From 6a92ad180163bf84aeedc5f955edc13557e6848c Mon Sep 17 00:00:00 2001
From: Carl Hetherington <cth@carlh.net>
Date: Mon, 29 Apr 2019 21:59:33 +0100
Subject: [PATCH 1/1] Ignore the (unrouteable) FTP passive-mode IP address
 given by the Dolby certificate server (#1541).

---
 src/lib/internet.cc                       | 15 +++++++++------
 src/lib/internet.h                        |  8 ++++----
 src/wx/barco_alchemy_certificate_panel.cc |  2 +-
 src/wx/christie_certificate_panel.cc      |  4 ++--
 src/wx/dolby_doremi_certificate_panel.cc  |  2 +-
 src/wx/gdc_certificate_panel.cc           |  2 +-
 src/wx/swaroop_controls.cc                |  2 +-
 7 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/src/lib/internet.cc b/src/lib/internet.cc
index 4eba1efa3..e0af49b66 100644
--- a/src/lib/internet.cc
+++ b/src/lib/internet.cc
@@ -1,5 +1,5 @@
 /*
-    Copyright (C) 2014-2015 Carl Hetherington <cth@carlh.net>
+    Copyright (C) 2014-2019 Carl Hetherington <cth@carlh.net>
 
     This file is part of DCP-o-matic.
 
@@ -48,7 +48,7 @@ get_from_url_data (void* buffer, size_t size, size_t nmemb, void* stream)
 }
 
 optional<string>
-get_from_url (string url, bool pasv, ScopedTemporary& temp)
+get_from_url (string url, bool pasv, bool skip_pasv_ip, ScopedTemporary& temp)
 {
 	CURL* curl = curl_easy_init ();
 	curl_easy_setopt (curl, CURLOPT_URL, url.c_str());
@@ -58,6 +58,9 @@ get_from_url (string url, bool pasv, ScopedTemporary& temp)
 	curl_easy_setopt (curl, CURLOPT_WRITEDATA, f);
 	curl_easy_setopt (curl, CURLOPT_FTP_USE_EPSV, 0);
 	curl_easy_setopt (curl, CURLOPT_FTP_USE_EPRT, 0);
+	if (skip_pasv_ip) {
+		curl_easy_setopt (curl, CURLOPT_FTP_SKIP_PASV_IP, 1);
+	}
 	if (!pasv) {
 		curl_easy_setopt (curl, CURLOPT_FTPPORT, "-");
 	}
@@ -77,10 +80,10 @@ get_from_url (string url, bool pasv, ScopedTemporary& temp)
 }
 
 optional<string>
-get_from_url (string url, bool pasv, function<void (boost::filesystem::path)> load)
+get_from_url (string url, bool pasv, bool skip_pasv_ip, function<void (boost::filesystem::path)> load)
 {
 	ScopedTemporary temp;
-	optional<string> e = get_from_url (url, pasv, temp);
+	optional<string> e = get_from_url (url, pasv, skip_pasv_ip, temp);
 	if (e) {
 		return e;
 	}
@@ -93,11 +96,11 @@ get_from_url (string url, bool pasv, function<void (boost::filesystem::path)> lo
  *  @param load Function passed a (temporary) filesystem path of the unpacked file.
  */
 optional<string>
-get_from_zip_url (string url, string file, bool pasv, function<void (boost::filesystem::path)> load)
+get_from_zip_url (string url, string file, bool pasv, bool skip_pasv_ip, function<void (boost::filesystem::path)> load)
 {
 	/* Download the ZIP file to temp_zip */
 	ScopedTemporary temp_zip;
-	optional<string> e = get_from_url (url, pasv, temp_zip);
+	optional<string> e = get_from_url (url, pasv, skip_pasv_ip, temp_zip);
 	if (e) {
 		return e;
 	}
diff --git a/src/lib/internet.h b/src/lib/internet.h
index 101eaeae9..125533b5d 100644
--- a/src/lib/internet.h
+++ b/src/lib/internet.h
@@ -1,5 +1,5 @@
 /*
-    Copyright (C) 2014 Carl Hetherington <cth@carlh.net>
+    Copyright (C) 2014-2019 Carl Hetherington <cth@carlh.net>
 
     This file is part of DCP-o-matic.
 
@@ -24,6 +24,6 @@
 
 class ScopedTemporary;
 
-boost::optional<std::string> get_from_url (std::string url, bool pasv, ScopedTemporary& temp);
-boost::optional<std::string> get_from_url (std::string url, bool pasv, boost::function<void (boost::filesystem::path)> load);
-boost::optional<std::string> get_from_zip_url (std::string url, std::string file, bool pasv, boost::function<void (boost::filesystem::path)> load);
+boost::optional<std::string> get_from_url (std::string url, bool pasv, bool skip_pasv_ip, ScopedTemporary& temp);
+boost::optional<std::string> get_from_url (std::string url, bool pasv, bool skip_pasv_ip, boost::function<void (boost::filesystem::path)> load);
+boost::optional<std::string> get_from_zip_url (std::string url, std::string file, bool pasv, bool skip_pasv_ip, boost::function<void (boost::filesystem::path)> load);
diff --git a/src/wx/barco_alchemy_certificate_panel.cc b/src/wx/barco_alchemy_certificate_panel.cc
index ba7deb8fd..84048c65c 100644
--- a/src/wx/barco_alchemy_certificate_panel.cc
+++ b/src/wx/barco_alchemy_certificate_panel.cc
@@ -60,7 +60,7 @@ BarcoAlchemyCertificatePanel::do_download ()
 		serial
 		);
 
-	optional<string> error = get_from_url (url, true, boost::bind (&DownloadCertificatePanel::load, this, _1));
+	optional<string> error = get_from_url (url, true, false, boost::bind (&DownloadCertificatePanel::load, this, _1));
 	if (error) {
 		_dialog->message()->SetLabel(wxT(""));
 		error_dialog (this, std_to_wx(*error));
diff --git a/src/wx/christie_certificate_panel.cc b/src/wx/christie_certificate_panel.cc
index fa91cc2b5..9e95aa994 100644
--- a/src/wx/christie_certificate_panel.cc
+++ b/src/wx/christie_certificate_panel.cc
@@ -57,13 +57,13 @@ ChristieCertificatePanel::do_download ()
 
 	optional<string> all_errors;
 
-	optional<string> error = get_from_url (url, true, boost::bind (&DownloadCertificatePanel::load, this, _1));
+	optional<string> error = get_from_url (url, true, false, boost::bind (&DownloadCertificatePanel::load, this, _1));
 	if (error) {
 		all_errors = *error;
 
 		string const url = String::compose ("%1IMB-S2/IMB-S2_%2_sha256.pem", prefix, serial);
 
-		error = get_from_url (url, true, boost::bind (&DownloadCertificatePanel::load, this, _1));
+		error = get_from_url (url, true, false, boost::bind (&DownloadCertificatePanel::load, this, _1));
 		if (error) {
 			*all_errors += "\n" + *error;
 		}
diff --git a/src/wx/dolby_doremi_certificate_panel.cc b/src/wx/dolby_doremi_certificate_panel.cc
index ea0207a9b..c37b42e43 100644
--- a/src/wx/dolby_doremi_certificate_panel.cc
+++ b/src/wx/dolby_doremi_certificate_panel.cc
@@ -177,7 +177,7 @@ DolbyDoremiCertificatePanel::do_download ()
 	list<string>::const_iterator i = urls.begin ();
 	list<string>::const_iterator j = files.begin ();
 	while (!ok && i != urls.end ()) {
-		optional<string> error = get_from_zip_url (*i++, *j++, true, boost::bind (&DownloadCertificatePanel::load, this, _1));
+		optional<string> error = get_from_zip_url (*i++, *j++, true, true, boost::bind (&DownloadCertificatePanel::load, this, _1));
 		if (error) {
 			errors.push_back (error.get ());
 		} else {
diff --git a/src/wx/gdc_certificate_panel.cc b/src/wx/gdc_certificate_panel.cc
index a90f098f5..b0bb31674 100644
--- a/src/wx/gdc_certificate_panel.cc
+++ b/src/wx/gdc_certificate_panel.cc
@@ -51,7 +51,7 @@ GDCCertificatePanel::do_download ()
 		wx_to_std(_serial->GetValue())
 		);
 
-	optional<string> error = get_from_url (url, true, boost::bind (&DownloadCertificatePanel::load, this, _1));
+	optional<string> error = get_from_url (url, true, false, boost::bind (&DownloadCertificatePanel::load, this, _1));
 
 	if (error) {
 		_dialog->message()->SetLabel(wxT(""));
diff --git a/src/wx/swaroop_controls.cc b/src/wx/swaroop_controls.cc
index 78419a08c..33db37bab 100644
--- a/src/wx/swaroop_controls.cc
+++ b/src/wx/swaroop_controls.cc
@@ -348,7 +348,7 @@ SwaroopControls::get_kdm_from_url (shared_ptr<DCPContent> dcp)
 	string url = Config::instance()->kdm_server_url();
 	boost::algorithm::replace_all (url, "{CPL}", *dcp->cpl());
 	optional<dcp::EncryptedKDM> kdm;
-	if (dcp->cpl() && !get_from_url(url, false, temp)) {
+	if (dcp->cpl() && !get_from_url(url, false, false, temp)) {
 		try {
 			kdm = dcp::EncryptedKDM (dcp::file_to_string(temp.file()));
 			if (kdm->cpl_id() != dcp->cpl()) {
-- 
2.30.2