Article delegate-en/1093 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] delegate as FTPS-proxy blocks
15 Apr 2001 12:11:52 GMT dirk laurijssen <piucabdyi-dyd2yve66vxr.ml@ml.delegate.org>


Hi,

I'm trying to use delegate to connect FTPS-clients to an FTP-server.
Both control-and datachannel should be encrypted.

To do so, I used :
./delegated -P8021 -v FCL="sslway -cert server-cert.pem -key
server-key.pem -ac -vu" DGROOT=/usr/var/spool/delegate-nobody
SERVER=ftp://<ip-address>:9021

When connecting, the FTP-session blocks and shows the log  below.

The log seems to indicate that there is no client-certificate, but the
WS_FTP-client was configured with certificates and SSL.
Any ideas on what's happening or how to debug?

Is this setup even possible ?

Thanks & regards,

LD

06/03 21:10:54.46 [1186] 0+0: --INITIALIZATION START: 7.1.2 on
SunOS/5.7--
06/03 21:10:54.46 [1186] 0+0: server_open(delegate,:8021,listen=20)
06/03 21:10:54.46 [1186] 0+0: server_open(delegate,:8021) BOUND
06/03 21:10:54.46 [1186] 0+0: DGROOT=/usr/var/spool/delegate-nobody^M
06/03 21:10:54.47 [1186] 0+0: <DeleGate/7.1.2 by ysato@delegate.org>
[1186] -P8021 READY^M
<DeleGate/7.1.2 by ysato@delegate.org> [1186] -P8021 READY
DGROOT=/usr/var/spool/delegate-nobody
AIST Research Product No. 2000-ETL-198715-01
Copyright (c) 1994-2000 Yutaka Sato and ETL,AIST,MITI
Copyright (c) 2001 National Institute of Advanced Industrial Science and

Technology (AIST)
06/03 21:10:54.47 [1186] 0+0: PORT= 8021/5 (31,85)
06/03 21:10:54.47 [1186] 0+0: OWNER=nobody =>
OWNER=nobody/nobody(nobody/nobody)
06/03 21:10:54.47 [1186] 0+0: ##DeleGate/6.X: MIMECONV=thru is set by
default. MIMECONV="" will make it compatible with former versions.
06/03 21:10:54.47 [1186] 0+0: REMITTABLE = ftp
06/03 21:10:54.48 [1186] 0+0: LIBPATH: sslway ->
/usr/var/spool/delegate-nobody/lib/sslway
06/03 21:10:54.48 [1186] 0+0: ADMIN=piucabdyi-dyd2yve66vxr.ml@ml.delegate.org
protocol=ftp(specialist)
-delegated[1186]- WARNING! ADMIN="your_mail_address" should be
specified.
-delegated[1186]- INFO: using ADMIN=piucabdyi-dyd2yve66vxr.ml@ml.delegate.org given at
compile time.
06/03 21:10:54.48 [1186] 0+0: ##DeleGate/6.X: created directory/file
will be non-sharable. SHARE="" will make it compatible wi
th former versions.
06/03 21:10:54.48 [1186] 0+0: #### CACHE DISABLED #### Cache directory
seems not exist: /usr/var/spool/delegate-nobody/cache
06/03 21:10:54.48 [1186] 0+0: MOUNT[0]=[0] /-* =
06/03 21:10:54.48 [1186] 0+0: MOUNT[1]=[1] /=* =
06/03 21:10:54.48 [1186] 0+0: MOUNT[2]=[2] //* = default
06/03 21:10:54.52 [1186] 0+0: env[22]
LIBPATH=.:/opt/delegate7.1.2:/usr/var/spool/delegate-nobody/lib:/opt/delegate7.1.2/src

06/03 21:10:54.52 [1186] 0+0: arg[3] FCL=sslway -cert server-cert.pem
-key server-key.pem -ac -vu
06/03 21:10:54.52 [1186] 0+0: arg[4]
DGROOT=/usr/var/spool/delegate-nobody
06/03 21:10:54.52 [1186] 0+0: arg[5] SERVER=ftp://<ip-address>:9021
06/03 21:10:54.58 [1186] 0+0: DELEGATE_Modified[1]: 3939583e
06/03 21:10:54.58 [1186] 0+0: --INITIALIZATION DONE--
06/03 21:11:05.87 [1187] 1+0: -- Fork(OnetimeServer): 1186 -> 1187
06/03 21:11:05.91 [1187] 1+0: (0) accepted [31]
-@[clientIP]ip<clientIP>:4274 (0.049s)(1)
06/03 21:11:05.92 [1188] 1+0: -- Fork(FCL): 1187 -> 1188
06/03 21:11:05.92 [1188] 1+0: #### execFilter[FCL]
[/usr/var/spool/delegate-nobody/lib/sslway]sslway -cert server-cert.pem
-key server-key.pem -ac -vu
## SSLway[1188](ip<clientIP>) start
06/03 21:11:05.96 [1187] 1+0: PATH:
ftp://<ip-address>:8021!ip<clientIP>:4274!anonymous@ip<clientIP>;960059465

## SSLway[1188](ip<clientIP>) passphrase for
/usr/var/spool/delegate-nobody/lib/server-key.pem -- OK
06/03 21:11:05.97 [1187] 1+0: FTP server ftp://<ip-address>:9021/
06/03 21:11:05.97 [1187] 1+0: FTPHOPS: 1 [11/11 - -1/-1]
06/03 21:11:05.97 [1187] 1+0: ConnectToServer:
DFLT=ftp://<ip-address>:9021 REAL=://:0
06/03 21:11:05.97 [1187] 1+0: ConnectToServer connected [5]
{<ip-address>:9021 <- <ip-address>:39052} [0.004s]
...
then he waits about 65secs, which is the clients' network-timeout
...
## SSLway[1188](ip<ipClient>) accepted
## SSLway[1188](ip<ipClient>) client's cert. = NONE
## SSLway[1188](ip<ipClient>) done
06/03 21:12:10.85 [1187] 1+0: disconnected [31]
-@[<ipClient>]ip<ipClient>:4274 (64.987s)(0)
06/03 21:12:10.85 [1187] 1+0: CFI process [1188] done (1/1 AFT-0)




  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V