From 405f4316125e58d15c6da14ec6f87d102ac3d4b4 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Wed, 27 Apr 2022 14:52:46 +0200
Subject: [PATCH] Relax STARTTLS FTP requirement (3.0)

In rare? occassions where the STARTTLS FEAT request only displays AUTH instead
of AUTH TLS, testssl.sh fails as it cannot upgrade to TLS.

Required by RFC 4217 is only AUTH ("MUST"), AUTH TLS is optional ("should"), see section 6.
This PR relaxes the presence of TLS after AUTH and fixes #2132 for the 3.0 branch.
---
 testssl.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index 5eefe4e..95a51c0 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -10297,7 +10297,7 @@ starttls_full_read(){
 
 starttls_ftp_dialog() {
      debugme echo "=== starting ftp STARTTLS dialog ==="
-     local reAUTHTLS='^ AUTH TLS'
+     local reAUTHTLS='^ AUTH'
      starttls_full_read '^220-' '^220 '                    && debugme echo "received server greeting" &&
      starttls_just_send 'FEAT'                             && debugme echo "sent FEAT" &&
      starttls_full_read '^(211-| )' '^211 ' "${reAUTHTLS}" && debugme echo "received server features and checked STARTTLS availability" &&