curl-library
Re: Réf. : Ftps
Date: Wed, 14 Sep 2005 01:50:05 -0500
Luis,
That number (577736507914191548) is in excess of 500 petabytes. Are you
really trying to ship that much data??
Ralph Mitchell
On 9/14/05, Philippe HAMEAU <philippe.hameau_at_sagem.com> wrote:
>
>
> maybe it can help if you send your "modified ftpupload sample" !
> Due to your file size (0 out of 577736507914191548 bytes), I guess there
> is some curl_off_t casting that is missing.
>
> Phil
>
>
>
> *"Luiz Rafael Culik Guimaraes" <luiz_at_xharbour.com.br>*
>
> Envoyé par : curl-library-bounces_at_cool.haxx.se
>
> 13/09/2005 19:28
> Veuillez répondre à libcurl development
> Remis le : 13/09/2005 19:40
>
> Pour : "libcurl development" <curl-library_at_cool.haxx.se>
> cc : (ccc : Philippe HAMEAU/DRD/SAGEM)
> Objet : Ftps
>
>
>
> Dear Friends
>
> I have some problems with ftps with my self signed certificate
> Bellow the ftp transaction(by running an modified ftpupload sample to use
> ssl)
>
> * About to connect() to localhost port 21
> * Trying 127.0.0.1... * connected
> * Connected to localhost (127.0.0.1 <http://127.0.0.1>) port 21
> < 220 ProFTPD 1.3.0rc2 Server (ProFTPD Default Installation)
> [::ffff:127.0.0.1 <http://127.0.0.1>]
> > AUTH TLS
> < 234 AUTH TLS successful
> * successfully set certificate verify locations:
> * CAfile: /usr/local/share/curl/curl-ca-bundle.crt
> CApath: none
> * SSL connection using DHE-RSA-AES256-SHA
> * Server certificate:
> * subject: /C=BR/ST=Rio Grande do Sul/L=Sao Lepoldo/O=xHarbour
> brasil/OU=xharbour/CN=localhost/emailAddress=luiz_at_xharbour.com.br
> * start date: 2005-09-13 15:02:22 GMT
> * expire date: 2010-09-12 15:02:22 GMT
> * issuer: /C=BR/ST=Rio Grande do Sul/L=Sao Leopoldo/O=xHarbour
> brasil/OU=xharbour/CN=localhost/emailAddress=luiz_at_xharbour.com.br
> * SSL certificate verify result: error number 1 (19), continuing anyway.
> > USER rafael
> < 331 Password required for rafael.
> > PASS kl6qaxv9
> < 230 User rafael logged in.
> > PBSZ 0
> < 200 PBSZ 0 successful
> > PROT P
> < 200 Protection set to Private
> > PWD
> < 257 "/" is current directory.
> * Entry path is '/'
> > EPSV
> * Connect data stream passively
> < 229 Entering Extended Passive Mode (|||1037|)
> * Trying 127.0.0.1... * connected
> * Connecting to 127.0.0.1 <http://127.0.0.1> (127.0.0.1 <http://127.0.0.1>)
> port 1037
> * Doing the SSL/TLS handshake on the data stream
> * successfully set certificate verify locations:
> * CAfile: /usr/local/share/curl/curl-ca-bundle.crt
> CApath: none
> * SSL re-using session ID
> * Unknown SSL protocol error in connection to localhost:21
> * Uploaded unaligned file size (0 out of 577736507914191548 bytes)
> * Closing connection #0
>
> Server certificate created with scripts bellow
> #!/bin/sh
> openssl genrsa -des3 -out server.key 1024
> openssl rsa -in server.key -out server.key.unsecure
> openssl req -new -key server.key -out server.csr
> #openssl req -noout -text -in server.csr
> openssl genrsa -des3 -out ca.key 1024
> #openssl rsa -noout -text -in ca.key
> openssl rsa -in ca.key -out ca.key.unsecure
> openssl req -new -x509 -days 365 -key ca.key -out ca.crt
> #openssl x509 -noout -text -in ca.crt
> ./sing.sh server.csr
> and signed with
> #!/bin/sh
> ##
> ## sign.sh -- Sign a SSL Certificate Request (CSR)
> ## Copyright (c) 1998-2001 Ralf S. Engelschall, All Rights Reserved.
> ##
>
> # argument line handling
> CSR=$1
> if [ $# -ne 1 ]; then
> echo "Usage: sign.sign <whatever>.csr"; exit 1
> fi
> if [ ! -f $CSR ]; then
> echo "CSR not found: $CSR"; exit 1
> fi
> case $CSR in
> *.csr ) CERT="`echo $CSR | sed -e 's/\.csr/.crt/'`" ;;
> * ) CERT="$CSR.crt" ;;
> esac
>
> # make sure environment exists
> if [ ! -d ca.db.certs ]; then
> mkdir ca.db.certs
> fi
> if [ ! -f ca.db.serial ]; then
> echo '01' >ca.db.serial
> fi
> if [ ! -f ca.db.index ]; then
> cp /dev/null ca.db.index
> fi
>
> # create an own SSLeay config
> cat >ca.config <<EOT
> [ ca ]
> default_ca = CA_own
> [ CA_own ]
> dir = .
> certs = \$dir
> new_certs_dir = \$dir/ca.db.certs
> database = \$dir/ca.db.index
> serial = \$dir/ca.db.serial
> RANDFILE = \$dir/ca.db.rand
> certificate = \$dir/ca.crt
> private_key = \$dir/ca.key
> unique_subject = no
> # default key expiry set to 5 years but can be changed
> default_days = 1825
> default_crl_days = 30
> default_md = md5
> preserve = no
> policy = policy_anything
> [ policy_anything ]
> countryName = optional
> stateOrProvinceName = optional
> localityName = optional
> organizationName = optional
> organizationalUnitName = optional
> commonName = supplied
> emailAddress = optional
> EOT
>
> # sign the certificate
> echo "CA signing: $CSR -> $CERT:"
> openssl ca -config ca.config -out $CERT -infiles $CSR
> echo "CA verifying: $CERT <-> CA cert"
> openssl verify -CAfile ca.crt $CERT
>
> # cleanup after SSLeay
> rm -f ca.config
> rm -f ca.db.serial.old
> rm -f ca.db.index.old
>
> # die gracefully
> exit 0
>
>
> Also, with this same certificates, i can connect via https and to my
> postgresql server with out problem
>
> Regards
> Luiz Rafael Culik Guimaraes
> www.xharbour.com.br <http://www.xharbour.com.br>
>
>
>
>
Received on 2005-09-14