cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Solaris 10 using Curl to connect to FTPES (SSL/TLS Explicit)

From: Tim Tessier <ttessier_at_swhistlesoft.com>
Date: Tue, 25 Jan 2011 09:40:19 -0500

Andy,

Did you notice the error with getaddrinfo? This appears to be related to the fact that there is no dns/hosts retrievable name for that address. Since in telnet you are not doing anything using ssl, this is not a problem, but since you are using ssl with the curl connection this seems to me to be why it is failing. Does it work without the ssl - I would assume yes. But if you want to try and connect this way, I would say that you "should" try using the dns name this is for, like what the common name field says. You should be able to force the connection to the ip by using your hosts file or setting up dns to point there.

Thanks,
Tim Tessier

On 2011-01-25, at 8:51 AM, Andy Ee wrote:

> Hi Dan,
>
> There's no firewall between the FTP server and the client server.
>
> I tried this command and the client could not connect to the FTP server via
> port 21. When I telnet manually from the client to the FTP server via port
> 21, it works.
>
>
> bash-3.00# curl -v ftp://username:password@192.168.0.112/sawnet/testdir/ -k
> --ftp-ssl -P 192.168.0.112:21
> * About to connect() to 192.168.0.112 port 21 (#0)
> * Trying 192.168.0.112... connected
> * Connected to 192.168.0.112 (192.168.0.112) port 21 (#0)
> < 220-FTP server ready.
> < 220 This is a private system - No anonymous login
>> AUTH SSL
> < 500 This security scheme is not implemented
>> AUTH TLS
> < 234 AUTH TLS OK.
> * SSLv2, Client hello (1):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS handshake, Server finished (14):
> * SSLv3, TLS handshake, Client key exchange (16):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSL connection using AES256-SHA
> * Server certificate:
> * subject: C=TW, ST=TW, L=Taipei, O=NAS Provider, OU=Common,
> CN=NAS_Common.com, emailAddress=support_at_common.com
> * start date: 2009-02-23 12:06:11 GMT
> * expire date: 2019-02-21 12:06:11 GMT
> * common name: NAS_Common.com (does not match '192.168.0.112')
> * issuer: C=TW, ST=TW, L=Taipei, O=NAS Provider, OU=Common,
> CN=NAS_Common.com, emailAddress=support_at_common.com
> * SSL certificate verify result: self signed certificate (18),
> continuing anyway.
>> USER justinho
> < 331 User justinho OK. Password required
>> PASS password
> < 230-This server supports FXP transfers
> < 230 OK. Current restricted directory is /
>> PBSZ 0
> < 200 PBSZ=0
>> PROT P
> < 200 Data protection level set to "private"
>> PWD
> < 257 "/" is your current location
> * Entry path is '/'
>> CWD sawnet
> < 250 OK. Current directory is /sawnet
>> CWD testdir
> < 250 OK. Current directory is /sawnet/ testdir
> * getaddrinfo(3) failed for 192.168.0.112:21:0
> * socket failure: Error 0
> * Remembering we are in dir "sawnet/testdir/"
> * Connection #0 to host 192.168.0.112 left intact
> curl: (30) socket failure: Error 0
>> QUIT
> < 221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
> < 221 Logout.
> * Closing connection #0
> * SSLv3, TLS alert, Client hello (1):
>
>
> bash-3.00# telnet 192.168.0.112 21
> Trying 192.168.0.112...
> Connected to 192.168.0.112.
> Escape character is '^]'.
> 220-FTP server ready.
> 220 This is a private system - No anonymous login
>
>
> Best Regards,
> Andy Ee
>
>
> -----Original Message-----
> From: curl-users-bounces_at_cool.haxx.se
> [mailto:curl-users-bounces_at_cool.haxx.se] On Behalf Of Dan Fandrich
> Sent: Tuesday, 25 January, 2011 5:04 AM
> To: curl-users_at_cool.haxx.se
> Subject: Re: Solaris 10 using Curl to connect to FTPES (SSL/TLS Explicit)
>
> On Mon, Jan 24, 2011 at 04:37:22PM +0100, Daniel Stenberg wrote:
>> On Mon, 24 Jan 2011, Andy Ee wrote:
>>>> EPRT |1|192.168.0.112|35026|
>>
>> The client grabbed a random unused port number...
>>
>>> < 425 Could not open data connection to port 35026: Connection refused
>>
>> ... but the server couldn't connect to it!
>
> Which is another strong indication that something (like a firewall) is
> interfering somewhere between the client and server.
>
>>>> Dan
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-users
> FAQ: http://curl.haxx.se/docs/faq.html
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-users
> FAQ: http://curl.haxx.se/docs/faq.html
> Etiquette: http://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-01-25