Bug#960918: weex should send AUTH TLS to initialize FTPs-connection

Mon, 18 May 2020 03:45:27 -0700 

Package: weex
Version: 2.8.3+b1
Severity: normal

Dear Maintainer,

moving to a new webspace-provider weex was not able to connect via FTPs anymore 
although
the provider claims to offer this feature.

Inspecting the connection with 'weex -D' I found that weex tries to establish 
the
FTPs-connection sending AUTH SSL, gets the response
'500 This security scheme is not implemented'.
Weex than closes the connection:
'SSL not supported.  Secure connection failed'

But my provider's Pure-FTPd only knows and expects the request AUTH TLS to 
establish the
secure FTPs-connection, as described in RFC4217 section 4.2.

Together with my son, who knows a lot more about programming than I do, we had 
a look in
the source-code of weex, especially ftplib.cand added a second try to establish 
a secure
connection via AUTH TLS when AUTH SSL fails.

Works fine so far, login-procedure and password are now encrypted (as we 
checked with
wireshark). Would be nice if you inspected and added this patch to the official 
package.

Thanks for maintaining the package!

Klaumi



-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (900, 'testing'), (200, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.6.0-1-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE:de:en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages weex depends on:
ii  libc6      2.30-8
ii  libssl1.1  1.1.1g-1

weex recommends no packages.

weex suggests no packages.

-- no debconf information

From: Lukas Nöllemeyer <[email protected]>
Date: Mon, 16 May 2020 12:02:52 +0200
Subject: try AUTH TLS in authorize_ssl when server doesn't support AUTH SSL

---
--- a/src/ftplib.c      2015-12-08 14:36:48.000000000 +0100
+++ b/src/ftplib.c      2020-05-18 11:57:39.074722109 +0200
@@ -1577,8 +1577,11 @@
        return -1;
 
     if (0 == FtpSendCmd ("AUTH SSL", 127, c)) {
-           fprintf (stderr, "SSL not supported.  Secure connection failed\n");
-           return -1;
+           fprintf (stderr, "AUTH SSL not supported. Trying TLS\n");
+               if (0 == FtpSendCmd ("AUTH TLS", 127, c)) {
+                       fprintf (stderr, "AUTH TLS not supported. Secure 
connection failed\n");
+                   return -1;
+               }       
     }
 
     c->ssl_con = (SSL *)SSL_new (SSL_Context);

Reply via email to