cURL / Mailing Lists / curl-users / Single Mail

curl-users

FTP-ssl command channel clear mode

From: Devraj Mukherjee <lugs_at_eternitytechnologies.com>
Date: Wed, 12 Oct 2005 14:38:02 +1000

Hi everyone,

I am attempting to use FTP over SSL to download files. The server
however requires the command channel to be cleared once the login
process has been completed.

I believe it is part of the FTP-SSL2 implementation that requires this.
Curl works great but does not clear the command channel after logon.

Commercial products such as WS_FTP or SmartFTP will do it, obviously the
problem is that the products will only run on Windows operating systems.

My questions are:

1. Is there anyone out there who has done this and how?
2. If not, then can anyone write a patch for Curl to do this? My client
is prepared to pay for the development time and is willing to release
the patch back into the main code base under GPL.

Devraj

----
SmartFTP Knowledge Base
Home > Features > Clear Command Channel (CCC)
Article 2551 
(http://www.smartftp.com/support/kb/index.php/2551?a=print&id=2551)
Created  25 Mar 2005
Modified    25 Aug 2005
Hits  15345
Clear Command Channel (CCC)
The CCC command makes a secured control/command channel revert back into 
plaintext (un-secured).
This feature helps to solve data connection problems in situations where 
all the conditions below are met:
     * Secure (SSL Explicit) connection to the remote server
     * Client behind a NAT router.
     * Control connection to port 21
     * Passive (PASV) data connections aren't working (e.g. incoming 
connections blocked on the server side or FTP server behind a NAT)
If the Clear Control Connection (CCC) setting is enabled, the FTP client 
connects to the server, negotiates a secure connection, authenticates 
(sends user and password) and reverts back to plaintext. To change the 
"Control Channel Mode" in SmartFTP go to the Settings->Connection->SSL 
dialog.
Technical Background
NAT routers automatically examing the PORT command sent through a 
control channel for un-secured control connections to the default FTP 
port (21) of the remote FTP server. This allows them to open an incoming 
port for the data connection, setup the routing/forwarding and rewrite 
the PORT IP with the external (WAN) IP address. If a secured connection 
(SSL) is made to a FTP server, the NAT router cannot interpret the data 
correctly as everything is encrypted. Therefore it cannot translate a 
PORT command and open the appropriate port for the expected incoming 
data connection. By sending a CCC command and further reverting back to 
plaintext the NAT router are once again able to translate the PORT commands.
Server Support
WS_FTP Server 5.04, ShareIt
References
Draft Murray Auth FTP SSL 
(http://www.ietf.org/internet-drafts/draft-murray-auth-ftp-ssl-16.txt)
Microsoft - How NAT works 
(http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/w2k3tr_nat_how.asp)
RFC 1631 - The IP Network Address Translator (NAT) 
(http://www.ietf.org/rfc/rfc1631.txt)
Keywords
Received on 2005-10-12