*Here is my log* (when disable host/peer): * About to connect() to dysoft-mobile.com port 21 (#0) * Trying 69.195.91.50... * connected * Connected to dysoft-mobile.com (69.195.91.50) port 21 (#0) * FTP 0x282dda0 state change from STOP to WAIT220 < 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
< 220-You are user number 7 of 1000 allowed. < 220-Local time is now 00:13. Server port: 21. < 220-This is a private system - No anonymous login < 220-IPv6 connections are also welcome on this server. < 220 You will be disconnected after 15 minutes of inactivity. > AUTH SSL * FTP 0x282dda0 state change from WAIT220 to AUTH < 500 This security scheme is not implemented > AUTH TLS < 234 AUTH TLS OK. * successfully set certificate verify locations: * CAfile: /var/mobile/Applications/8C67AD7C-FDC0-44E4-8619-BAB587542A93/Documents/cacert.pem CApath: none * SSL connection using CAMELLIA256-SHA * Server certificate: * subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; CN=*. bluehost.com * start date: 201 * expire date: 202 * issuer: C=G * SSL certificate verify ok. > USER [email protected] * FTP 0x282dda0 state change from AUTH to USER < 331 User [email protected] OK. Password required > PASS *** * FTP 0x282dda0 state change from USER to PASS < 230 OK. Current restricted directory is / > PBSZ 0 * FTP 0x282dda0 state change from PASS to PBSZ < 200 PBSZ=0 > PROT P * FTP 0x282dda0 state change from PBSZ to PROT < 200 Data protection level set to "private" > PWD * FTP 0x282dda0 state change from PROT to PWD < 257 "/" is your current location * Entry path is '/' * FTP 0x282dda0 state change from PWD to STOP * protocol connect phase DONE * DO phase starts > CWD / * FTP 0x282dda0 state change from STOP to QUOTE < 250 OK. Current directory is / > CWD / < 250 OK. Current directory is / > EPSV * FTP 0x282dda0 state change from QUOTE to PASV * Connect data stream passively < 229 Extended Passive mode OK (|||38012|) * Trying 69.195.91.50... * Operation timed out * couldn't connect to host * got positive EPSV response, but can't connect. Disabling EPSV > PASV < 227 Entering Passive Mode (69,195,91,50,150,124) * Trying 69.195.91.50... * Operation timed out * couldn't connect to host * DO phase is complete * Closing connection #0 * Couldn't connect to server *And Cyberduck's log is* (when reasemble a tcp stream): 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 6 of 1000 allowed. 220-Local time is now 00:09. Server port: 21. 220-This is a private system - No anonymous login 220-IPv6 connections are also welcome on this server. 220 You will be disconnected after 15 minutes of inactivity. AUTH TLS 234 AUTH TLS OK. ....Q...M..Q........q.+[....?._;X..&h.OF.....&...../.5.3.9.2.8. ..........................Q...M..Q....{)..........pI.B]u..DJ..... *...( ...sJO.....zL...b...s.............................&0.."0.. .........N..80..Ue..:..0 ..*.H.. .....0q1.0...U....GB1.0...U....Greater Manchester1.0...U....Salford1.0...U. ..Comodo CA Limited1.0...U....PositiveSSL CA0.. 100113000000Z. 200218235959Z0[1!0...U....Domain Control Validated1.0...U....PositiveSSL Wildcard1.0...U....*.bluehost.com0.."0 ..*.H.. ..........0.. .......wyMb|.....]. .,.M2..V.H.Z.m.Se*.;UX......K&......$..h.%.n}S-...u/G Cb3^.8...%1..*V..K...R/..c.z.1.RB$..:.fg.....Tdj~..|J7G.u..Q...BN.....Af"c -...T..m.Y ...v1...u.X..#.Xoj1.3......Y.B...P.QQ.6=.GC@g. "...R(.0......5Oa...s..Q..f..j\w..P'..Cb......V.$m....!.........0...0...U.#..0........1y......*..5.1.0...U..........wN |.../.dn.y...0...U...........0...U.......0.0...U.%..0...+.........+.......0F..U. .?0=0;..+.....1....0,0*..+......... http://www.positivessl.com/CPS0i..U...b0`0/.-.+.)http://crl.comodoca.com/PositiveSSLCA.crl0-.+.).'http://crl.comodo.net/PositiveSSLCA.crl0k..+........_0]05..+.....0..)http://crt.comodoca.com/PositiveSSLCA.crt0$..+.....0...http://ocsp.comodoca.com0'..U... 0...*.bluehost.com..bluehost.com0 ..*.H.. ..........#...h....O.....5.. ....25....:b..A.8..#...%t.....z;..pee...t.Xc$..TZ^..,$...LD.>.d.....O.......I. ..*\k.....)..i..O..0.. .^....j.8,.Xj>.8...K.=r....o.{vYI.....$....h.w.....j...0.1..5B~.u..F._QH?.....Ez.......^.5G........w.....R.?5.~....?.'e..U,!.I.n......u...0...0..........L.J.[E.!.../.+Qq0 ..*.H.. .....0..1.0...U....US1.0...U....UT1.0...U....Salt Lake City1.0...U. ..The USERTRUST Network1!0...U....http://www.usertrust.com1.0. ..U....UTN-USERFirst-Hardware0.. 060918000000Z. 200530104838Z0q1.0...U....GB1.0...U....Greater Manchester1.0...U....Salford1.0...U. ..Comodo CA Limited1.0...U....PositiveSSL CA0.."0 ..*.H.. ..........0.. ......OyX"..(>R../.. ..-U.......*..^...X.T ...A...U.... .E.&. .=...1 !\y.y.$.\V...............S..F...$.b...^+Z...P...(*M..HO....O......?....,. ....p..i..<......?n...-..].........~....}..:=.r.y%.......V^...Z..b4+(H2.........f.....iM....]..7b........~.jR.................n0..j0...U.#..0....r_&.(.C.].7....K..E0...U...........1y......*..5.1.0...U...........0...U.......0.......0{..U...t0r08.6.4.2 http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06.4.2.0http://crl.comodo.net/UTN-USERFirst-Hardware.crl0....+........z0x0;..+.....0../http://crt.comodoca.com/UTNAddTrustServerCA.crt09..+.....0..-http://crt.comodo.net/UTNAddTrustServerCA.crt0 ..*.H.. ...............H]..Z........l.I. 1.1\...d.....Z-..;>[email protected]....&=[!.....=.<...._.S........NI}.......e....1w..*....j-.e..g.m.J.f..2M.B#..EAjv.....n..>.Q......P*...o "6...F....;}.....2+.....@ ..$..]..........KS}.(.V=..gI......+LG..L.D...c..{[1.&a.y...N..P{....0...0..n.......RB.JO7.CiHz.g.]'0 ..*.H.. .....0o1.0...U....SE1.0...U. ..AddTrust AB1&0$..U....AddTrust External TTP Network1"0 ..U....AddTrust External CA Root0.. 050607080910Z. 200530104838Z0..1.0...U....US1.0...U....UT1.0...U....Salt Lake City1.0...U. ..The USERTRUST Network1!0...U....http://www.usertrust.com1.0. ..U....UTN-USERFirst-Hardware0.."0 ..*.H.. ..........0.. ........8?....9.Qg.m...X...+. .T..8....!yH..at...<jr.<.g:9.+..f...3.l......uy.F^...j..*U..T.......]..m..q.k.......1w...z.2.+..8n..^#.E.{P..0...+z.[.3@ ...........].......i.....!...i..3.) F...I4.iQ....h.fL.>.a. ....=.|.L. ^k.....(..M..s.n.......vD..c...I.....2.H[........0..0...U.#..0......z4.&...&T....$.T.0...U.......r_&.(.C.].7....K..E0...U...........0...U.......0....0...U. . 0.0...U. .0{..U...t0r08.6.4.2 http://crl.comodoca.com/AddTrustExternalCARoot.crl06.4.2.0http://crl.comodo.net/AddTrustExternalCARoot.crl0 ..*.H.. ..........`d9Y.Ce......3..S....#.l..dYSS..6....Ny/.....*Amq..x8#.pK....."b....Q.-...E....~..2...5^n.,hh.....U../.@..."\m..... 3(f...3......y.......R.?....>...._..IC.9}./..u]~gg..Y @.7"..C.0.C...]m.)....bc...7.og..bW9..M.*a=....w ./..r....x.'. `.......k$.....Kh.....?....................-.....%+r..T.. ...&.3.:..D{....b.I5.6).<>.1.\K....u.*x;....kc...,P../]..:[.s....P...n.....eV...9..Y:..,.%.LCe....Y..../..o..X.c..7.>........b.. i.....^........ ........&ss ,M.^z/.".\.....pzft78......l..Q~...G........ ..|..&% ..R....x..!.-.<"...;.E6oq.3m..)..........$....e..0.2.L~^7.y.d.F.c%P.~..O.|...,..........$.n.>.0.YC......#....s.......`.Y.!.......3.eQ_f..R..-.-....u.{.M....JL.q.=G4..5.aL./..O+.........M...G.-..C,..P...{.4<.o@ .b...,...Vu......[.9..bj..EE.Z..e........X4t.l{ [........."3..]..=...............&;.....xJ..x....?kW..5h.....cp.%M...g.W~.....4..c...~.S..U...l..?8.X...%...m..........1.0W.ctZ.$.!7yA.2.UP;)..O...... ....c.a.....O..D..G...E.b.Y....I............ ....P..W.@>[email protected]..>.....|r).....Ev%yj.xe.[6X&..Kvp;e8.M0.d.=..s..xC"i..LZ.....H...O](l..3[.2..`.F..`a&2&.......l0.P..+.........k.....W......:.^..r...Q...18...>..p 'k......A.b7.\5....N.......BEU.-........F."hu]..._`...e........*'.J6.......:....c......j.M....`ZVYD...s$.>S..R&[email protected];G..f...W......O.n>.';zF..\.g.L.. .4...8.h...a...=.......UI...Y.(`Y9..m...yB.;..Zv..............@W~.A1.=.6...,^......... ......6C....[v...4FS.>.........Y......x..-.oIm.D.Y.....2.?]. ......'. .,.^.1.TD#y.....5 ...q..H......f....j.......v.t..[rU.../...*...bQk .........u.&\.........[y]~.Q2 ..1... .....x^ ?/.....D....K........5.....Y...f...A.._...m.....DZ..}p..(......n6.tP{GY.]lrA..<..q..R6.,>TP.....c.......r.....~...u...O..V.....O.8. n7.. .>]...>...-..,.}j.i.K..p5.ok.^......H*.mO..E..ol.FJ....iDlUyh....h....1....*'.`8x.L..{;..+FH{..I@ ......|..V+R.2...7..KW.JM....O.n..j.S4.......g......t..PQ|...~Dy.0s.s.m+%...........SP.fDxaU..6.9X.@ ......2.......<..,*.....O.2o..o......nN........f.U....R.H."...J}O.4g...x..p On Tue, Feb 5, 2013 at 9:14 AM, chu ngoc hung <[email protected]> wrote: > Thanks for your rely, > > Yes, I use to connect to my host only for research purpose, and I've got a > success result for a FTP-SSL connection to connect to my local server > (self-signed certificate). > With current server (dysoft-mobile.com) when i disable host or peer > verification the connection is always timeout (both EPSV and PASV) > I've got the same result with FileZilla client but when I use Cyberduck > client the result is OK (although it alert me that the certificate is > invalid before it connect success). > And I use explicit FTP-SSL because this server support this type only. > > > On Tue, Feb 5, 2013 at 12:17 AM, Nick Zitzmann <[email protected]>wrote: > >> >> On Feb 4, 2013, at 3:48 AM, chu ngoc hung <[email protected]> wrote: >> >> > Hi guys, >> > >> > I'm using libcurl version 7.28.0 - with ssl (openssl) - to connect to >> server dysoft-mobile.com hosting by bluehost.com with ftp+ssl >> connection. I downloaded certificate from this server and add to my ca path >> before connect to server. But I always get an error: >> > * Server certificate: >> > * subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; >> CN=*.bluehost.com >> > * start date: 201 >> > * expire date: 202 >> > * subjectAltName does not match dysoft-mobile.com >> > * Closing connection #0 >> > * SSL peer certificate or SSH remote key was not OK >> > >> > When I turn off verifying host/peer the connection is always timeout. >> > >> > Can you give me advice to fix this? >> >> You could disable host name verification, though I wouldn't recommend you >> do that unless this project of yours is for internal use only and isn't >> going to be used to connect to other servers. A better fix would be to get >> the host to issue and use a new certificate for the site using its proper >> domain name. >> >> And about the timeout: Does it work if you use any other client to >> connect to the server? Are you using implicit or explicit FTP-SSL? (There's >> a difference.) >> >> Nick Zitzmann >> <http://www.chronosnet.com/> >> >> >> ------------------------------------------------------------------- >> List admin: http://cool.haxx.se/list/listinfo/curl-library >> Etiquette: http://curl.haxx.se/mail/etiquette.html >> > > > > -- > Chu Ngọc Hưng > Hanoi University Of Technology > Tel:+84904010806 > E-Mail: [email protected], or [email protected] > -- Chu Ngọc Hưng Hanoi University Of Technology Tel:+84904010806 E-Mail: [email protected], or [email protected]
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
