curl-users
Problem connecting to ProFTPD with FTPES using CCC option
Date: Wed, 5 May 2010 08:34:49 +0100
Hi,
I have set-up a SSL-enabled ProFTPD server v1.3.3 and try to connect using the following command line:
curl --user xxx:xxx --ftp-ssl --ftp-ssl-ccc-mode active --insecure --verbose ftp://foobar/
The connection attempt fails when curl tries to establish the data connection to read the remote directory. This is the output I get from curl:
* About to connect() to foobar port 21 (#0)
* Trying 1.2.3.4... connected
* Connected to foobar (1.2.3.4) port 21 (#0)
< 220 ProFTPD 1.3.3 Server (foobar) [::ffff:1.2.3.4]
> AUTH SSL
< 234 AUTH SSL successful
* SSL: couldn't set callback!
* error setting certificate verify locations, continuing anyway:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: /C=DE/ST=Some-State/O=Internet Widgits Pty Ltd/CN=John Doe/emailAddress=jdoe_at_foobar
* start date: 2010-04-21 11:34:02 GMT
* expire date: 2011-04-21 11:34:02 GMT
* common name: John Doe (does not match 'foobar')
* issuer: /C=DE/ST=Some-State/O=Internet Widgits Pty Ltd/CN=John Doe/emailAddress=jdoe_at_foobar
* SSL certificate verify result: self signed certificate (18), continuing anyway.
> USER xxx
< 331 Password required for xxx
> PASS xxx
< 230 User xxx logged in
> PBSZ 0
< 200 PBSZ 0 successful
> PROT P
< 200 Protection set to Private
> CCC
< 200 Clearing control channel protection
* SSL_get_shutdown() returned SSL_SENT_SHUTDOWN|SSL_RECEIVED__SHUTDOWN
> PWD
< 257 "/home" is the current directory
* Entry path is '/home'
> EPSV
* Connect data stream passively
< 229 Entering Extended Passive Mode (|||65286|)
* Trying 1.2.3.4... connected
* Connecting to 1.2.3.4 (1.2.3.4) port 65286
> TYPE A
< 200 Type set to A
> LIST
< 150 Opening ASCII mode data connection for file list
* Doing the SSL/TLS handshake on the data stream
* SSL: couldn't set callback!
* error setting certificate verify locations, continuing anyway:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSL re-using session ID
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: /C=DE/ST=Some-State/O=Internet Widgits Pty Ltd/CN=John Doe/emailAddress=jdoe_at_foobar
* start date: 2010-04-21 11:34:02 GMT
* expire date: 2011-04-21 11:34:02 GMT
* common name: John Doe (does not match 'foobar')
* issuer: /C=DE/ST=Some-State/O=Internet Widgits Pty Ltd/CN=John Doe/emailAddress=jdoe_at_foobar
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* Maxdownload = -1
* Remembering we are in dir ""
* FTP response reading failed
* Connection #0 to host foobar left intact
curl: (56) FTP response reading failed
> QUIT
* FTP response reading failed
* Closing connection #0
If I just omit the CCC command by removing "--ftp-ssl-ccc-mode active" from the command line, everything works fine. Setting ftp-ssl-ccc-mode to passive leads to a timeout, obviously the server does not initiate the CCC sequence.
My question is: Can anyone confirm this behavior with ProFTPD? Other servers (FileZilla server, for example) work well with the above command line. I know that older ProFTPD versions had a bug with the CCC command, but it should be fixed in 1.3.3.
Curl --version gives me:
curl 7.19.0 (i586-pc-mingw32msvc) libcurl/7.19.0 OpenSSL/0.9.8h zlib/1.2.3
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: Largefile NTLM SSL SSPI libz
Thanks for your help,
Andreas
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-05-05