SSL explicit broken (gentoo netkit ftpd)

[boltronics]

I'm using FileZilla under Windows 2000 (SP3). I try
loging in to my server, I get the certificate pop up
with all the correct details. According to the log
below, it seems to change to my /home directory (which
I have set under the option 'Default Remote
Directory'), but then when it goes to list the files it
dies. Check this out:

Status: Connecting to 192.168.1.15 ...
Trace: FtpControlSocket.cpp(652): OnConnect(0)
Status: Connected with 192.168.1.15. Waiting for
welcome message...
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Response: 220-
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Response: 220- Vivid Communications
Response: 220- Level 11 / 522 Flinders Lane
Response: 220- Melbourne, Victoria
Response: 220- Australia 3000
Response: 220- ph: +61 (03) 9629-3330
Response: 220- fax: +61 (03) 9629-6771
Response: 220-
Response: 220- ---
Response: 220- Warning: All changes to the pub
Response: 220- folder are live - be careful!
Response: 220-
Response: 220-
Response: 220 jackal.vivid.net.au FTP server (Version
6.4/OpenBSD/Linux-ftpd-0.17) ready.
Command: AUTH SSL
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Response: 334 AUTH SSL OK.
Trace: AsyncSslSocket.cpp(871):
SSL_connect:before/connect initialization
Trace: AsyncSslSocket.cpp(871): SSL_connect:SSLv2/v3
write client hello A
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Trace: AsyncSslSocket.cpp(871): SSL_connect:SSLv3 read
server hello A
Trace: AsyncSslSocket.cpp(871): SSL_connect:SSLv3 read
server certificate A
Trace: AsyncSslSocket.cpp(871): SSL_connect:SSLv3 read
server done A
Trace: AsyncSslSocket.cpp(871): SSL_connect:SSLv3 write
client key exchange A
Trace: AsyncSslSocket.cpp(871): SSL_connect:SSLv3 write
change cipher spec A
Trace: AsyncSslSocket.cpp(871): SSL_connect:SSLv3 write
finished A
Trace: AsyncSslSocket.cpp(871): SSL_connect:SSLv3 flush
data
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Trace: AsyncSslSocket.cpp(871): SSL_connect:SSLv3 read
finished A
Status: SSL connection established. Waiting for welcome
message...
Command: USER mm
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Response: 331 Password required for mm.
Command: PASS
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Response: 230 User mm logged in.
Status: Connected
Trace: FtpControlSocket.cpp(2680): ResetOperation(1)
Trace: FtpControlSocket.cpp(784):
List(FALSE,0,"/home/","",1)
Status: Retrieving directory listing...
Command: CWD /home/
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Response: 250 CWD command successful.
Trace: FtpControlSocket.cpp(784): List(FALSE,0,"","",0)
Command: PWD
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Response: 257 "/home" is current directory.
Trace: FtpControlSocket.cpp(784): List(FALSE,0,"","",0)
Command: PASV
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Response: 227 Entering Passive Mode (192,168,1,15,128,92)
Trace: FtpControlSocket.cpp(784): List(FALSE,0,"","",0)
Command: TYPE A
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Response: 200 Type set to A.
Trace: FtpControlSocket.cpp(784): List(FALSE,0,"","",0)
Command: LIST
Trace: AsyncSslSocket.cpp(871):
SSL_connect:before/connect initialization
Trace: AsyncSslSocket.cpp(871): SSL_connect:SSLv2/v3
write client hello A
Trace: TransferSocket.cpp(373): OnConnect(0)
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Response: 150 Opening ASCII mode SSL data connection
for /bin/ls.
Trace: FtpControlSocket.cpp(784): List(FALSE,0,"","",0)
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Response: 425 ftpd: SSL_accept DATA error
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
version number
Response: : Success.
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Trace: FtpControlSocket.cpp(784): List(FALSE,0,"","",0)
Trace: FtpControlSocket.cpp(2680): ResetOperation(4)
Trace: TransferSocket.cpp(844): Close()
Error: Could not retrieve directory listing

I'm sure it isn't a server problem, because the 'ls'
command works perfectly when using WinSCP2 over SSH2
and standard FTP (in exactly the same chrooted
envorionemt).

It may be of relevance that SFTP support doesn't work
with my server either in FileZilla, but that's in my
next bug report.

The server that I am using is Gentoo 1.4.2.3 with the
net-ftp/ftpd-0.17 (SSL-patched) netkit daemon.

Let me know if there is any more information I can give
you to help nail this ASAP, because I'm going to have
to recommend another client to my clients otherwise. :(

adam at vivid dot net dot au

[boltronics]

I forgot to mention: the version I am using is 2.1.3a. Sorry.

[Tim Kosse]

Please try the following: Connect to the server using SSL.
After the failed directory listing, enter the following custom
command:
PBSZ 0
PROT P

Then try to get the directory listing again. Maybe the These
commands tell the server to use a specific transfer mode (0
buffer size, private data channel), maybe it explicitly requires
these commands.
If that doesn work, try replacing PBSZ 0 with PBSZ 256 or
skip the PBSZ command at all.

[anonymous]

Logged In: NO

The results for all of those suggestions weren't good. I
always recieved a timeout on the custom LIST command issued
at the end. Every other command I issued resulted in:
Response: 500 'PROT P': command not understood.

In full:

---

Command: LIST
Trace: AsyncSslSocket.cpp(871): SSL_connect:before/connect
initialization
Trace: AsyncSslSocket.cpp(871): SSL_connect:SSLv2/v3 write
client hello A
Trace: TransferSocket.cpp(373): OnConnect(0)
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Response: 150 Opening ASCII mode SSL data connection for
/bin/ls.
Trace: FtpControlSocket.cpp(784): List(FALSE,0,"","",0)
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Response: 425 ftpd: SSL_accept DATA error error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number
Response: : Success.
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Trace: FtpControlSocket.cpp(784): List(FALSE,0,"","",0)
Trace: FtpControlSocket.cpp(2680): ResetOperation(4)
Trace: TransferSocket.cpp(844): Close()
Error: Could not retrieve directory listing
Trace: FtpControlSocket.cpp(752): FtpCommand(PROT P)
Command: PROT P
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Response: 500 'PROT P': command not understood.
Trace: FtpControlSocket.cpp(2680): ResetOperation(4)
Trace: FtpControlSocket.cpp(752): FtpCommand(LIST)
Command: LIST
Error: Timeout detected!
Trace: FtpControlSocket.cpp(708): DoClose(0)
Trace: FtpControlSocket.cpp(2680): ResetOperation(4100)

And that's it - no matter which combination of commands you
use, it always times out on the LIST command. I think it
might be something to do with
Trace: TransferSocket.cpp(844): Close()
but I'm not sure.

I think I need to be able to enter the custom commands at an
eariler stage, but I don't think I am able to. :(

[anonymous]

Logged In: NO

Sorry - I thought I replied to this ages ago. Turns out I
was thinking of something else.

I've tried entering all of those commands that you
suggested, but it made no difference. From memory, it just
seemed like whenever LIST was issued, any other command
after that wouldn't work correctly. Perhaps if there was
some way to issue these commands before LIST was produced...
but I don't have a Windows compiler.

[Tim Kosse]

From memory, it just

seemed like whenever LIST was issued, any other

command

after that wouldn't work correctly

This could be caused by the server. I've already seen other
server sending wrong replies after failed LIST attempts.
Well, if you can give me a testaccount on the server, I could
test if this bug is caused by FileZilla or your server, but
without I can't help you further.

[anonymous]

Logged In: NO

Oh well. Unfortunately, it's not live yet. It will be within
the next two weeks (hopefully very soon). When it does, I'll
let you know via e-mail.

If it was a problem with the server not conforming to
standards, would you put in a work-around (if that's
possible), or pass the task on to the netkit maintainer?
Netkit FTP doesn't appear to have a lot of support for it
unfortunately, and even if it did, this patch is unofficial
(it's only official to the Gentoo distribution).

Regardless, thanks for your help.