From 6c69fdbf4bc8745a7eb2e82eafe0d5c848e08417 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Wed, 27 Apr 2022 13:34:03 +0200
Subject: [PATCH] Relax STARTTLS FTP requirement

In rare? occassions where the STARTTLS FEAT request only displays AUTH instead
of AUTH TLS, testssl.sh fails as it cannot upgrade to TLS.

Required by RFC 4217 is only AUTH ("MUST"), AUTH TLS is optional ("should"), see section 6.
This commit relaxes the presence of TLS after AUTH and it fixes #2132.
---
 testssl.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index 24e2d4b..8e9db28 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -11044,7 +11044,7 @@ starttls_full_read(){
 
 starttls_ftp_dialog() {
      local -i ret=0
-     local reSTARTTLS='^ AUTH TLS'
+     local reSTARTTLS='^ AUTH'
 
      debugme echo "=== starting ftp STARTTLS dialog ==="
      starttls_full_read '^220-' '^220 '     ''                   "received server greeting" &&