On 5/11/06, Daniel Stenberg <daniel_at_haxx.se> wrote:
> It might also explain why their server doesn't act the way we want, this curl
> speaks FTPS the RFC4217 way.

Yes, the Glub Tech is one crazy program. I think this is the major
drawback to this entire connection here.

When I listed the directory, it was actually an accident. It happened
when I typed "-key" instead of "--key" and the result was that it
showed the directory. Yes, I assume that means it made the complete
stream, but the full file was not placed there.

> Doesn't "place an empty file on the server" imply a STOR as well?

The empty file being stored SEEMS to indicate something is happening,
but I wonder if it is a secure connection when it was placed, or if
somehow their server allows that initial placement until the actual
stream handshake is complete... not that I have a way to ascertain any
of that right now.

> Why the -Q?

I used the -Q as a test because I saw someone else use it in one of
these forum messages and I thought it was worth a try. I tried a lot
of things like that, but this one just happened to have been left
there in the command when I ran for the example.

> > SSL connection timeout
>
> I assume it took some time before this line line was reported?

Yes, after the start of the handshake, it waits about 5 minutes. It
always seems to -attempt- the data connection, but I have never seen
it say it completed it.

> If you compare what happens when you just list a directory, can you detect any
> differences?

The only differences I see with the list is that it never seems to
recognize my --key. I don't seem to need one, as I can make the
initial login just fine. I tried making a key just to see if it would
make a difference but aside from listing the dir, no other output.
There is this one thing that I just noticed at the top. This is the
very first thing listed when I put in the "-key" switch:
* Could not resolve host: c:\OpenSSL\CA.crt; No data record of requested type
* Closing connection #0

curl: (6) Could not resolve host: c:\OpenSSL\CA.crt; No data record of
requested type

After that bit, it goes on and does the connection to the server and
lists the directory.

> To me it seems as if the remote site doesn't support the SSL/TLS negotiation
> on the data connection. If you ethereal this, can you see any SSL/TSL
> negotiation at all taking place on the data connection?

It looks like I stick my hand out and the server just stares at me
nonchalantly. I have tried it with a few other programs, and I get
mixed results. I can get it to work with a program I can't script
directly the way I want, but it shows me that -something- can connect
to this server. After the initial connection, I'm positive i'm still
connected because the PBSZ, PROT, and PWD commands work. After it
does the PASV command, I'm not so sure. I have the feeling that it
loses sight of what's happening during or right after the PASV.
Received on 2006-05-11