From 830148e419564d5fd394af0b87cec660ee6415c0 Mon Sep 17 00:00:00 2001
From: Timothe Litt <litt@acm.org>
Date: Tue, 27 Jul 2021 19:08:07 -0400
Subject: [PATCH] Ensure that ftpes: and ftps: use TLS

Prevent fallback to insecure when a secure protocol is requested.
---
 getssl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/getssl b/getssl
index 01638fe..2002d91 100755
--- a/getssl
+++ b/getssl
@@ -955,10 +955,10 @@ copy_file_to_location() { # copies a file, using scp, sftp or ftp if required.
       debug "from dir=$fromdir  file=$fromfile"
       if [[ "${to:0:5}" == "ftps:" ]] ; then
         # shellcheck disable=SC2086
-        curl $FTPS_OPTIONS --ftp-ssl -u "${ftpuser}:${ftppass}" -T "${fromdir}/${fromfile}" "ftp://${ftphost}${ftpdirn}:990/"
+        curl $FTPS_OPTIONS --ftp-ssl --ftp-ssl-reqd -u "${ftpuser}:${ftppass}" -T "${fromdir}/${fromfile}" "ftp://${ftphost}${ftpdirn}:990/"
       else
         # shellcheck disable=SC2086
-        curl $FTPS_OPTIONS --ftp-ssl -u "${ftpuser}:${ftppass}" -T "${fromdir}/${fromfile}" "ftp://${ftphost}${ftpdirn}/"
+        curl $FTPS_OPTIONS --ftp-ssl --ftp-ssl-reqd -u "${ftpuser}:${ftppass}" -T "${fromdir}/${fromfile}" "ftp://${ftphost}${ftpdirn}/"
       fi
     else
       if ! mkdir -p "$(dirname "$to")" ; then