curl: warn for --ssl use, considered insecure

Closes #9519
2024-12-09 06:30:06 +08:00 · 2022-09-16 19:03:49 +02:00 · 2022-09-16 19:03:49 +02:00 · 79e404d039
commit 79e404d039
parent 62b8a4dd1c
2 changed files with 7 additions and 1 deletions
--- a/docs/cmdline-opts/ssl.d
+++ b/docs/cmdline-opts/ssl.d
@ -6,8 +6,11 @@ Protocols: FTP IMAP POP3 SMTP LDAP
 Added: 7.20.0
 Category: tls
 Example: --ssl pop3://example.com/
-See-also: insecure ciphers
+See-also: ssl-reqd insecure ciphers
 ---
+Warning: this is considered an insecure option. Consider using --ssl-reqd
+instead to be sure curl upgrades to a secure connection.
+
 Try to use SSL/TLS for the connection. Reverts to a non-secure connection if
 the server does not support SSL/TLS. See also --ftp-ssl-control and --ssl-reqd
 for different levels of encryption required.
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@ -1007,6 +1007,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
        if(toggle && !(curlinfo->features & CURL_VERSION_SSL))
          return PARAM_LIBCURL_DOESNT_SUPPORT;
        config->ftp_ssl = toggle;
+        if(config->ftp_ssl)
+          warnf(global,
+                "--ssl is an insecure option, consider --ssl-reqd instead\n");
        break;
      case 'b': /* --ftp-pasv */
        Curl_safefree(config->ftpport);