Thanks again for your help. I have found a almost perfect solution.
In the following my thoughts about the issue. Please correct me if
there's something not correct.
> I can't, not more than to use CURLOPT_VERBOSE.
Using ftps:// (and therefore as you said using a ftps-server on port
950) CURLOPT_VERBOSE showed that the server refused connection.
Using Wireshark to analyse connection over port 950 in Filezilla showed
the same result as using ftps:// with curl, so I know that my provider
do not provide a "real" ftps-Server.
To establish a connection I had to set additional options:
curl_setopt($handle, CURLOPT_FTP_SSL, CURLOPT_FTP_SSL);
I suppose that I need the following second and third option, because the
certificate does not belong to my domain but to the domain of my provider.
Connecting via FileZilla shows also a warning message. As far as I know
this warning does not imply a security problem, if you trust the the
institution which is shown in the warning (in my case the domain of my
But I suppose such an connection is vulnerable to a
man-in-the-middle-attack because I'm accept any certificate.
Am I right? Any suggestion how to fix this problem? Do I have to set the
option *"**CURLOPT_CAINFO"? What kind of parameter does this option
excepts and how can I get this information (from my provider?)?
Or is there a other way to say: Connect only if the certificate belongs
to e.g. provider.net?
Daniel Stenberg schrieb:
> On Thu, 17 May 2007, Benedikt Allkemper wrote:
>>> the exact error that happens, what libcurl says, what it returns etc
>> Can you explain, how I can get to this information. I use curl in my php
>> script and php doesn't output any notice, warning or error message.
> I can't, not more than to use CURLOPT_VERBOSE. Someone should add better
> tracing abilities to PHP/CURL. I always recommend using the curl command line
> tool for that reason.
>>> whether you really want implicit SSL
>> It doesn't mather to me as long as the transfer is encrypted (both login
>> data and application data)
> Well, it matters to you since the server most likely works with one of the
> ways and possibly not with the one you pick at random.
>> Using Wireshark to analyse the traffic, I've found the following:
>> Using ftp:// shows me a lot of packages using ftp protocol (download
> With ftp-ssl enabled? If so, what's the problem?
>> Using ftps:// shows me only some tcp packages (no download) It seems as
>> there is no real attempt to connect to the ftp server using ftps://.
> ftps:// connects to an ftps server, not to a ftp one as you ask for an
> immediate SSL connection then and ftp servers don't do that.
> I.e ftps is usually used to port 990 and it makes use of SSL immediately.
> ftp:// with ftp-ssl enabled usually connects to port 21 to uses FTP commands
> to negotiate switching to SSL-use.
Received on 2007-05-18