Thanks for the patch. But it still doesn't work. Please see the log below. I tested FXP from BlackMoon to Serv-U 4.x. It works with SmartFTP client. In Serv-U, it clearly tells you whether the data channel is encrypted.
Also the new setting ftp:ssl-passive-sscn doesn't show up in set -a and can't be set. One question though, how can you easily tell if a command is sent to or a message is received from which server between the 2 remote servers? I would like to suggest something like: --->[C] PASV <---[C] 227 Entering Passive Mode (xxx,xxx,xxx,xxx,nn,nnn) --->[?] PROT C <---[?] 200 Command okay. --->[S] PORT xxx,xxx,xxx,xxx,nn,nnn <---[S] 200 Command okay. --->[C] STOR INSTMSIW.EXE --->[S] RETR INSTMSIW.EXE C for client (receiving server), S for server (sending server). Or even A and B. Unless anyone who knows how to turn on debugging is supposed to be able to tell that by looking at the command sequence. :) Cheers, Rob. lftp :~> debug 20 lftp :~> mirror -vv ftp://anonymous:lftp@@ftp.smartftp.com/Common/InstMsi ftps://upload:[EMAIL PROTECTED]:nnnn/InstMsi ... Transferring file `INSTMSIW.EXE' ---> PROT P ---> PROT P <--- 200 PROT command OK. Using private data connection. ---> CPSV <--- 500 'CPSV': command not understood. **** FXP: trying to reverse ftp:fxp-passive-source ---> SIZE INSTMSIW.EXE <--- 550 /InstMsi/INSTMSIW.EXE: No such file. <--- 200 Command okay. ---> PROT P <--- 200 Command okay. ---> CPSV <--- 502 Command not implemented. **** FXP: trying to reverse ftp:fxp-passive-sscn ---> SIZE INSTMSIW.EXE <--- 550 /InstMsi/INSTMSIW.EXE: No such file. ---> CPSV ---> RETR INSTMSIW.EXE <--- 500 'CPSV': command not understood. **** FXP: trying to reverse ftp:fxp-passive-source ---> SIZE INSTMSIW.EXE <--- 550 /InstMsi/INSTMSIW.EXE: No such file. <--- 451 Requested action aborted: Use PORT or PASV before downloading. ---> CPSV <--- 502 Command not implemented. **** FXP: trying to reverse ftp:ssl-protect-fxp ---> SIZE INSTMSIW.EXE <--- 550 /InstMsi/INSTMSIW.EXE: No such file. ---> PROT C ---> RETR INSTMSIW.EXE <--- 200 PROT command OK. Using clear data connection. ---> PASV <--- 227 Entering Passive Mode (xxx,xxx,xxx,xxx,nn,nnn) <--- 451 Requested action aborted: Use PORT or PASV before downloading. ---> PROT C <--- 200 Command okay. ---> PORT xxx,xxx,xxx,xxx,nn,nnn <--- 200 Command okay. ---> STOR INSTMSIW.EXE ---> RETR INSTMSIW.EXE <--- 150 File status okay; about to open data connection. <--- 150 Opening BINARY mode data connection for INSTMSIW.EXE. <--- 226 Closing data connection. Transfer Complete (1821008 bytes) <--- 226 Transfer complete. copy: get hit eof copy: waiting for put confirmation copy: put confirmed store copy: get is finished - all done ---> PROT P <--- 200 PROT command OK. Using private data connection. ---> SITE CHMOD 700 INSTMSIA.EXE <--- 253 Attributes changed okay. ---> SITE CHMOD 700 INSTMSIW.EXE <--- 253 Attributes changed okay. Total: 1 directory, 2 files, 0 symlinks New: 2 files, 0 symlinks lftp :~> --- "Alexander V. Lukyanov" <[EMAIL PROTECTED]> wrote: > On Tue, May 25, 2004 at 07:33:12AM -0700, Roboco > Sanchez wrote: > > With ftp:ssl-protect-fxp=yes FXP'ing, > > > > -from glftpd 1.32_Linux+TLS to RaidenFTPd or > > -from BlackMoon (ftp.smartftp.com) to RaidenFTPd > > > > doesn't seem to work. It's like this: > > > > ---> TYPE I > > <--- 200 Type set to IMAGE. > > ---> CPSV > > <--- 502 CPSV is not implemented. > > ---> QUIT > > Please try attached patch. It makes lftp try various > SSCN/CPSV combinations > and fixes a bug when both sides are put into SSCN > mode. > > Also new setting ftp:ssl-passive-sscn added. When > true, passive ftp side > is put into SSCN mode first. > > -- > Alexander. > > Index: FileCopyFtp.cc > =================================================================== > RCS file: > /home/lav/cvsroot/lftp/src/FileCopyFtp.cc,v > retrieving revision 1.19 > diff -u -p -r1.19 FileCopyFtp.cc > --- FileCopyFtp.cc 18 May 2004 14:06:10 -0000 1.19 > +++ FileCopyFtp.cc 26 May 2004 09:26:33 -0000 > @@ -29,6 +29,11 @@ > > #define super FileCopy > > +#if !USE_SSL > +#define protect false > +#define passive_ssl_connect true > +#endif > + > void FileCopyFtp::Close() > { > ftp_src->Close(); > @@ -50,7 +55,8 @@ int FileCopyFtp::Do() > if(ftp_dst->IsClosed()) > { > ((FileCopyPeerFA*)put)->OpenSession(); > - > ftp_dst->SetCopyMode(Ftp::COPY_DEST,!passive_source,protect,dst_retries,dst_try_time); > + > ftp_dst->SetCopyMode(Ftp::COPY_DEST,!passive_source,protect, > + > passive_source^passive_ssl_connect,dst_retries,dst_try_time); > m=MOVED; > } > } > @@ -65,13 +71,15 @@ int FileCopyFtp::Do() > if(ftp_src->IsClosed()) > { > ((FileCopyPeerFA*)get)->OpenSession(); > - > ftp_src->SetCopyMode(Ftp::COPY_SOURCE,passive_source,protect,src_retries,src_try_time); > + > ftp_src->SetCopyMode(Ftp::COPY_SOURCE,passive_source,protect, > + > !passive_source^passive_ssl_connect,src_retries,src_try_time); > m=MOVED; > } > if(ftp_dst->IsClosed()) > { > ((FileCopyPeerFA*)put)->OpenSession(); > - > ftp_dst->SetCopyMode(Ftp::COPY_DEST,!passive_source,protect,dst_retries,dst_try_time); > + > ftp_dst->SetCopyMode(Ftp::COPY_DEST,!passive_source,protect, > + > passive_source^passive_ssl_connect,dst_retries,dst_try_time); > m=MOVED; > } > > @@ -88,6 +96,13 @@ int FileCopyFtp::Do() > passive_source=!passive_source; > Log::global->Write(0,_("**** FXP: trying to > reverse ftp:fxp-passive-source\n")); > } > +#if USE_SSL > + else > if(passive_ssl_connect==orig_passive_ssl_connect) > + { > + passive_ssl_connect=!passive_ssl_connect; > + passive_source=orig_passive_source; > + Log::global->Write(0,_("**** FXP: trying to > reverse ftp:fxp-passive-sscn\n")); > + } > else if(protect > && > !ResMgr::QueryBool("ftp:ssl-force",ftp_src->GetHostName()) > && > !ResMgr::QueryBool("ftp:ssl-force",ftp_dst->GetHostName())) > @@ -96,6 +111,7 @@ int FileCopyFtp::Do() > protect=false; > Log::global->Write(0,_("**** FXP: trying to > reverse ftp:ssl-protect-fxp\n")); > } > +#endif // USE_SSL > else > { > // both ways failed. Fall back to normal copying. > @@ -192,7 +208,10 @@ void FileCopyFtp::Init() > src_retries=dst_retries=0; > src_try_time=dst_try_time=0; > disable_fxp=false; > +#if USE_SSL > protect=false; > + > orig_passive_ssl_connect=passive_ssl_connect=true; > +#endif > } > > FileCopyFtp::~FileCopyFtp() > @@ -221,6 +240,11 @@ > FileCopyFtp::FileCopyFtp(FileCopyPeer *s > > if(ResMgr::QueryBool("ftp:ssl-protect-fxp",ftp_src->GetHostName()) > || > ResMgr::QueryBool("ftp:ssl-protect-fxp",ftp_dst->GetHostName())) > protect=true; > + > +#if USE_SSL > + > passive_ssl_connect=ResMgr::QueryBool("ftp:fxp-passive-sscn",0); > + orig_passive_ssl_connect=passive_ssl_connect; > +#endif > } > > FileCopy *FileCopyFtp::New(FileCopyPeer > *s,FileCopyPeer *d,bool c) > Index: FileCopyFtp.h > =================================================================== > RCS file: /home/lav/cvsroot/lftp/src/FileCopyFtp.h,v > retrieving revision 1.4 > diff -u -p -r1.4 FileCopyFtp.h > --- FileCopyFtp.h 18 May 2004 14:06:10 -0000 1.4 > +++ FileCopyFtp.h 26 May 2004 09:10:53 -0000 > @@ -34,7 +34,11 @@ class FileCopyFtp : public > FileCopy > bool passive_source; > bool orig_passive_source; > bool disable_fxp; > +#if USE_SSL > bool protect; > + bool passive_ssl_connect; > + bool orig_passive_ssl_connect; > +#endif > int src_retries; > int dst_retries; > time_t src_try_time; > Index: ftpclass.cc > =================================================================== > RCS file: /home/lav/cvsroot/lftp/src/ftpclass.cc,v > retrieving revision 1.324 > diff -u -p -r1.324 ftpclass.cc > --- ftpclass.cc 25 May 2004 11:14:14 -0000 1.324 > +++ ftpclass.cc 26 May 2004 12:13:47 -0000 > @@ -937,6 +937,7 @@ void Ftp::InitFtp() > copy_addr_valid=false; > copy_passive=false; > copy_protect=false; > + copy_ssl_connect=false; > copy_done=false; > copy_connection_open=false; > stat_time=0; > @@ -1492,21 +1493,17 @@ int Ftp::Do() > > want_prot=QueryBool("ssl-protect-list",hostname)?'P':'C'; > else > > want_prot=QueryBool("ssl-protect-data",hostname)?'P':'C'; > + bool want_sscn=false; > if(copy_mode!=COPY_NONE) > { > want_prot=copy_protect?'P':'C'; > - if(conn->sscn_supported && > !conn->cpsv_supported > - && copy_protect && !conn->sscn_on) > - { > - conn->SendCmd("SSCN ON"); > - expect->Push(new Expect(Expect::SSCN,'Y')); > - } > + want_sscn=copy_protect && copy_ssl_connect > + && !(copy_passive && conn->cpsv_supported); > } > - else if(conn->sscn_on) > + if(conn->sscn_supported && > want_sscn!=conn->sscn_on) > { > - // SSCN is no longer needed. > - conn->SendCmd("SSCN OFF"); > - expect->Push(new Expect(Expect::SSCN,'N')); > + conn->SendCmd2("SSCN",want_sscn?"ON":"OFF"); > + expect->Push(new > Expect(Expect::SSCN,want_sscn?'Y':'N')); > } > if(want_prot!=conn->prot) > { > @@ -3084,6 +3081,7 @@ void Ftp::Close() > } > copy_mode=COPY_NONE; > copy_protect=false; > + copy_ssl_connect=false; > copy_addr_valid=false; > copy_done=false; > copy_connection_open=false; > @@ -3703,7 +3701,7 @@ void Ftp::CheckResp(int act) > if(copy_mode!=COPY_NONE) > { > copy_passive=!copy_passive; > - Disconnect(); > + copy_failed=true; > break; > } > if(is5XX(act)) > @@ -3721,7 +3719,7 @@ void Ftp::CheckResp(int act) > if(copy_mode!=COPY_NONE) > === message truncated === __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/
