curl-users
RE: CURL FTPS with filezilla server problem
Date: Fri, 6 Jun 2008 14:55:05 +1000
Thank you, that worked ok, but my command downloads the content of the
file and not the file it self which is strange as the format is what the
examples had to download a file.
Regards,
John Zhao
-----Original Message-----
From: curl-users-bounces_at_cool.haxx.se
[mailto:curl-users-bounces_at_cool.haxx.se] On Behalf Of mikep_at_proatria.com
Sent: Thursday, 5 June 2008 8:06 PM
To: the curl tool
Subject: Re: CURL FTPS with filezilla server problem
John,
There are two settings that change the encryption after authentication:
--ftp-ssl-control will use encryption on the control channel but not the
data channel.
--ftp-ssl-ccc will turn off encryption on bot control and data channels
after authentication.
Regards
Mike
On Thu, Jun 05, 2008 at 06:05:17PM +1000, ZHAO John wrote:
> Hi all,
>
> I've tried to search for my problem in the mailing list but can not
find
> an exact solution, I've tried some of the suggested actions to similar
> problems with no success. I can achieve my task with a windows FTP
> client such as cuteFTP but I need to use a AIX method.
>
>
>
> My requirements
>
>
>
> To retrieve files under AIX from a windows filezilla server.
>
> - must be using implicit connection
>
> - command port on 990 and data port on 5000
>
> The above requirements can not be changed as it is tightly controlled.
>
>
>
> my command is:
>
> curl -v --cacert /material/FTP/geodis.pem -u username:password
> ftps://203.24.194.106:990/outbound/
>
>
>
> and below is the log:
>
>
------------------------------------------------------------------------
> ------------------
>
> * About to connect() to 203.24.194.106 port 990 (#0)
>
> * Trying 203.24.194.106... connected
>
> * Connected to 203.24.194.106 (203.24.194.106) port 990 (#0)
>
> * successfully set certificate verify locations:
>
> * CAfile: /material/FTP/geodis.pem
>
> CApath: none
>
> * SSLv2, Client hello (1):
>
> * SSLv3, TLS handshake, Server hello (2):
>
> * SSLv3, TLS handshake, CERT (11):
>
> * SSLv3, TLS handshake, Server finished (14):
>
> * SSLv3, TLS handshake, Client key exchange (16):
>
> * SSLv3, TLS change cipher, Client hello (1):
>
> * SSLv3, TLS handshake, Finished (20):
>
> * SSLv3, TLS change cipher, Client hello (1):
>
> * SSLv3, TLS handshake, Finished (20):
>
> * SSL connection using AES256-SHA
>
> * Server certificate:
>
> * subject: /CN=203.24.194.106/C=AU/ST=NSW/L=Sydney/O=GEodis
> Wilson/OU=IT/emailAddress=
>
> * start date: 2008-06-05 05:17:54 GMT
>
> * expire date: 2009-06-05 05:17:54 GMT
>
> * common name: 203.24.194.106 (matched)
>
> * issuer: /CN=203.24.194.106/C=AU/ST=NSW/L=Sydney/O=GEodis
> Wilson/OU=IT/emailAddress=
>
> * SSL certificate verify ok.
>
> < 220 Geodis Secure FTP Server
>
> > USER xxxxxxx
>
> < 331 Password required for xxxxxxx
>
> > PASS xxxxxxx
>
> < 230 Logged on
>
> > PBSZ 0
>
> < 200 PBSZ=0
>
> > PWD
>
> < 257 "/" is current directory.
>
> * Entry path is '/'
>
> > CWD outbound
>
> < 250 CWD successful. "/outbound" is current directory.
>
> > EPSV
>
> * Connect data stream passively
>
> < 229 Entering Extended Passive Mode (|||5000|)
>
> * Trying 203.24.194.106... connected
>
> * Connecting to 203.24.194.106 (203.24.194.106) port 5000
>
> > TYPE A
>
> < 200 Type set to A
>
> > LIST
>
> < 150 Connection accepted
>
> * Doing the SSL/TLS handshake on the data stream
>
> * successfully set certificate verify locations:
>
> * CAfile: /material/FTP/geodis.pem
>
> CApath: none
>
> * SSLv2, Client hello (1):
>
> * error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
>
> * Closing connection #0
>
> * SSLv3, TLS alert, Client hello (1):
>
> curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol
>
>
------------------------------------------------------------------------
> ------------------
>
>
>
> So the log shows I can authenticate correctly but fails when setting
up
> the data port, from what I've read else where it suggests that the
> server does not encrypt the data channel but CURL expect I to be
> encrypted? I've also tried the suggested of switching on PROT P on
their
> server and the following is the log:
>
>
>
>
------------------------------------------------------------------------
> -----------
>
>
>
> * About to connect() to 203.24.194.106 port 990 (#0)
>
> * Trying 203.24.194.106... connected
>
> * Connected to 203.24.194.106 (203.24.194.106) port 990 (#0)
>
> * successfully set certificate verify locations:
>
> * CAfile: /material/FTP/geodis.pem
>
> CApath: none
>
> * SSLv2, Client hello (1):
>
> * SSLv3, TLS handshake, Server hello (2):
>
> * SSLv3, TLS handshake, CERT (11):
>
> * SSLv3, TLS handshake, Server finished (14):
>
> * SSLv3, TLS handshake, Client key exchange (16):
>
> * SSLv3, TLS change cipher, Client hello (1):
>
> * SSLv3, TLS handshake, Finished (20):
>
> * SSLv3, TLS change cipher, Client hello (1):
>
> * SSLv3, TLS handshake, Finished (20):
>
> * SSL connection using AES256-SHA
>
> * Server certificate:
>
> * subject: /CN=203.24.194.106/C=AU/ST=NSW/L=Sydney/O=GEodis
> Wilson/OU=IT/emailAddress=
>
> * start date: 2008-06-05 05:17:54 GMT
>
> * expire date: 2009-06-05 05:17:54 GMT
>
> * common name: 203.24.194.106 (matched)
>
> * issuer: /CN=203.24.194.106/C=AU/ST=NSW/L=Sydney/O=GEodis
> Wilson/OU=IT/emailAddress=
>
> * SSL certificate verify ok.
>
> < 220 Geodis Secure FTP Server
>
> > USER xxxxxxxx
>
> < 331 Password required for xxxxxxxx
>
> > PASS xxxxxxxx
>
> < 230 Logged on
>
> > PBSZ 0
>
> < 200 PBSZ=0
>
> > PWD
>
> < 257 "/" is current directory.
>
> * Entry path is '/'
>
> > CWD outbound
>
> < 250 CWD successful. "/outbound" is current directory.
>
> > EPSV
>
> * Connect data stream passively
>
> < 229 Entering Extended Passive Mode (|||5000|)
>
> * Trying 203.24.194.106... connected
>
> * Connecting to 203.24.194.106 (203.24.194.106) port 5000
>
> > TYPE A
>
> < 200 Type set to A
>
> > LIST
>
> < 550 PROT P required
>
> * RETR response: 550
>
> * Remembering we are in dir outbound/
>
> * Connection #0 to host 203.24.194.106 left intact
>
> curl: (19) RETR response: 550
>
> > QUIT
>
> < 221 Goodbye
>
> * Closing connection #0
>
> * SSLv3, TLS alert, Client hello (1):
>
>
------------------------------------------------------------------------
> -----------
>
>
>
> If any one can assist would be greatly appreciated
>
>
>
>
>
> Regards,
>
>
>
> JOHN ZHAO
>
> System Administrator SAP
>
>
>
>
>
> -----------------------------------------
> This message and any attachments are confidential and intended
> solely for the addressees. If you receive this message in error,
> please delete it and immediately notify the sender. If the reader
> of this message is not the intended recipient, you are hereby
> notified that any unauthorized use, copying or dissemination is
> prohibited. E-mails are susceptible to alteration. Neither LOREAL
> nor any of its subsidiaries or affiliates shall be liable for the
> message if altered, changed or falsified.
-- Regards Mike Protts Senior Technical Consultant Pro:Atria Ltd +44(0) 870 7656453Received on 2008-06-06