cURL / Mailing Lists / curl-library / Single Mail

curl-library

Error while downloading a file using ftps --Unknown SSL protocol error in connection to aa.domain.com:990

From: NAGASEKHAR BHUVANAGIRI <bnagasekhar_at_gmail.com>
Date: Mon, 28 Jan 2008 15:12:46 +0530

Hi,
I am using libcurl to implement secure ftp. I created all the certificates
using openSSL. I am using FileZilla server with SSL/TLS enabled.

When I execute following set of commands from a C++ client program I get an
error "Unknown SSL protocol error in connection to aa.domain.com:990" or
"error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number".

Can somebody help me to resolve this?

C++ code:

curl_easy_setopt(curl,CURLOPT_URL, "ftps://anonymous:anonymous_at_127.0.0.1
/a.out");
curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM");
curl_easy_setopt(curl,CURLOPT_SSLKEYPASSWD,"password");
curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,"PEM");
curl_easy_setopt(curl,CURLOPT_SSLCERT,"C:\\TEST\\clientnew.pem");
curl_easy_setopt(curl,CURLOPT_SSLKEY,"C:\\TEST\\CLIENT.key");
curl_easy_setopt(curl,CURLOPT_CAINFO,"C:\\TEST\\CAcert.cer");
curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,1);
curl_easy_setopt(curl,CURLOPT_VERBOSE, 1);
curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION, &my_fwrite);
curl_easy_setopt(curl,CURLOPT_WRITEDATA, (void *)&chunk);
res = curl_easy_perform(curl);
The output:

* About to connect() to 127.0.0.1 port 990
* Trying xx.xxx.xxx.xx... * connected
* Connected to 127.0.0.1 (xx.xxx.xxx.xx) port 990
* successfully set certificate verify locations:
* CAfile: C:\TEST\CAcert.cer
  CApath: none
* SSL connection using AES256-SHA
* Server certificate:
* subject: /C=IN/ST=KAR/L=BAN/O=OR/OU=PT/CN=
aa.domain.com/emailAddress=a.b_at_c.COM <BHUVANAGIRI_at_ORACLE.COM>
* start date: 2008-01-28 06:56:28 GMT
* expire date: 2009-01-28 07:06:28 GMT
* common name: aa.domain.COM (matched)
* issuer: /C=US/ST=CA/L=Pl/O=PI/OU=PT/DC=com/DC=pe/CN=Pl
s TEST root CA
* SSL certificate verify ok.
< 220-FileZilla Server version 0.9.24 beta
< 220-written by Tim Kosse (Tim.Kosse_at_gmx.de)
< 220 Please visit http://sourceforge.net/projects/filezilla/
> USER anonymous
< 331 Password required for anonymous
> PASS anonymous
< 230 Logged on
* We have successfully logged in
> PBSZ 0
< 200 PBSZ=0
> PWD
< 257 "/" is current directory.
* Entry path is '/'
* protocol connect phase DONE
* DO phase starts
> EPSV
* Connect data stream passively
< 229 Entering Extended Passive Mode (|||1315|)
* Trying xx.xxx.xxx.xx... * connected
* Connecting to xx.xxx.xxx.xx (xx.xxx.xxx.xx) port 1315
* DO phase is comlete
* DO-MORE phase starts
> TYPE I
< 200 Type set to I
> SIZE a.out
< 213 37765
> RETR a.out
< 150 Connection accepted
* Doing the SSL/TLS handshake on the data stream
* successfully set certificate verify locations:
* CAfile: C:\TEST\CAcert.cer
  CApath: none
* SSL re-using session ID
* Unknown SSL protocol error in connection to aa.domain.com:990
* DO-MORE phase ends
* Connection #0 to host aa.domain.com left intact
* Closing connection #0
Press any key to continue . . .

The alternate run of this program gives the following error ( the last 4
lines of the output are different):

* error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
* DO-MORE phase ends
* Connection #0 to host bng-psft632.peoplesoft.com left intact
* Closing connection #0

Thank you,

Nagasekhar
Received on 2008-01-28