From 7bb7b2c2a4ec28747d4c0cf9b28ca673895dbd40 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 7 Jun 2026 00:22:53 +0200 Subject: [PATCH] tool: warn when --ssl and --ftp-ssl-control override each other and mention this properly in the docs. Closes #21887 --- docs/cmdline-opts/ftp-ssl-control.md | 2 ++ docs/cmdline-opts/ssl.md | 2 ++ src/tool_getparam.c | 8 ++++++++ 3 files changed, 12 insertions(+) diff --git a/docs/cmdline-opts/ftp-ssl-control.md b/docs/cmdline-opts/ftp-ssl-control.md index a68359a7b6..fa85de24f1 100644 --- a/docs/cmdline-opts/ftp-ssl-control.md +++ b/docs/cmdline-opts/ftp-ssl-control.md @@ -18,3 +18,5 @@ Example: Require SSL/TLS for the FTP login, clear for transfer. Allows secure authentication, but non-encrypted data transfers for efficiency. Fails the transfer if the server does not support SSL/TLS. + +If set, this option overrides --ssl. diff --git a/docs/cmdline-opts/ssl.md b/docs/cmdline-opts/ssl.md index 5951d01991..b234585809 100644 --- a/docs/cmdline-opts/ssl.md +++ b/docs/cmdline-opts/ssl.md @@ -30,5 +30,7 @@ OpenLDAP backend and ignored by the generic ldap backend. Please note that a server may close the connection if the negotiation fails. +If set, this option overrides --ftp-ssl-control. + This option was formerly known as --ftp-ssl (added in 7.11.0). That option name can still be used but might be removed in a future version. diff --git a/src/tool_getparam.c b/src/tool_getparam.c index 00fd8515a5..35c01b1d92 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -1908,6 +1908,10 @@ static ParameterError opt_bool(struct OperationConfig *config, if(config->ftp_ssl) warnf("--%s is an insecure option, consider --ssl-reqd instead", a->lname); + if(toggle && config->ftp_ssl_control) { + config->ftp_ssl_control = FALSE; + warnf("--%s overrides --ftp-ssl-control", a->lname); + } break; case C_FTP_SSL_CCC: /* --ftp-ssl-ccc */ config->ftp_ssl_ccc = toggle; @@ -1959,6 +1963,10 @@ static ParameterError opt_bool(struct OperationConfig *config, break; case C_FTP_SSL_CONTROL: /* --ftp-ssl-control */ config->ftp_ssl_control = toggle; + if(toggle && config->ftp_ssl) { + config->ftp_ssl = FALSE; + warnf("--%s overrides --ssl", a->lname); + } break; case C_RAW: /* --raw */ config->raw = toggle;