curl-users
List command hangs in passive mode
Date: Tue, 8 Apr 2008 19:08:27 -0700
I am having a great deal of trouble trying to connect using curl and I'm
hoping someone can help me understand what is going on. I am trying to
connect to a server using FTP over explicit TLS/SSL. The remote server uses
a data port range of 6100-6199. The network people assure me that the
firewall is opened to allow outgoing connections to those ports. Any
commands in PASV mode including RETR and LIST seem to time out. The network
guy says there is no connection trying to leave my server.
Below is my log. I'd greatly appreciate any help you could give.
Thanks,
Edward
% curl --version
curl 7.18.1 (sparc-sun-solaris2.10) libcurl/7.18.1 OpenSSL/0.9.8g zlib/1.2.3
libidn/1.6
Protocols: tftp ftp telnet dict http file https ftps
Features: IDN IPv6 Largefile NTLM SSL libz
% curl --user XXX:XXX --cacert cacert.pem --tlsv1 --disable-epsv
--ftp-ssl-reqd --show-error --verbose -Q "CWD outbound/BTBT" -Q "TYPE I" -Q
PASV -Q LIST ftp://ftpssl.rbc.com* About to connect() to ftpssl.rbc.com port
21 (#0)
* Trying 142.245.8.80... connected
* Connected to ftpssl.rbc.com (142.245.8.80) port 21 (#0)
< 220 RBCNG FTPS (Version Tue Apr 8 21:55:44 2008) server ready.
> AUTH SSL
< 234 Enabling SSL, awaiting negotiations.
* successfully set certificate verify locations:
* CAfile: cacert.pem
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-MD5
* Server certificate:
* subject: /C=CA/ST=Ontario/L=Toronto/O=Royal Bank of
Canada/OU=GTOnetsp10/CN=ftpssl.rbc.com
* start date: 2007-09-27 00:00:00 GMT
* expire date: 2009-10-09 23:59:59 GMT
* common name: ftpssl.rbc.com (matched)
* issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms
of use at https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure
Server CA
* SSL certificate verify ok.
> USER XXX
< 331 Password required for XXX
> PASS XXX
< 230 User XXX logged in.
> PBSZ 0
< 200 PBSZ Command successful.
> PROT P
< 200 PROT Command successful.
> PWD
< 257 "/usr/nn/gateway/mbox/fxf/XXX" is current directory.
* Entry path is '/usr/nn/gateway/mbox/fxf/XXX'
> CWD outbound/BTBT
< 250 CWD Command successful.
> TYPE I
< 200 Type set to I
> PASV
< 227 Entering Passive Mode (142,245,8,80,24,18)
> LIST
< 150 Opening data connection for '/bin/ls'.
> PASV
* Connect data stream passively
* SSLv3, TLS alert, Client hello (1):
* FTP response reading failed
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
Received on 2008-04-09