Article delegate-en/2777 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A2775@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Regarding using delegate as a proxy to access auth-tls ftp servers
17 Oct 2004 17:43:50 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


In message <_A2775@delegate-en.ML_> on 10/18/04(01:58:12)
you "Jonas Larsen" <pzyfabdyi-p5lznxiyfbxr.ml@ml.delegate.org> wrote:
 |> |> Could you show me the log with the following parameter ?
 |> |>
 |> |> CMAP="sslway -St:FSV:ftp" CMAP="sslway:FSV:ftp-data"
 |>
 |> Sorry, it should be (as in your setup)
 |>
 |> CMAP="sslway -St/ftp:FSV:ftp" CMAP="sslway:FSV:ftp-data"
 |>
 |> because DeleGate is trying STARTTLS in SMTP protocol, since it could not
 |> detect that the server is talking in FTP.  And adding -vd option like
 |> follows will give us more helpful information.
 |>
 |> CMAP="sslway -vd -St/ftp:FSV:ftp" CMAP="sslway:FSV:ftp-data"
 |
 |Ahh now we seem to be getting somewhere :)

I feel so too.  The FTP/SSL negotiation described in the Internet Draft
says as follows:

<URL:ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-murray-auth-ftp-ssl-15.txt>
>                                                             socket()
>                                                             bind()
>  socket()
>  connect()  ----------------------------------------------> accept()
>            <----------------------------------------------  220
>  AUTH TLS   ---------------------------------------------->
>            <----------------------------------------------  234
>  TLSneg()  <----------------------------------------------> TLSneg()
>  PBSZ 0     ---------------------------------------------->
>            <----------------------------------------------  200
>  PROT P     ---------------------------------------------->
>            <----------------------------------------------  200
>  USER fred  ---------------------------------------------->
>            <----------------------------------------------  331
>  PASS pass  ---------------------------------------------->
>            <----------------------------------------------  230


 |The STARTTLS error disapeared and i now get the complete welcome msg. But it 
 |now timeouts before i get a dirlisting. Here is log:
 |
 |-- same as last time so i will just paste the parts after welcome msg...
 |
 |REST 100
 |257 "/" is current directory.
 |This site may not allow file resuming
 |PWD
 |215 UNIX Type: L8
 |disconnected.

This log seems to show that some status responses from the server are
lost maybe because the server returnes broken status code for START TLS
negotiation.

 |>From the server log it looks like this, again i have cut away all the stuff 
 |above the login, it shows the welcome msg in the server log too, once thats 
 |done it shows this:
 |
 |## SSLway[1277](port160.ds2-vbr.adsl.cybercity.dk) STARTTLS/FTP PBSZ 0 -> 
 |User E-bola logged in.

According to the Internet-Draft, there MUST be "200" response for "PBSZ"
negotiation, before the response like "User E-bola logged in." or so
(also this response without any status code seems very strange).


Cheers,
Yutaka
--
  D G   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( - )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V