  4 +++
+ lib/pop3.c              |  4 +++
+ lib/smtp.c              |  4 +++
+ tests/data/Makefile.inc |  2 +-
+ tests/data/test980      | 52 ++++++++++++++++++++++++++++++++++++
+ tests/data/test981      | 59 +++++++++++++++++++++++++++++++++++++++++
+ tests/data/test982      | 57 +++++++++++++++++++++++++++++++++++++++
+ tests/data/test983      | 52 ++++++++++++++++++++++++++++++++++++
+ 9 files changed, 236 insertions(+), 1 deletion(-)
+ create mode 100644 tests/data/test980
+ create mode 100644 tests/data/test981
+ create mode 100644 tests/data/test982
+ create mode 100644 tests/data/test983
+diff --git a/lib/ftp.c b/lib/ftp.c
+index 8b3fe1d..a55566a 100644
+--- a/lib/ftp.c
+++ b/lib/ftp.c
+@@ -2727,6 +2727,9 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
+     case FTP_AUTH:
+       /* we have gotten the response to a previous AUTH command */
+ 
+      if(pp->cache_size)
+        return CURLE_WEIRD_SERVER_REPLY; /* Forbid pipelining in response. */
+
+       /* RFC2228 (page 5) says:
+        *
+        * If the server is willing to accept the named security mechanism,
+diff --git a/lib/imap.c b/lib/imap.c
+index b056208..9230f17 100644
+--- a/lib/imap.c
+++ b/lib/imap.c
+@@ -962,6 +962,10 @@ static CURLcode imap_state_starttls_resp(struct Curl_easy *data,
+ 
+   (void)instate; /* no use for this yet */
+ 
+  /* Pipelining in response is forbidden. */
+  if(data->conn->proto.imapc.pp.cache_size)
+    return CURLE_WEIRD_SERVER_REPLY;
+
+   if(imapcode != IMAP_RESP_OK) {
+     if(data->set.use_ssl != CURLUSESSL_TRY) {
+       failf(data, "STARTTLS denied");
+diff --git a/lib/pop3.c b/lib/pop3.c
+index 018fda1..4f953f7 100644
+--- a/lib/pop3.c
+++ b/lib/pop3.c
+@@ -769,6 +769,10 @@ static CURLcode pop3_state_starttls_resp(struct Curl_easy *data,
+   CURLcode result = CURLE_OK;
+   (void)instate; /* no use for this yet */
+ 
+  /* Pipelining in response is forbidden. */
+  if(data->conn->proto.pop3c.pp.cache_size)
+    return CURLE_WEIRD_SERVER_REPLY;
+
+   if(pop3code != '+') {
+     if(data->set.use_ssl != CURLUSESSL_TRY) {
+       failf(data, "STARTTLS denied");
+diff --git a/lib/smtp.c b/lib/smtp.c
+index 1fc8800..51445f6 100644
+--- a/lib/smtp.c
+++ b/lib/smtp.c
+@@ -832,6 +832,10 @@ static CURLcode smtp_state_starttls_resp(struct Curl_easy *data,
+   CURLcode result = CURLE_OK;
+   (void)instate; /* no use for this yet */
+ 
+  /* Pipelining in response is forbidden. */
+  if(data->conn->proto.smtpc.pp.cache_size)
+    return CURLE_WEIRD_SERVER_REPLY;
+
+   if(smtpcode != 220) {
+     if(data->set.use_ssl != CURLUSESSL_TRY) {
+       failf(data, "STARTTLS denied, code %d", smtpcode);
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index e6e2551..22d7a0b 100644
+--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
+@@ -115,7 +115,7 @@ test945 test946 test947 test948 test949 test950 test951 test952 test953 \
+ test954 test955 test956 test957 test958 test959 test960 test961 test962 \
+ test963 test964 test965 test966 test967 test968 test969 test970 test971 \
+ \
+-test984 test985 test986 \
+test980 test981 test982 test983 test984 test985 test986 \
+ \
+ test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \
+ test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \
+diff --git a/tests/data/test980 b/tests/data/test980
+new file mode 100644
+index 0000000..97567f8
+--- /dev/null
+++ b/tests/data/test980
+@@ -0,0 +1,52 @@
+<testcase>
+<info>
+<keywords>
+SMTP
+STARTTLS
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<servercmd>
+CAPA STARTTLS
+AUTH PLAIN
+REPLY STARTTLS 454 currently unavailable\r\n235 Authenticated\r\n250 2.1.0 Sender ok\r\n250 2.1.5 Recipient ok\r\n354 Enter mail\r\n250 2.0.0 Accepted
+REPLY AUTH 535 5.7.8 Authentication credentials invalid
+</servercmd>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+SSL
+</features>
+<server>
+smtp
+</server>
+ <name>
+SMTP STARTTLS pipelined server response
+ </name>
+<stdin>
+mail body
+</stdin>
+ <command>
+smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u user:secret --ssl --sasl-ir -T -
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+# 8 is CURLE_WEIRD_SERVER_REPLY
+<errorcode>
+8
+</errorcode>
+<protocol>
+EHLO %TESTNUMBER
+STARTTLS
+</protocol>
+</verify>
+</testcase>
+diff --git a/tests/data/test981 b/tests/data/test981
+new file mode 100644
+index 0000000..2b98ce4
+--- /dev/null
+++ b/tests/data/test981
+@@ -0,0 +1,59 @@
+<testcase>
+<info>
+<keywords>
+IMAP
+STARTTLS
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<servercmd>
+CAPA STARTTLS
+REPLY STARTTLS A002 BAD currently unavailable\r\nA003 OK Authenticated\r\nA004 OK Accepted
+REPLY LOGIN A003 BAD Authentication credentials invalid
+</servercmd>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+SSL
+</features>
+<server>
+imap
+</server>
+ <name>
+IMAP STARTTLS pipelined server response
+ </name>
+ <command>
+imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl
+</command>
+<file name="log/upload%TESTNUMBER">
+Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST)
+From: Fred Foobar <foobar@example.COM>
+Subject: afternoon meeting
+To: joe@example.com
+Message-Id: <B27397-0100000@example.COM>
+MIME-Version: 1.0
+Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
+
+Hello Joe, do you think we can meet at 3:30 tomorrow?
+</file>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+# 8 is CURLE_WEIRD_SERVER_REPLY
+<errorcode>
+8
+</errorcode>
+<protocol>
+A001 CAPABILITY
+A002 STARTTLS
+</protocol>
+</verify>
+</testcase>
+diff --git a/tests/data/test982 b/tests/data/test982
+new file mode 100644
+index 0000000..9e07cc0
+--- /dev/null
+++ b/tests/data/test982
+@@ -0,0 +1,57 @@
+<testcase>
+<info>
+<keywords>
+POP3
+STARTTLS
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<servercmd>
+CAPA STLS USER
+REPLY STLS -ERR currently unavailable\r\n+OK user accepted\r\n+OK authenticated
+REPLY PASS -ERR Authentication credentials invalid
+</servercmd>
+<data nocheck="yes">
+From: me@somewhere
+To: fake@nowhere
+
+body
+
+--
+  yours sincerely
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+SSL
+</features>
+<server>
+pop3
+</server>
+ <name>
+POP3 STARTTLS pipelined server response
+ </name>
+ <command>
+pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl
+ </command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+# 8 is CURLE_WEIRD_SERVER_REPLY
+<errorcode>
+8
+</errorcode>
+<protocol>
+CAPA
+STLS
+</protocol>
+</verify>
+</testcase>
+diff --git a/tests/data/test983 b/tests/data/test983
+new file mode 100644
+index 0000000..300ec45
+--- /dev/null
+++ b/tests/data/test983
+@@ -0,0 +1,52 @@
+<testcase>
+<info>
+<keywords>
+FTP
+STARTTLS
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<servercmd>
+REPLY AUTH 500 unknown command\r\n500 unknown command\r\n331 give password\r\n230 Authenticated\r\n257 "/"\r\n200 OK\r\n200 OK\r\n200 OK\r\n226 Transfer complete
+REPLY PASS 530 Login incorrect
+</servercmd>
+</reply>
+
+# Client-side
+<client>
+<features>
+SSL
+</features>
+<server>
+ftp
+</server>
+ <name>
+FTP STARTTLS pipelined server response
+ </name>
+<file name="log/test%TESTNUMBER.txt">
+data
+    to
+      see
+that FTPS
+works
+  so does it?
+</file>
+ <command>
+--ssl --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -P %CLIENTIP
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+# 8 is CURLE_WEIRD_SERVER_REPLY
+<errorcode>
+8
+</errorcode>
+<protocol>
+AUTH SSL
+</protocol>
+</verify>
+</testcase>
+-- 
+2.34.1

diff --git a/meta/recipes-support/curl/curl/CVE-2021-22947.patch b/meta/recipes-support/curl/curl/CVE-2021-22947.patch new file mode 100644 index 0000000000..9bd9890d72 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2021-22947.patch
@@ -0,0 +1,357 @@
	1	From f3f2d2554d09ca0e13039e4915b83faaa55961c4 Mon Sep 17 00:00:00 2001
	2	From: Patrick Monnerat <patrick@monnerat.net>
	3	Date: Tue, 7 Sep 2021 13:26:42 +0200
	4	Subject: [PATCH] ftp,imap,pop3,smtp: reject STARTTLS server response
	5
	6	pipelining
	7
	8	If a server pipelines future responses within the STARTTLS response, the
	9	former are preserved in the pingpong cache across TLS negotiation and
	10	used as responses to the encrypted commands.
	11
	12	This fix detects pipelined STARTTLS responses and rejects them with an
	13	error.
	14
	15	CVE-2021-22947
	16
	17	Bug: https://curl.se/docs/CVE-2021-22947.html
	18
	19	Upstream-Status: Backport [https://github.com/curl/curl/commit/8ef147c43646e91fdaad5d0e7b60351f842e5c68]
	20
	21	Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
	22
	23	---
	24	lib/ftp.c \| 3 +++
	25	lib/imap.c \| 4 +++
	26	lib/pop3.c \| 4 +++
	27	lib/smtp.c \| 4 +++
	28	tests/data/Makefile.inc \| 2 +-
	29	tests/data/test980 \| 52 ++++++++++++++++++++++++++++++++++++
	30	tests/data/test981 \| 59 +++++++++++++++++++++++++++++++++++++++++
	31	tests/data/test982 \| 57 +++++++++++++++++++++++++++++++++++++++
	32	tests/data/test983 \| 52 ++++++++++++++++++++++++++++++++++++
	33	9 files changed, 236 insertions(+), 1 deletion(-)
	34	create mode 100644 tests/data/test980
	35	create mode 100644 tests/data/test981
	36	create mode 100644 tests/data/test982
	37	create mode 100644 tests/data/test983
	38
	39	diff --git a/lib/ftp.c b/lib/ftp.c
	40	index 8b3fe1d..a55566a 100644
	41	--- a/lib/ftp.c
	42	+++ b/lib/ftp.c
	43	@@ -2727,6 +2727,9 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
	44	case FTP_AUTH:
	45	/* we have gotten the response to a previous AUTH command */
	46
	47	+ if(pp->cache_size)
	48	+ return CURLE_WEIRD_SERVER_REPLY; /* Forbid pipelining in response. */
	49	+
	50	/* RFC2228 (page 5) says:
	51	*
	52	* If the server is willing to accept the named security mechanism,
	53	diff --git a/lib/imap.c b/lib/imap.c
	54	index b056208..9230f17 100644
	55	--- a/lib/imap.c
	56	+++ b/lib/imap.c
	57	@@ -962,6 +962,10 @@ static CURLcode imap_state_starttls_resp(struct Curl_easy *data,
	58
	59	(void)instate; /* no use for this yet */
	60
	61	+ /* Pipelining in response is forbidden. */
	62	+ if(data->conn->proto.imapc.pp.cache_size)
	63	+ return CURLE_WEIRD_SERVER_REPLY;
	64	+
	65	if(imapcode != IMAP_RESP_OK) {
	66	if(data->set.use_ssl != CURLUSESSL_TRY) {
	67	failf(data, "STARTTLS denied");
	68	diff --git a/lib/pop3.c b/lib/pop3.c
	69	index 018fda1..4f953f7 100644
	70	--- a/lib/pop3.c
	71	+++ b/lib/pop3.c
	72	@@ -769,6 +769,10 @@ static CURLcode pop3_state_starttls_resp(struct Curl_easy *data,
	73	CURLcode result = CURLE_OK;
	74	(void)instate; /* no use for this yet */
	75
	76	+ /* Pipelining in response is forbidden. */
	77	+ if(data->conn->proto.pop3c.pp.cache_size)
	78	+ return CURLE_WEIRD_SERVER_REPLY;
	79	+
	80	if(pop3code != '+') {
	81	if(data->set.use_ssl != CURLUSESSL_TRY) {
	82	failf(data, "STARTTLS denied");
	83	diff --git a/lib/smtp.c b/lib/smtp.c
	84	index 1fc8800..51445f6 100644
	85	--- a/lib/smtp.c
	86	+++ b/lib/smtp.c
	87	@@ -832,6 +832,10 @@ static CURLcode smtp_state_starttls_resp(struct Curl_easy *data,
	88	CURLcode result = CURLE_OK;
	89	(void)instate; /* no use for this yet */
	90
	91	+ /* Pipelining in response is forbidden. */
	92	+ if(data->conn->proto.smtpc.pp.cache_size)
	93	+ return CURLE_WEIRD_SERVER_REPLY;
	94	+
	95	if(smtpcode != 220) {
	96	if(data->set.use_ssl != CURLUSESSL_TRY) {
	97	failf(data, "STARTTLS denied, code %d", smtpcode);
	98	diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
	99	index e6e2551..22d7a0b 100644
	100	--- a/tests/data/Makefile.inc
	101	+++ b/tests/data/Makefile.inc
	102	@@ -115,7 +115,7 @@ test945 test946 test947 test948 test949 test950 test951 test952 test953 \
	103	test954 test955 test956 test957 test958 test959 test960 test961 test962 \
	104	test963 test964 test965 test966 test967 test968 test969 test970 test971 \
	105	\
	106	-test984 test985 test986 \
	107	+test980 test981 test982 test983 test984 test985 test986 \
	108	\
	109	test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \
	110	test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \
	111	diff --git a/tests/data/test980 b/tests/data/test980
	112	new file mode 100644
	113	index 0000000..97567f8
	114	--- /dev/null
	115	+++ b/tests/data/test980
	116	@@ -0,0 +1,52 @@
	117	+<testcase>
	118	+<info>
	119	+<keywords>
	120	+SMTP
	121	+STARTTLS
	122	+</keywords>
	123	+</info>
	124	+
	125	+#
	126	+# Server-side
	127	+<reply>
	128	+<servercmd>
	129	+CAPA STARTTLS
	130	+AUTH PLAIN
	131	+REPLY STARTTLS 454 currently unavailable\r\n235 Authenticated\r\n250 2.1.0 Sender ok\r\n250 2.1.5 Recipient ok\r\n354 Enter mail\r\n250 2.0.0 Accepted
	132	+REPLY AUTH 535 5.7.8 Authentication credentials invalid
	133	+</servercmd>
	134	+</reply>
	135	+
	136	+#
	137	+# Client-side
	138	+<client>
	139	+<features>
	140	+SSL
	141	+</features>
	142	+<server>
	143	+smtp
	144	+</server>
	145	+ <name>
	146	+SMTP STARTTLS pipelined server response
	147	+ </name>
	148	+<stdin>
	149	+mail body
	150	+</stdin>
	151	+ <command>
	152	+smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u user:secret --ssl --sasl-ir -T -
	153	+</command>
	154	+</client>
	155	+
	156	+#
	157	+# Verify data after the test has been "shot"
	158	+<verify>
	159	+# 8 is CURLE_WEIRD_SERVER_REPLY
	160	+<errorcode>
	161	+8
	162	+</errorcode>
	163	+<protocol>
	164	+EHLO %TESTNUMBER
	165	+STARTTLS
	166	+</protocol>
	167	+</verify>
	168	+</testcase>
	169	diff --git a/tests/data/test981 b/tests/data/test981
	170	new file mode 100644
	171	index 0000000..2b98ce4
	172	--- /dev/null
	173	+++ b/tests/data/test981
	174	@@ -0,0 +1,59 @@
	175	+<testcase>
	176	+<info>
	177	+<keywords>
	178	+IMAP
	179	+STARTTLS
	180	+</keywords>
	181	+</info>
	182	+
	183	+#
	184	+# Server-side
	185	+<reply>
	186	+<servercmd>
	187	+CAPA STARTTLS
	188	+REPLY STARTTLS A002 BAD currently unavailable\r\nA003 OK Authenticated\r\nA004 OK Accepted
	189	+REPLY LOGIN A003 BAD Authentication credentials invalid
	190	+</servercmd>
	191	+</reply>
	192	+
	193	+#
	194	+# Client-side
	195	+<client>
	196	+<features>
	197	+SSL
	198	+</features>
	199	+<server>
	200	+imap
	201	+</server>
	202	+ <name>
	203	+IMAP STARTTLS pipelined server response
	204	+ </name>
	205	+ <command>
	206	+imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl
	207	+</command>
	208	+<file name="log/upload%TESTNUMBER">
	209	+Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST)
	210	+From: Fred Foobar <foobar@example.COM>
	211	+Subject: afternoon meeting
	212	+To: joe@example.com
	213	+Message-Id: <B27397-0100000@example.COM>
	214	+MIME-Version: 1.0
	215	+Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
	216	+
	217	+Hello Joe, do you think we can meet at 3:30 tomorrow?
	218	+</file>
	219	+</client>
	220	+
	221	+#
	222	+# Verify data after the test has been "shot"
	223	+<verify>
	224	+# 8 is CURLE_WEIRD_SERVER_REPLY
	225	+<errorcode>
	226	+8
	227	+</errorcode>
	228	+<protocol>
	229	+A001 CAPABILITY
	230	+A002 STARTTLS
	231	+</protocol>
	232	+</verify>
	233	+</testcase>
	234	diff --git a/tests/data/test982 b/tests/data/test982
	235	new file mode 100644
	236	index 0000000..9e07cc0
	237	--- /dev/null
	238	+++ b/tests/data/test982
	239	@@ -0,0 +1,57 @@
	240	+<testcase>
	241	+<info>
	242	+<keywords>
	243	+POP3
	244	+STARTTLS
	245	+</keywords>
	246	+</info>
	247	+
	248	+#
	249	+# Server-side
	250	+<reply>
	251	+<servercmd>
	252	+CAPA STLS USER
	253	+REPLY STLS -ERR currently unavailable\r\n+OK user accepted\r\n+OK authenticated
	254	+REPLY PASS -ERR Authentication credentials invalid
	255	+</servercmd>
	256	+<data nocheck="yes">
	257	+From: me@somewhere
	258	+To: fake@nowhere
	259	+
	260	+body
	261	+
	262	+--
	263	+ yours sincerely
	264	+</data>
	265	+</reply>
	266	+
	267	+#
	268	+# Client-side
	269	+<client>
	270	+<features>
	271	+SSL
	272	+</features>
	273	+<server>
	274	+pop3
	275	+</server>
	276	+ <name>
	277	+POP3 STARTTLS pipelined server response
	278	+ </name>
	279	+ <command>
	280	+pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl
	281	+ </command>
	282	+</client>
	283	+
	284	+#
	285	+# Verify data after the test has been "shot"
	286	+<verify>
	287	+# 8 is CURLE_WEIRD_SERVER_REPLY
	288	+<errorcode>
	289	+8
	290	+</errorcode>
	291	+<protocol>
	292	+CAPA
	293	+STLS
	294	+</protocol>
	295	+</verify>
	296	+</testcase>
	297	diff --git a/tests/data/test983 b/tests/data/test983
	298	new file mode 100644
	299	index 0000000..300ec45
	300	--- /dev/null
	301	+++ b/tests/data/test983
	302	@@ -0,0 +1,52 @@
	303	+<testcase>
	304	+<info>
	305	+<keywords>
	306	+FTP
	307	+STARTTLS
	308	+</keywords>
	309	+</info>
	310	+
	311	+#
	312	+# Server-side
	313	+<reply>
	314	+<servercmd>
	315	+REPLY AUTH 500 unknown command\r\n500 unknown command\r\n331 give password\r\n230 Authenticated\r\n257 "/"\r\n200 OK\r\n200 OK\r\n200 OK\r\n226 Transfer complete
	316	+REPLY PASS 530 Login incorrect
	317	+</servercmd>
	318	+</reply>
	319	+
	320	+# Client-side
	321	+<client>
	322	+<features>
	323	+SSL
	324	+</features>
	325	+<server>
	326	+ftp
	327	+</server>
	328	+ <name>
	329	+FTP STARTTLS pipelined server response
	330	+ </name>
	331	+<file name="log/test%TESTNUMBER.txt">
	332	+data
	333	+ to
	334	+ see
	335	+that FTPS
	336	+works
	337	+ so does it?
	338	+</file>
	339	+ <command>
	340	+--ssl --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -P %CLIENTIP
	341	+</command>
	342	+</client>
	343	+
	344	+# Verify data after the test has been "shot"
	345	+<verify>
	346	+# 8 is CURLE_WEIRD_SERVER_REPLY
	347	+<errorcode>
	348	+8
	349	+</errorcode>
	350	+<protocol>
	351	+AUTH SSL
	352	+</protocol>
	353	+</verify>
	354	+</testcase>
	355	--
	356	2.34.1
	357