Problem has been solved! ;) The main cause of this problem is in that blocking I/O code and MINA work in different ways. In blocking I/O:
1) Client sends AUTH SSL 2) Server reads AUTH SSL, sends a response. 3) Client sends negotiation request. 4) Server creates SSLSocket and starts to read the negotiation request. In MINA (Current FtpServer implementation): 1) Client sends AUTH SSL. 2) Server reads AUTH SSL, sends a response. 3) Client sends negotiation request. 4) MINA I/O processor reads the negotiation request, but SSLFilter is not added yet! So it's interpreted as non-SSL message and codec will throw an exception. 5) Server adds SSLFilter, but it's too late. To fix this behavior, you have to make sure SSLFilter is added before the I/O processor reads the negotiation request. There are two solutions: In MINA (Corrected FtpServer implementation using SSLFilter.DISABLE_ENCRYPTION_ONCE) 1) Client sends AUTH SSL. 2) Server reads AUTH SSL. 3) Server adds a SSLFilter and set SSLFilter.DISABLE_ENCRYPTION_ONCEattribute ( IoSession.setAttribute(SSLFilter.DISABLE_ENCRYPTION_ONCE)) 4) Server sends a response. This message is not encrypted at all thanks to the DISABLE_ENCRYPTION_ONCE attribute. 5) Client sends negotiation request. 6) Server starts negotiation process. In MINA (Corrected FtpServer implementation using traffic control) 1) Client sends AUTH SSL. 2) Server reads AUTH SSL. 3) Server suspends read operation. (IoSession.suspendRead()) 4) Server sends a response. 3) Client sends negotiation request, but I/O processor doesn't read until read operations are resumed. 5) Server adds a SSLFilter. 6) Server resumes read operation. (IoSession.resumeRead()) For now, FtpServer's Connection interface provides only one method to secure a connection, but you will have to split it into two to make it work with MINA or other asynchronous I/O framework. HTH, Trustin On 1/15/07, Niklas Gustavsson <[EMAIL PROTECTED]> wrote:
Trustin Lee wrote: > Hi Niklas, > > On 1/12/07, Niklas Gustavsson <[EMAIL PROTECTED]> wrote: >> >> Hi >> >> Anyone got any idea as to how I could solve the issue I describe >> below? The MINA integration into FtpServer is not full functional, >> except for the SSL support :-/ > > > Can I reproduce the problem by myself? FtpServer is still incubator, so if > you checked in your mina integration code, I could test it by myself with > proper instruction. Yes, of course. Check out FtpServer from: http://svn.apache.org/repos/asf/incubator/ftpserver/trunk/ Change to using MINA as the listener implementation in the file: core/src/java/org/apache/ftpserver/FtpServer.java listeners.add(new IOListener(serverContext)); should be changed to: listeners.add(new MinaListener(serverContext)); (you'll need to change imports as well of course). After that, you'll need to compile ftplet-api and core and then run the tests in ssl-tests, most of which will fail due to this problem. I'm also working on a minimal test case for you so you might want to wait for that. I want to eliminate the (not unlikely) risk that I've done something wrong. /niklas
-- what we call human nature is actually human habit -- http://gleamynode.net/ -- PGP key fingerprints: * E167 E6AF E73A CBCE EE41 4A29 544D DE48 FE95 4E7E * B693 628E 6047 4F8F CFA4 455E 1C62 A7DC 0255 ECA6
