[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Enrico Olivelli (Jira)]

    [ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17152082#comment-17152082
 ] 

Enrico Olivelli commented on NET-408:
-------------------------------------

[~elichtas]

If I force "clientMode = true" in ChannelSslAdapter.java

the thread is stuck in 
{code:java}
 at 
java.base@14/sun.security.ssl.SSLEngineImpl.writeRecord(SSLEngineImpl.java:180)
    at java.base@14/sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:146)
    at java.base@14/sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:123)
    at java.base@14/javax.net.ssl.SSLEngine.wrap(SSLEngine.java:479)
    at 
org.apache.commons.net.io.ext.ChannelSslWritableByteChannel.write(ChannelSslWritableByteChannel.java:66)
    at java.base@14/java.nio.channels.Channels.writeFullyImpl(Channels.java:74)
    at java.base@14/java.nio.channels.Channels.writeFully(Channels.java:97)
    at java.base@14/java.nio.channels.Channels$1.write(Channels.java:172)
    - locked <6772e0dc> (a java.nio.channels.Channels$1)
    at 
java.base@14/sun.security.ssl.SSLSocketOutputRecord.flush(SSLSocketOutputRecord.java:268)
    at 
java.base@14/sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:89)
    at 
java.base@14/sun.security.ssl.ClientHello$ClientHelloKickstartProducer.produce(ClientHello.java:657)
    at 
java.base@14/sun.security.ssl.SSLHandshake.kickstart(SSLHandshake.java:529)
    at 
java.base@14/sun.security.ssl.ClientHandshakeContext.kickstart(ClientHandshakeContext.java:107)
    at 
java.base@14/sun.security.ssl.TransportContext.kickstart(TransportContext.java:231)
    at 
java.base@14/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:430)
    at 
org.apache.commons.net.ftp.FTPSClient._openDataConnection_(FTPSClient.java:682)
    at 
org.apache.commons.net.ftp.FTPClient._openDataConnection_(FTPClient.java:790)
    at 
org.apache.commons.net.ftp.FTPClient.initiateListParsing(FTPClient.java:3456)
    at 
org.apache.commons.net.ftp.FTPClient.initiateListParsing(FTPClient.java:3386)
    at org.apache.commons.net.ftp.FTPClient.listFiles(FTPClient.java:3063)
 {code}
 

Unfortunately I do not have experience about how SSLEngine works.

 

> problem connecting to ProFTPD with FTPES
> ----------------------------------------
>
>                 Key: NET-408
>                 URL: https://issues.apache.org/jira/browse/NET-408
>             Project: Commons Net
>          Issue Type: Bug
>          Components: FTP
>    Affects Versions: 2.2, 3.0
>         Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>            Reporter: Michael Voigt
>            Priority: Major
>         Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>                FTPClient ftpClient = new FTPClient();
>                ftpClient = new FTPSClient("TLS");
>                // this throws an exception with TLSProtocol TLSv1
>                ftpClient.connect(host, port);
>                int reply = ftpClient.getReplyCode();
>                if (!FTPReply.isPositiveCompletion(reply)) {
>                        ftpClient.disconnect();
>                        log.error("The FTP Server did not return a positive 
> completion reply!");
>                        throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>                }
>                boolean loginSuccessful = ftpClient.login(userName, password);
>                if (!loginSuccessful) {
>                        log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>                        throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>                }
>                ftpClient.execPBSZ(0);
>                ftpClient.execPROT("P");
>                boolean success = ftpClient.storeFile(fileName, fis);
>                if (!success) {
>                        // this is false if "NoSessionReuseRequired" is not set
>                }
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)