cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Error "SSL3_GET_RECORD: wrong version number" while listing ftpsdirectory

From: Shun-Li Huang <shunli_huang_at_yahoo.com>
Date: Tue, 18 Jan 2005 22:44:24 +0000 (UTC)

Daniel Stenberg <daniel-curl <at> haxx.se> writes:

>
> On Mon, 17 Jan 2005, Shun-Li Huang wrote:
>
> > I had the same issue when using cURL connecting to a remote FTP site using
> > GlubTech's "Secure FTP Wrapper", which implements IMPLICIT SSLFTP (port
> > 990). I tried both PASSIVE mode and PORT mode, and got two different
> > errors:
>
> ...
>
> > * error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
>
> It is indeed very odd that the second connect fails when the first succeeded
> fine. Are you sure the second one is expected to use SSL/TLS? Perhaps this
> server uses some old non-standard ftp-ssl approach like having the data
> connection in plain text.
>
> >> PORT xx,x,x,xx,238,176
> > * FTP response reading failed
> > * Connection #0 to host xxx.xxx.xxx left intact
> > curl: (56) FTP response reading failed
>
> This is different. It looks like the server doesn't respond properly when it
> receives a PORT command!
>

Hi, Daniel:

I posted your reponse to GlubTech's forum
(http://www.glub.com/jive/jsp/viewThread.jsp?forum=2&thread=488), and I got
this reply:
-----------------------------------------------
Re: Error connecting to FTP server using Secure FTP Wrapper
posted by: gary ( Gary Cohen )
We are following spec:

Initial Data Connection Security

The initial state of the data connection MUST be 'Clear' (this is
the behaviour as indicated by [RFC-2228].)

http://www.ietf.org/internet-drafts/draft-murray-auth-ftp-ssl-15.txt

cURL is breaking spec by assuming that the data connection is secure.
Additionally they send a PBSZ 0 command but no PROT P command. They need to do
send a PROT command following a PBSZ command.
-----------------------------------------------

Is his statement about cURL correct?

--
Shun-Li Huang
Received on 2005-01-18