cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: libcurl: Problem when connect to a shared hosting server over ftp+ssl

From: chu ngoc hung <hungcn_at_gmail.com>
Date: Tue, 5 Feb 2013 14:16:01 +0700

*Here is my log* (when disable host/peer):

* About to connect() to dysoft-mobile.com port 21 (#0)
* Trying 69.195.91.50...
* connected
* Connected to dysoft-mobile.com (69.195.91.50) port 21 (#0)
* FTP 0x282dda0 state change from STOP to WAIT220
< 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------

< 220-You are user number 7 of 1000 allowed.

< 220-Local time is now 00:13. Server port: 21.

< 220-This is a private system - No anonymous login

< 220-IPv6 connections are also welcome on this server.

< 220 You will be disconnected after 15 minutes of inactivity.

> AUTH SSL

* FTP 0x282dda0 state change from WAIT220 to AUTH
< 500 This security scheme is not implemented

> AUTH TLS

< 234 AUTH TLS OK.

* successfully set certificate verify locations:
* CAfile:
/var/mobile/Applications/8C67AD7C-FDC0-44E4-8619-BAB587542A93/Documents/cacert.pem
  CApath: none
* SSL connection using CAMELLIA256-SHA
* Server certificate:
* subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; CN=*.
bluehost.com
* start date: 201
* expire date: 202
* issuer: C=G
* SSL certificate verify ok.
> USER hungcn_at_dysoft-mobile.com

* FTP 0x282dda0 state change from AUTH to USER
< 331 User hungcn_at_dysoft-mobile.com OK. Password required

> PASS ***

* FTP 0x282dda0 state change from USER to PASS
< 230 OK. Current restricted directory is /

> PBSZ 0

* FTP 0x282dda0 state change from PASS to PBSZ
< 200 PBSZ=0

> PROT P

* FTP 0x282dda0 state change from PBSZ to PROT
< 200 Data protection level set to "private"

> PWD

* FTP 0x282dda0 state change from PROT to PWD
< 257 "/" is your current location

* Entry path is '/'
* FTP 0x282dda0 state change from PWD to STOP
* protocol connect phase DONE
* DO phase starts
> CWD /

* FTP 0x282dda0 state change from STOP to QUOTE
< 250 OK. Current directory is /

> CWD /

< 250 OK. Current directory is /

> EPSV

* FTP 0x282dda0 state change from QUOTE to PASV
* Connect data stream passively
< 229 Extended Passive mode OK (|||38012|)

* Trying 69.195.91.50...
* Operation timed out
* couldn't connect to host
* got positive EPSV response, but can't connect. Disabling EPSV
> PASV

< 227 Entering Passive Mode (69,195,91,50,150,124)

* Trying 69.195.91.50...
* Operation timed out
* couldn't connect to host
* DO phase is complete
* Closing connection #0
* Couldn't connect to server

*And Cyberduck's log is* (when reasemble a tcp stream):

220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 6 of 1000 allowed.
220-Local time is now 00:09. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
AUTH TLS
234 AUTH TLS OK.
....Q...M..Q........q.+[....?._;X..&h.OF.....&...../.5.3.9.2.8.
..........................Q...M..Q....{)..........pI.B]u..DJ..... *...(
...sJO.....zL...b...s.............................&0.."0..
.........N..80..Ue..:..0
..*.H..
.....0q1.0...U....GB1.0...U....Greater Manchester1.0...U....Salford1.0...U.
..Comodo CA Limited1.0...U....PositiveSSL CA0..
100113000000Z.
200218235959Z0[1!0...U....Domain Control Validated1.0...U....PositiveSSL
Wildcard1.0...U....*.bluehost.com0.."0
..*.H..
..........0..
.......wyMb|.....].
.,.M2..V.H.Z.m.Se*.;UX......K&......$..h.%.n}S-...u/G
Cb3^.8...%1..*V..K...R/..c.z.1.RB$..:.fg.....Tdj~..|J7G.u..Q...BN.....Af"c
-...T..m.Y
...v1...u.X..#.Xoj1.3......Y.B...P.QQ.6=.GC_at_g.
"...R(.0......5Oa...s..Q..f..j\w..P'..Cb......V.$m....!.........0...0...U.#..0........1y......*..5.1.0...U..........wN
|.../.dn.y...0...U...........0...U.......0.0...U.%..0...+.........+.......0F..U.
.?0=0;..+.....1....0,0*..+.........
http://www.positivessl.com/CPS0i..U...b0`0/.-.+.)http://crl.comodoca.com/PositiveSSLCA.crl0-.+.).'http://crl.comodo.net/PositiveSSLCA.crl0k..+........_0]05..+.....0..)http://crt.comodoca.com/PositiveSSLCA.crt0$..+.....0...http://ocsp.comodoca.com0'..U...
0...*.bluehost.com..bluehost.com0
..*.H..
..........#...h....O.....5..
....25....:b..A.8..#...%t.....z;..pee...t.Xc$..TZ^..,$...LD.>.d.....O.......I.
..*\k.....)..i..O..0..
.^....j.8,.Xj>.8...K.=r....o.{vYI.....$....h.w.....j...0.1..5B~.u..F._QH?.....Ez.......^.5G........w.....R.?5.~....?.'e..U,!.I.n......u...0...0..........L.J.[E.!.../.+Qq0
..*.H..
.....0..1.0...U....US1.0...U....UT1.0...U....Salt Lake City1.0...U.
..The USERTRUST Network1!0...U....http://www.usertrust.com1.0.
..U....UTN-USERFirst-Hardware0..
060918000000Z.
200530104838Z0q1.0...U....GB1.0...U....Greater
Manchester1.0...U....Salford1.0...U.
..Comodo CA Limited1.0...U....PositiveSSL CA0.."0
..*.H..
..........0..
......OyX"..(>R../.. ..-U.......*..^...X.T
...A...U.... .E.&. .=...1
!\y.y.$.\V...............S..F...$.b...^+Z...P...(*M..HO....O......?....,.
....p..i..<......?n...-..].........~....}..:=.r.y%.......V^...Z..b4+(H2.........f.....iM....]..7b........~.jR.................n0..j0...U.#..0....r_&.(.C.].7....K..E0...U...........1y......*..5.1.0...U...........0...U.......0.......0{..U...t0r08.6.4.2
http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06.4.2.0http://crl.comodo.net/UTN-USERFirst-Hardware.crl0....+........z0x0;..+.....0../http://crt.comodoca.com/UTNAddTrustServerCA.crt09..+.....0..-http://crt.comodo.net/UTNAddTrustServerCA.crt0
..*.H..
...............H]..Z........l.I.
1.1\...d.....Z-..;>!e....~@...i....1.j....&=[!.....=.<...._.S........NI}.......e....1w..*....j-.e..g.m.J.f..2M.B#..EAjv.....n..>.Q......P*...o
"6...F....;}.....2+.....@
..$..]..........KS}.(.V=..gI......+LG..L.D...c..{[1.&a.y...N..P{....0...0..n.......RB.JO7.CiHz.g.]'0
..*.H..
.....0o1.0...U....SE1.0...U.
..AddTrust AB1&0$..U....AddTrust External TTP Network1"0 ..U....AddTrust
External CA Root0..
050607080910Z.
200530104838Z0..1.0...U....US1.0...U....UT1.0...U....Salt Lake City1.0...U.
..The USERTRUST Network1!0...U....http://www.usertrust.com1.0.
..U....UTN-USERFirst-Hardware0.."0
..*.H..
..........0..
........8?....9.Qg.m...X...+.
.T..8....!yH..at...<jr.<.g:9.+..f...3.l......uy.F^...j..*U..T.......]..m..q.k.......1w...z.2.+..8n..^#.E.{P..0...+z.[.3@
...........].......i.....!...i..3.)
F...I4.iQ....h.fL.>.a.
....=.|.L.
^k.....(..M..s.n.......vD..c...I.....2.H[........0..0...U.#..0......z4.&...&T....$.T.0...U.......r_&.(.C.].7....K..E0...U...........0...U.......0....0...U.
.
0.0...U. .0{..U...t0r08.6.4.2
http://crl.comodoca.com/AddTrustExternalCARoot.crl06.4.2.0http://crl.comodo.net/AddTrustExternalCARoot.crl0
..*.H..
..........`d9Y.Ce......3..S....#.l..dYSS..6....Ny/.....*Amq..x8#.pK....."b....Q.-...E....~..2...5^n.,hh.....U../.@..."\m.....
3(f...3......y.......R.?....>...._..IC.9}./..u]~gg..Y
@.7"..C.0.C...]m.)....bc...7.og..bW9..M.*a=....w ./..r....x.'.
`.......k$.....Kh.....?....................-.....%+r..T..
...&.3.:..D{....b.I5.6).<>.1.\K....u.*x;....kc...,P../]..:[.s....P...n.....eV...9..Y:..,.%.LCe....Y..../..o..X.c..7.>........b..
i.....^........
........&ss
,M.^z/.".\.....pzft78......l..Q~...G........
..|..&%
..R....x..!.-.<"...;.E6oq.3m..)..........$....e..0.2.L~^7.y.d.F.c%P.~..O.|...,..........$.n.>.0.YC......#....s.......`.Y.!.......3.eQ_f..R..-.-....u.{.M....JL.q.=G4..5.aL./..O+.........M...G.-..C,..P...{.4<.o@
.b...,...Vu......[.9..bj..EE.Z..e........X4t.l{
[........."3..]..=...............&;.....xJ..x....?kW..5h.....cp.%M...g.W~.....4..c...~.S..U...l..?8.X...%...m..........1.0W.ctZ.$.!7yA.2.UP;)..O......
....c.a.....O..D..G...E.b.Y....I............
....P..W.@>5-..o..=I....@......Z..>.....|r).....Ev%yj.xe.[6X&..Kvp;e8.M0.d.=..s..xC"i..LZ.....H...O](l..3[.2..`.F..`a&2&.......l0.P..+.........k.....W......:.^..r...Q...18...>..p
'k......A.b7.\5....N.......BEU.-........F."hu]..._`...e........*'.J6.......:....c......j.M....`ZVYD...s$.>S..R&....@....I.......t2.7;G..f...W......O.n>.';zF..\.g.L..
.4...8.h...a...=.......UI...Y.(`Y9..m...yB.;..Zv.............._at_W~.A1.=.6...,^.........
......6C....[v...4FS.>.........Y......x..-.oIm.D.Y.....2.?]. ......'.
.,.^.1.TD#y.....5
...q..H......f....j.......v.t..[rU.../...*...bQk
.........u.&\.........[y]~.Q2 ..1...
.....x^
?/.....D....K........5.....Y...f...A.._...m.....DZ..}p..(......n6.tP{GY.]lrA..<..q..R6.,>TP.....c.......r.....~...u...O..V.....O.8.
n7..
.>]...>...-..,.}j.i.K..p5.ok.^......H*.mO..E..ol.FJ....iDlUyh....h....1....*'.`8x.L..{;..+FH{..I@
......|..V+R.2...7..KW.JM....O.n..j.S4.......g......t..PQ|...~Dy.0s.s.m+%...........SP.fDxaU..6.9X.@
......2.......<..,*.....O.2o..o......nN........f.U....R.H."...J}O.4g...x..p

On Tue, Feb 5, 2013 at 9:14 AM, chu ngoc hung <hungcn_at_gmail.com> wrote:

> Thanks for your rely,
>
> Yes, I use to connect to my host only for research purpose, and I've got a
> success result for a FTP-SSL connection to connect to my local server
> (self-signed certificate).
> With current server (dysoft-mobile.com) when i disable host or peer
> verification the connection is always timeout (both EPSV and PASV)
> I've got the same result with FileZilla client but when I use Cyberduck
> client the result is OK (although it alert me that the certificate is
> invalid before it connect success).
> And I use explicit FTP-SSL because this server support this type only.
>
>
> On Tue, Feb 5, 2013 at 12:17 AM, Nick Zitzmann <nick_at_chronosnet.com>wrote:
>
>>
>> On Feb 4, 2013, at 3:48 AM, chu ngoc hung <hungcn_at_gmail.com> wrote:
>>
>> > Hi guys,
>> >
>> > I'm using libcurl version 7.28.0 - with ssl (openssl) - to connect to
>> server dysoft-mobile.com hosting by bluehost.com with ftp+ssl
>> connection. I downloaded certificate from this server and add to my ca path
>> before connect to server. But I always get an error:
>> > * Server certificate:
>> > * subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard;
>> CN=*.bluehost.com
>> > * start date: 201
>> > * expire date: 202
>> > * subjectAltName does not match dysoft-mobile.com
>> > * Closing connection #0
>> > * SSL peer certificate or SSH remote key was not OK
>> >
>> > When I turn off verifying host/peer the connection is always timeout.
>> >
>> > Can you give me advice to fix this?
>>
>> You could disable host name verification, though I wouldn't recommend you
>> do that unless this project of yours is for internal use only and isn't
>> going to be used to connect to other servers. A better fix would be to get
>> the host to issue and use a new certificate for the site using its proper
>> domain name.
>>
>> And about the timeout: Does it work if you use any other client to
>> connect to the server? Are you using implicit or explicit FTP-SSL? (There's
>> a difference.)
>>
>> Nick Zitzmann
>> <http://www.chronosnet.com/>
>>
>>
>> -------------------------------------------------------------------
>> List admin: http://cool.haxx.se/list/listinfo/curl-library
>> Etiquette: http://curl.haxx.se/mail/etiquette.html
>>
>
>
>
> --
> Chu Ngọc Hưng
> Hanoi University Of Technology
> Tel:+84904010806
> E-Mail: hungcn_at_gmail.com, or ngochunghutit_at_yahoo.com
>

-- 
Chu Ngọc Hưng
Hanoi University Of Technology
Tel:+84904010806
E-Mail: hungcn_at_gmail.com, or ngochunghutit_at_yahoo.com

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-02-05