curl-users
Re: CURL FTPS with filezilla server problem
Date: Thu, 5 Jun 2008 11:06:20 +0100
John,
There are two settings that change the encryption after authentication:
--ftp-ssl-control will use encryption on the control channel but not the data channel.
--ftp-ssl-ccc will turn off encryption on bot control and data channels after authentication.
Regards
Mike
On Thu, Jun 05, 2008 at 06:05:17PM +1000, ZHAO John wrote:
> Hi all,
>
> I've tried to search for my problem in the mailing list but can not find
> an exact solution, I've tried some of the suggested actions to similar
> problems with no success. I can achieve my task with a windows FTP
> client such as cuteFTP but I need to use a AIX method.
>
>
>
> My requirements
>
>
>
> To retrieve files under AIX from a windows filezilla server.
>
> - must be using implicit connection
>
> - command port on 990 and data port on 5000
>
> The above requirements can not be changed as it is tightly controlled.
>
>
>
> my command is:
>
> curl -v --cacert /material/FTP/geodis.pem -u username:password
> ftps://203.24.194.106:990/outbound/
>
>
>
> and below is the log:
>
> ------------------------------------------------------------------------
> ------------------
>
> * About to connect() to 203.24.194.106 port 990 (#0)
>
> * Trying 203.24.194.106... connected
>
> * Connected to 203.24.194.106 (203.24.194.106) port 990 (#0)
>
> * successfully set certificate verify locations:
>
> * CAfile: /material/FTP/geodis.pem
>
> CApath: none
>
> * SSLv2, Client hello (1):
>
> * SSLv3, TLS handshake, Server hello (2):
>
> * SSLv3, TLS handshake, CERT (11):
>
> * SSLv3, TLS handshake, Server finished (14):
>
> * SSLv3, TLS handshake, Client key exchange (16):
>
> * SSLv3, TLS change cipher, Client hello (1):
>
> * SSLv3, TLS handshake, Finished (20):
>
> * SSLv3, TLS change cipher, Client hello (1):
>
> * SSLv3, TLS handshake, Finished (20):
>
> * SSL connection using AES256-SHA
>
> * Server certificate:
>
> * subject: /CN=203.24.194.106/C=AU/ST=NSW/L=Sydney/O=GEodis
> Wilson/OU=IT/emailAddress=
>
> * start date: 2008-06-05 05:17:54 GMT
>
> * expire date: 2009-06-05 05:17:54 GMT
>
> * common name: 203.24.194.106 (matched)
>
> * issuer: /CN=203.24.194.106/C=AU/ST=NSW/L=Sydney/O=GEodis
> Wilson/OU=IT/emailAddress=
>
> * SSL certificate verify ok.
>
> < 220 Geodis Secure FTP Server
>
> > USER xxxxxxx
>
> < 331 Password required for xxxxxxx
>
> > PASS xxxxxxx
>
> < 230 Logged on
>
> > PBSZ 0
>
> < 200 PBSZ=0
>
> > PWD
>
> < 257 "/" is current directory.
>
> * Entry path is '/'
>
> > CWD outbound
>
> < 250 CWD successful. "/outbound" is current directory.
>
> > EPSV
>
> * Connect data stream passively
>
> < 229 Entering Extended Passive Mode (|||5000|)
>
> * Trying 203.24.194.106... connected
>
> * Connecting to 203.24.194.106 (203.24.194.106) port 5000
>
> > TYPE A
>
> < 200 Type set to A
>
> > LIST
>
> < 150 Connection accepted
>
> * Doing the SSL/TLS handshake on the data stream
>
> * successfully set certificate verify locations:
>
> * CAfile: /material/FTP/geodis.pem
>
> CApath: none
>
> * SSLv2, Client hello (1):
>
> * error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
>
> * Closing connection #0
>
> * SSLv3, TLS alert, Client hello (1):
>
> curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol
>
> ------------------------------------------------------------------------
> ------------------
>
>
>
> So the log shows I can authenticate correctly but fails when setting up
> the data port, from what I've read else where it suggests that the
> server does not encrypt the data channel but CURL expect I to be
> encrypted? I've also tried the suggested of switching on PROT P on their
> server and the following is the log:
>
>
>
> ------------------------------------------------------------------------
> -----------
>
>
>
> * About to connect() to 203.24.194.106 port 990 (#0)
>
> * Trying 203.24.194.106... connected
>
> * Connected to 203.24.194.106 (203.24.194.106) port 990 (#0)
>
> * successfully set certificate verify locations:
>
> * CAfile: /material/FTP/geodis.pem
>
> CApath: none
>
> * SSLv2, Client hello (1):
>
> * SSLv3, TLS handshake, Server hello (2):
>
> * SSLv3, TLS handshake, CERT (11):
>
> * SSLv3, TLS handshake, Server finished (14):
>
> * SSLv3, TLS handshake, Client key exchange (16):
>
> * SSLv3, TLS change cipher, Client hello (1):
>
> * SSLv3, TLS handshake, Finished (20):
>
> * SSLv3, TLS change cipher, Client hello (1):
>
> * SSLv3, TLS handshake, Finished (20):
>
> * SSL connection using AES256-SHA
>
> * Server certificate:
>
> * subject: /CN=203.24.194.106/C=AU/ST=NSW/L=Sydney/O=GEodis
> Wilson/OU=IT/emailAddress=
>
> * start date: 2008-06-05 05:17:54 GMT
>
> * expire date: 2009-06-05 05:17:54 GMT
>
> * common name: 203.24.194.106 (matched)
>
> * issuer: /CN=203.24.194.106/C=AU/ST=NSW/L=Sydney/O=GEodis
> Wilson/OU=IT/emailAddress=
>
> * SSL certificate verify ok.
>
> < 220 Geodis Secure FTP Server
>
> > USER xxxxxxxx
>
> < 331 Password required for xxxxxxxx
>
> > PASS xxxxxxxx
>
> < 230 Logged on
>
> > PBSZ 0
>
> < 200 PBSZ=0
>
> > PWD
>
> < 257 "/" is current directory.
>
> * Entry path is '/'
>
> > CWD outbound
>
> < 250 CWD successful. "/outbound" is current directory.
>
> > EPSV
>
> * Connect data stream passively
>
> < 229 Entering Extended Passive Mode (|||5000|)
>
> * Trying 203.24.194.106... connected
>
> * Connecting to 203.24.194.106 (203.24.194.106) port 5000
>
> > TYPE A
>
> < 200 Type set to A
>
> > LIST
>
> < 550 PROT P required
>
> * RETR response: 550
>
> * Remembering we are in dir outbound/
>
> * Connection #0 to host 203.24.194.106 left intact
>
> curl: (19) RETR response: 550
>
> > QUIT
>
> < 221 Goodbye
>
> * Closing connection #0
>
> * SSLv3, TLS alert, Client hello (1):
>
> ------------------------------------------------------------------------
> -----------
>
>
>
> If any one can assist would be greatly appreciated
>
>
>
>
>
> Regards,
>
>
>
> JOHN ZHAO
>
> System Administrator SAP
>
>
>
>
>
> -----------------------------------------
> This message and any attachments are confidential and intended
> solely for the addressees. If you receive this message in error,
> please delete it and immediately notify the sender. If the reader
> of this message is not the intended recipient, you are hereby
> notified that any unauthorized use, copying or dissemination is
> prohibited. E-mails are susceptible to alteration. Neither LOREAL
> nor any of its subsidiaries or affiliates shall be liable for the
> message if altered, changed or falsified.
-- Regards Mike Protts Senior Technical Consultant Pro:Atria Ltd +44(0) 870 7656453Received on 2008-06-05