From 06efb4bafca14659b236a8a2955f7bee13a01a07 Mon Sep 17 00:00:00 2001
From: Jaikiran Pai <jaikiran@apache.org>
Date: Sun, 5 May 2024 17:06:03 +0530
Subject: [PATCH] 68773: ftp - issue PBSZ command before PROT

---
 src/main/org/apache/tools/ant/taskdefs/optional/net/FTP.java | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/main/org/apache/tools/ant/taskdefs/optional/net/FTP.java b/src/main/org/apache/tools/ant/taskdefs/optional/net/FTP.java
index d435a355a0..eee4f8210b 100644
--- a/src/main/org/apache/tools/ant/taskdefs/optional/net/FTP.java
+++ b/src/main/org/apache/tools/ant/taskdefs/optional/net/FTP.java
@@ -2590,6 +2590,10 @@ public void execute() throws BuildException {
             if (useFtps && useSecureDataChannel) {
                 FTPSClient ftps = (FTPSClient) ftp;
                 try {
+                    // first issue a PBSZ command as mandated by RFC-2228.
+                    // we set 0 because the buffer size is redundant since the encryption
+                    // is handled at TLS layer and not application layer
+                    ftps.execPBSZ(0);
                     ftps.execPROT("P"); // P implies PRIVATE and enables encryption
                 } catch (IOException e) {
                     throw new BuildException("failed to enable secure data channel: " + e, e);