Hello again, I wonder if this problem persists? The first report and all follow-ups were made prior to the binary rebuild of the package ftp-ssl, which happened on November 3rd, when version 0.17.33+0.2-1+b1 was made available. This update was caused by a version step in libopenssl, seemingly related to this problem becaus SSL3 was depreciated.
Attached are two patches that are pending for my next upload. I hope to hear from you, and would like to express my appreciation to both of you for your investigation. I have yet to identify why and how the control socket becomes the channel on which to transfer a copy of the received data file. Best regards, M E Andersson Tisdag den 3:e november 2015, klockan 10:20, skrev Raphael Astier detta: > Hello, > > I have made some investigations. > I'm stuck, but I give status of these. > > > $ ./ftp mysite-ftp-ssl.xx > > > > 220 FTP SSL mysite-ftp-ssl.xx > > 234 AUTH SSL exécuté avec succès > > [SSL Cipher DHE-RSA-AES256-SHA] > > 331 Mot de passe requis pour abcdef > > 230- > > 230-- FTP TLS SSL - > > 230-- Only Passive Mode - > > 230- > > 230 Utilisateur abcdef authentifié > > Remote system type is UNIX. > > Using binary mode to transfer files. > > ftp> passive > > Passive mode on. > > ftp> ls > > 227 Entering Passive Mode (12,33,44,55,252,31). > > 150 Ouverture d'une connexion de données en mode ASCII pour file list > > -rw------- 1 abcdef FTP 1141 Oct 23 19:38 netkit-ftp-ssl.txt > > 226 Téléchargement terminé > > ftp> get netkit-ftp-ssl.txt > > local: netkit-ftp-ssl.txt remote: netkit-ftp-ssl.txt > > 227 Entering Passive Mode (12,33,44,55,250,129). > > 150 Opening BINARY mode data connection for netkit-ftp-ssl.txt (1141 bytes) > > ftp: SSL_read DATA error error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong > > version number <--- here is the problem > > 226 Téléchargement terminé > > ftp> quit > > 221 Au revoir. > > > > So, I know where the problem is, but I don't know HOW to solve it (for the > > moment).
Description: Consistency of hashes and ticks. Encrypted retrieval of binary files did not implement variable size for hash marking. Also restrict hashes to RETR commands. Support for the tick counter was missing! Author: Mats Erik Andersson <[email protected]> Forwarded: no Last-Update: 2015-11-24 --- netkit-ftp-ssl-0.17.33+0.2/ftp/ftp.c.orig 2015-11-24 00:23:27.000000000 +0100 +++ netkit-ftp-ssl-0.17.33+0.2/ftp/ftp.c 2015-11-24 01:17:35.922740374 +0100 @@ -1206,13 +1206,18 @@ if ((d = write(fileno(fout), buf, c)) != c) break; bytes += c; - if (hash) { + if (hash && is_retr) { while (bytes >= hashbytes) { (void) putchar('#'); - hashbytes += HASHBYTES; + hashbytes += hashstep; } (void) fflush(stdout); } + if (tick && (bytes >= hashbytes) && is_retr) { + printbytes(bytes); + while (bytes >= hashbytes) + hashbytes += 10 * hashstep; + } } if ( c < -1 ) { static char errbuf[1024];
Description: Broken detection of SSL errors. During read of binary data, with active encryption, the detection of failed calls with SSL_read() is incomplete. In addition, the external variable 'errno' needs manual setting to EIO for proper reporting. . Important problem analysis of code was contributed by Raphael Astier. Bug-Debian: http://bugs.debian.org/801948 Author: Mats Erik Andersson <[email protected]> Forwarded: no Last-Update: 2015-11-24 --- netkit-ftp-ssl-0.17.33+0.2/ftp/ftp.c.orig2 2015-11-24 01:17:35.922740374 +0100 +++ netkit-ftp-ssl-0.17.33+0.2/ftp/ftp.c 2015-11-24 01:21:18.814739561 +0100 @@ -1219,7 +1219,7 @@ hashbytes += 10 * hashstep; } } - if ( c < -1 ) { + if ( c < 0 ) { static char errbuf[1024]; sprintf(errbuf,"ftp: SSL_read DATA error %s\n", @@ -1228,6 +1228,9 @@ /* tell the user ... who else */ fprintf(stderr,"%s", errbuf); fflush(stderr); + + /* Make reports express something sensible. */ + errno = EIO; } } else #endif /* !USE_SSL */
