Opened 19 years ago
Last modified 19 years ago
#859 closed Bug report
ssl support is getting worse in each release
| Reported by: | digiboy86 | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | Other |
| Keywords: | Cc: | digiboy86, Tim Kosse | |
| Component version: | Operating system type: | ||
| Operating system version: |
Description
In version 2.1.6a I can connect to my FTPserver in
implicit and explicit mode no problem.
In version 2.2.8c only implicit works.
In version 2.2.12 and 2.2.13 none work.
[implict failure] When it fails it just says "Status:
SSL connection established. Waiting for welcome
message..." and then it timeouts (after 60 seconds).
The accept cert dialog box works and looks fine.
[explicit failure] After issuing AUTH SSL command the
server send 250 status but FileZilla says "Error: Can't
establish SSL connection
Error: Disconnected from server
Error: Unable to connect!
".
You can download my FTPServer @
http://digiforce.sourceforge.net and try it out if you
like. It uses OpenSSL. Like I said it all works
perfect with 2.1.6a and I'm not sure exactly at which
versions the ssl code breaks but I gave some examples
above.
Thanks.
Problem 1: In CAsyncSslSocketLayer::OnReceive in
asyncsslsocketlayer.cpp line 458, receiving data was aborted
if waiting for user to verify certificate, but
m_mayTriggerRead was not set. So welcome message could not
be read afterwards. This prevented implicit SSL.
Explicit SSL initializes without problems, I could not
observe any problems with it
I'll release an updated version of FZS soon.
Problem 2: Your server does not support the PROT command,
this prevents FileZilla from using SSL for the data channel.
But your server still assumes SSL. According to RFC 2228,
PROC C (unencrypted data channel) is the default unless a
client issues another protection mode (PROT P for SSL
encrypted transfers)
Previous versions of FileZilla did not care about the PROT
command, but this was incorrect and caused problems with
other servers.
Some sidenodes:
Please don't take this personal, but to be honest, I think
Digiforce is next to useless. Let me explain why.
It is one of the most ugliest software I've ever seen. Also
the installer does not even work as an installer should. It
created folders outside the selected root, it failed to
create all the subdirectories and such.
The uninstaller failed to unregister the service, I had to
remove it manually.
Despite the fact that the links to the manual are broken, I
think the installer alone would scare off anyone still
interested into Digiforce.
Another problem is the licensing:
The SDK is GPL, therefore derived works have to be GPL as
well. But the DNS client tutorial/example is not and thus
violates the GPL as far as I know, especially since the
license of that example contains a statement incomatible
with the GPL: "This code should not be sold at any cases".