cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Error "SSL3_GET_RECORD: wrong version number" while listing ftpsdirectory

From: Shun-Li Huang <shunli_huang_at_yahoo.com>
Date: Mon, 17 Jan 2005 09:14:52 -0800

I had the same issue when using cURL connecting to a remote FTP site using
GlubTech's "Secure FTP Wrapper", which implements IMPLICIT SSLFTP (port
990). I tried both PASSIVE mode and PORT mode, and got two different
errors:
--------------------------------------------------------------------------
(1) PASSIVE mode
$ curl -knv --disable-epsv --disable-eprt ftps://xxx.xxx.xxx
* About to connect() to xxx.xxx.xxx port 990
* Trying xxx.xx.xx.xxx... * connected
* Connected to xxx.xxx.xxx (xxx.xx.xx.xxx) port 990
* successfully set certificate verify locations:
* CAfile: /usr/local/share/curl/curl-ca-bundle.crt
CApath: none
* SSL connection using DES-CBC3-SHA
* Server certificate:
* subject: /C=USA/ST=NJ/L=Whippany/O=xxxx/OU=Secure FTP
Wrapper/CN=xxx.xxx.xxx
* start date: 2004-03-10 11:51:43 GMT
* expire date: 2007-03-10 11:51:43 GMT
* common name: xxx.xxx.xxx (matched)
* issuer: /C=USA/ST=NJ/L=Whippany/O=xxxx/OU=Secure FTP
Wrapper/CN=xxx.xxx.xxx
* SSL certificate verify result: error number 1 (18), continuing anyway.
< 220-"128 Bit Secure FTP Wrapper"
< 220 pwcftp Microsoft FTP Service (Version 4.0).
> USER XXX
< 331 Password required for CTY.
> PASS XXXXXXXX
< 230 User XXX logged in.
* We have successfully logged in
> PBSZ 0
< 200 PBSZ Command OK. Protection buffer size set to 0.
> PWD
< 257 "/XXX" is current directory.
* Entry path is '/XXX'
> PASV
< 227 Entering Passive Mode (xxx,xx,xx,xxx,70,166).
* Trying xxx.xx.xx.xxx... * connected
* Connecting to xxx.xx.xx.xxx (xxx.xx.xx.xxx) port 18086
* Connected the data stream with PASV!
> TYPE A
< 200 Type set to A.
> LIST
< 125 Data connection already open; Transfer starting.
* Doing the SSL/TLS handshake on the data stream
* successfully set certificate verify locations:
* CAfile: /usr/local/share/curl/curl-ca-bundle.crt
CApath: none
* SSL re-using session ID
* error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
* Connection #0 to host ftp2.neca.org left intact
curl: (35) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
* Closing connection #0

(2) PORT mode
$ curl -knv --ftp-port xxxxxxxx --disable-epsv --disable-eprt
ftps://xxx.xxx.xxx
* About to connect() to xxx.xxx.xxx port 990
* Trying xxx.xx.xx.xxx... * connected
* Connected to xxx.xxx.xxx (xxx.xx.xx.xxx) port 990
* successfully set certificate verify locations:
* CAfile: /usr/local/share/curl/curl-ca-bundle.crt
CApath: none
* SSL connection using DES-CBC3-SHA
* Server certificate:
* subject: /C=USA/ST=NJ/L=Whippany/O=xxxx/OU=Secure FTP
Wrapper/CN=xxx.xxx.xxx
* start date: 2004-03-10 11:51:43 GMT
* expire date: 2007-03-10 11:51:43 GMT
* common name: xxx.xxx.xxx (matched)
* issuer: /C=USA/ST=NJ/L=Whippany/O=xxxx/OU=Secure FTP
Wrapper/CN=xxx.xxx.xxx
* SSL certificate verify result: error number 1 (18), continuing anyway.
< 220-"128 Bit Secure FTP Wrapper"
< 220 pwcftp Microsoft FTP Service (Version 4.0).
> USER XXX
< 331 Password required for XXX.
> PASS XXXXXXXX
< 230 User XXX logged in.
* We have successfully logged in
> PBSZ 0
< 200 PBSZ Command OK. Protection buffer size set to 0.
> PWD
< 257 "/XXX" is current directory.
* Entry path is '/XXX'
> PORT xx,x,x,xx,238,176
* FTP response reading failed
* Connection #0 to host xxx.xxx.xxx left intact
curl: (56) FTP response reading failed
* Closing connection #0
----------------------------------------------------------------------------
----------------

Any clues?
Thanks for any advises.

--
Shun-Li Huang
#####################################################################
"Jeffrey Paul" <jpaul_at_diamondcard.com> wrote in message
news:6262718D3C369148944D18200671A9E50FAA79_at_gfmail.groupfinancialllc.com...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm attempting to replace a manual windows process (performed daily)
within our organization that uses Secure FTP by Glub Tech, Inc. to
perform a file upload and download from/to an ftps (ftp-ssl) server.
It looks like the ftps server is running an SSL-to-normal-ftp wrapper
program (also made by Glub Tech).  After a little experimenting, I
was able to login, but I'm getting an SSL related error when I
attempt to download or list directory contents:
i execute the following:
curl --ftp-pasv --disable-epsv \
- -u "[usernameremoved]:[passwordremoved]" \
- --ftp-ssl --insecure -v ftps://[removed]/incoming/
* About to connect() to [removed] port 990
* Connected to removed ([removed]) port 990
* successfully set certificate verify locations:
*   CAfile: /usr/share/curl/curl-ca-bundle.crt
  CApath: none
* SSL connection using DES-CBC3-SHA
* Server certificate:
*        subject: [removed]
*        start date: 2004-09-09 15:20:02 GMT
*        expire date: 2007-07-01 15:20:02 GMT
*        common name: [removed]
*        issuer: [removed]
* SSL certificate verify result: 18, continuing anyway.
< 220-Glub Tech Secure FTP Wrapper (v2.5.7)
< 220 127.0.0.1 FTP server ready
> USER [removed]
< 331 Password required for [removed].
> PASS [removed]
< 230 User [removed] logged in.
* We have successfully logged in
> PBSZ 0
< 200 PBSZ Command OK. Protection buffer size set to 0.
> PWD
< 257 "/" is current directory.
* Entry path is '/'
> CWD incoming
< 250 CWD command successful
> PASV
< 227 Entering Passive Mode ([removed],36,131).
* About to connect() to [removed] port 9347
* Connecting to [removed] ([removed]) port 9347
* Connected the data stream with PASV!
> TYPE A
< 200 Type set to A
> LIST
< 150 Opening ASCII mode data connection for file list
* Doing the SSL/TLS handshake on the data stream
* successfully set certificate verify locations:
*   CAfile: /usr/share/curl/curl-ca-bundle.crt
  CApath: none
* SSL re-using session ID
* SSL: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number
  % Total    % Received % Xferd  Average Speed   Time    Time
Time  Current
                                 Dload  Upload   Total   Spent
Left  Speed
^M  0     0    0     0    0     0      0      0 --:--:--  0:00:01
- --:--:--     0
* Connection #0 to host [removed] left intact
curl: (35) SSL: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
version number
* Closing connection #0
Any ideas as to what could be going wrong?  Listing, uploading, and
downloading all work fine in the Glub Tech client.  Unfortunately,
this is all SSL/TLS, so I can't sniff the connection and find out
where it's going wrong (unless any of you know an SSL/TLS
man-in-the-middle tool, as the cert of the server we're connecting to
isn't in our bundle - hence the "--insecure").
Regards,
- -j
- --
Jeffrey Paul, Senior Network Administrator - jpaul_at_diamondcard.com
Group Financial LLC / Diamond Financial Products
4000 Town Center/Suite 1000/Office 1013/Southfield/MI/48075-1501
Phone: 800-476-5882 - Desk: Ext 244, Mobile: Ext 468, Fax:
800-510-1405
DE2B 3F61 14A1 BD0F B496 DC91 3D97 8C4D 7678 4A42
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBQbdA4D2XjE12eEpCEQJaigCgtYMBCjB93UdLux82T/cNS6FEjGkAnjRW
qeEojoZNpx4p91fS+zn0f5cq
=YGw5
-----END PGP SIGNATURE-----

Received on 2005-01-17

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: curlver.h is missing"
Previous message: Daniel Stenberg: "Re: curlver.h is missing"
Next in thread: Daniel Stenberg: "Re: Error "SSL3_GET_RECORD: wrong version number" while listing ftpsdirectory"
Reply: Daniel Stenberg: "Re: Error "SSL3_GET_RECORD: wrong version number" while listing ftpsdirectory"
Maybe reply: Jeffrey Paul: "RE: Error "SSL3_GET_RECORD: wrong version number" while listing ftpsdirectory"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]