Passive Mode FTPS (TLS/SSL implicit) over SOCKS5 Fails.

Advertisement

Jaredt
Guest

Passive Mode FTPS (TLS/SSL implicit) over SOCKS5 Fails.

using version 4.3.9 and 5.0.8, I have tried several FTPS sites including ftp.secureftp-test.com, via a SOCKS5 proxy. On all sites I get a warning box called "Error listing directory '/' with content:

GetPeerName failed
Could not retrieve directory listing
Entering Passive Mode (64,65,53,234,39,31)

I had more success with version 4.3.6, but on that ca
The relevant segment of the log is:

2012-08-14 16:24:26.112 PASV
. 2012-08-14 16:24:26.112 m_pProxyLayer changed state from 0 to 1
< 2012-08-14 16:24:26.236 227 Entering Passive Mode (64,65,53,234,39,30)
. 2012-08-14 16:24:26.236 GetPeerName failed
. 2012-08-14 16:24:26.236 Could not retrieve directory listing
. 2012-08-14 16:24:26.236 Got reply 4 to the command 2
. 2012-08-14 16:24:26.252 Retrieving directory listing...
> 2012-08-14 16:24:26.252 TYPE A
< 2012-08-14 16:24:26.361 200 Type set to A
> 2012-08-14 16:24:26.361 PASV
. 2012-08-14 16:24:26.361 m_pProxyLayer changed state from 0 to 1
< 2012-08-14 16:24:26.470 227 Entering Passive Mode (64,65,53,234,39,31)
. 2012-08-14 16:24:26.470 GetPeerName failed
. 2012-08-14 16:24:26.470 Could not retrieve directory listing
. 2012-08-14 16:24:26.486 Got reply 4 to the command 2
* 2012-08-14 16:24:26.564 (ECommand) Error listing directory '/'.
* 2012-08-14 16:24:26.564 GetPeerName failed
* 2012-08-14 16:24:26.564 Could not retrieve directory listing

I can do the same connection with Filezilla, see log...

2012-08-14 16:29:53 3552 3 Command: PASV
2012-08-14 16:29:53 3552 3 Trace: CTlsSocket::OnRead()
2012-08-14 16:29:53 3552 3 Trace: CFtpControlSocket::OnReceive()
2012-08-14 16:29:53 3552 3 Response: 227 Entering Passive Mode (64,65,53,234,39,26)
2012-08-14 16:29:53 3552 3 Trace: CFtpControlSocket::TransferParseResponse()
2012-08-14 16:29:53 3552 3 Trace: code = 2
2012-08-14 16:29:53 3552 3 Trace: state = 2
2012-08-14 16:29:53 3552 3 Trace: CFtpControlSocket::SendNextCommand()
2012-08-14 16:29:53 3552 3 Trace: CFtpControlSocket::TransferSend()
2012-08-14 16:29:53 3552 3 Trace: state = 4
2012-08-14 16:29:53 3552 3 Command: MLSD
2012-08-14 16:29:53 3552 3 Status: Connecting to 10.152.4.139:1085...
2012-08-14 16:29:53 3552 3 Status: Connection with proxy established, performing handshake...
2012-08-14 16:29:54 3552 3 Trace: CTransferSocket::OnConnect
2012-08-14 16:29:54 3552 3 Trace: CTlsSocket::Handshake()
2012-08-14 16:29:54 3552 3 Trace: Trying to resume existing TLS session.
2012-08-14 16:29:54 3552 3 Trace: CTlsSocket::ContinueHandshake()
2012-08-14 16:29:54 3552 3 Trace: CTlsSocket::OnSend()
2012-08-14 16:29:54 3552 3 Trace: CTlsSocket::OnRead()
2012-08-14 16:29:54 3552 3 Trace: CTlsSocket::ContinueHandshake()
2012-08-14 16:29:54 3552 3 Trace: CTlsSocket::OnRead()
2012-08-14 16:29:54 3552 3 Trace: CFtpControlSocket::OnReceive()
2012-08-14 16:29:54 3552 3 Response: 150 Connection accepted

Reply with quote

Advertisement

Jaredt
Guest

Could it be related to SSH handling?

See this post on the Filezilla Client forum...

https://forum.filezilla-project.org/viewtopic.php?t=8110

I have now tried re-installing winSCP 4.3.6, but whereas previously it was retrieving directory listings, now it does not.

I need to use an FTP client that can handle scripted commands, and Filezilla Client does not. I have looked at LFTP, but am on Windows not Linux, and setting up LFTP Cygwin will be complex, and I need a fast soultion: any ideas?

Reply with quote

Jaredt
Joined:
Posts:
7
Location:
London

This was it working with V4.3.6 (now it doesn't)

this is an example log with some details obfuscated for security and site policy reasons.
This is a successful listing in v4.3.6 - I have obfuscated account and address details for security reasons.

2012-08-08 10:04:38.515 --------------------------------------------------------------------------
. 2012-08-08 10:04:38.515 WinSCP Version 4.3.6 (Build 1655) (OS 6.1.7600)
. 2012-08-08 10:04:38.546 Configuration: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\
. 2012-08-08 10:04:38.562 Local account: xxxxx
. 2012-08-08 10:04:38.562 Login time: 08 August 2012 10:04:38
. 2012-08-08 10:04:38.577 --------------------------------------------------------------------------
. 2012-08-08 10:04:38.577 Session name: xxxtest@yyyy.xxxx.com (Modified stored session)
. 2012-08-08 10:04:38.608 Host name: yyyy.xxxx.com (Port: 21)
. 2012-08-08 10:04:38.608 User name: xxxtest (Password: Yes, Key file: No)
. 2012-08-08 10:04:38.624 Tunnel: No
. 2012-08-08 10:04:38.624 Transfer Protocol: FTP
. 2012-08-08 10:04:38.640 Ping type: C, Ping interval: 30 sec; Timeout: 25 sec
. 2012-08-08 10:04:38.640 Proxy: SOCKS5
. 2012-08-08 10:04:38.655 HostName: socks-gw.xxxxx.co.uk (Port: 1085); Username: ; Passwd: No
. 2012-08-08 10:04:38.671 FTP: FTPS: Explicit SSL; Passive: Yes [Force IP: No]
. 2012-08-08 10:04:38.671 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2012-08-08 10:04:38.686 Cache directory changes: Yes, Permanent: Yes
. 2012-08-08 10:04:38.686 DST mode: 1
. 2012-08-08 10:04:38.702 --------------------------------------------------------------------------
. 2012-08-08 10:04:38.780 Connecting to yyyy.xxxx.com ...
. 2012-08-08 10:04:38.780 m_pProxyLayer changed state from 0 to 1
. 2012-08-08 10:04:38.796 m_pSslLayer changed state from 0 to 1
. 2012-08-08 10:04:38.796 m_pProxyLayer changed state from 1 to 2
. 2012-08-08 10:04:38.811 m_pSslLayer changed state from 1 to 2
. 2012-08-08 10:04:38.811 m_pProxyLayer changed state from 2 to 4
. 2012-08-08 10:04:38.905 m_pSslLayer changed state from 2 to 4
. 2012-08-08 10:04:38.920 Connected with yyyy.xxxx.com, negotiating SSL connection...
< 2012-08-08 10:04:39.264 220-Hello
< 2012-08-08 10:04:39.482 220-This is the AIM ftp server.
< 2012-08-08 10:04:39.482 220 If you shouldn't be here we would appreciate it if you left.
> 2012-08-08 10:04:39.498 AUTH SSL
< 2012-08-08 10:04:40.543 234 Using authentication type SSL
. 2012-08-08 10:04:40.902 SSL_connect: SSLv3 read server hello A
. 2012-08-08 10:04:40.917 SSL_connect: SSLv3 read server certificate A
. 2012-08-08 10:04:40.917 SSL_connect: SSLv3 read server done A
. 2012-08-08 10:04:40.933 SSL_connect: SSLv3 write client key exchange A
. 2012-08-08 10:04:40.933 SSL_connect: SSLv3 write change cipher spec A
. 2012-08-08 10:04:40.948 SSL_connect: SSLv3 write finished A
. 2012-08-08 10:04:40.948 SSL_connect: SSLv3 flush data
. 2012-08-08 10:04:40.964 SSL_connect: SSLv3 read server session ticket A
. 2012-08-08 10:04:40.964 SSL_connect: SSLv3 read finished A
. 2012-08-08 10:04:40.964 Using TLSv1, cipher TLSv1/SSLv3: AES256-SHA, 1024 bit RSA
. 2012-08-08 10:04:40.980 SSL connection established. Waiting for welcome message...
> 2012-08-08 10:04:40.995 USER xxxtest
< 2012-08-08 10:04:40.995 331 Password required for xxxtest
> 2012-08-08 10:04:41.011 PASS *******
< 2012-08-08 10:04:41.011 230 Logged on
> 2012-08-08 10:04:41.026 SYST
< 2012-08-08 10:04:41.026 215 UNIX emulated by FileZilla
> 2012-08-08 10:04:41.042 FEAT
< 2012-08-08 10:04:41.042 211-Features:
< 2012-08-08 10:04:41.058  MDTM
< 2012-08-08 10:04:41.058  REST STREAM
< 2012-08-08 10:04:41.073  SIZE
< 2012-08-08 10:04:41.073  MLST type*;size*;modify*;
< 2012-08-08 10:04:41.089  MLSD
< 2012-08-08 10:04:41.120  AUTH SSL
< 2012-08-08 10:04:41.120  AUTH TLS
< 2012-08-08 10:04:41.136  PROT
< 2012-08-08 10:04:41.136  PBSZ
< 2012-08-08 10:04:41.151  UTF8
< 2012-08-08 10:04:41.151  CLNT
< 2012-08-08 10:04:41.167  MFMT
< 2012-08-08 10:04:41.182 211 End
> 2012-08-08 10:04:41.182 PBSZ 0
< 2012-08-08 10:04:41.198 200 PBSZ=0
> 2012-08-08 10:04:41.198 PROT P
< 2012-08-08 10:04:41.214 200 Protection level set to P
. 2012-08-08 10:04:41.229 Connected
. 2012-08-08 10:04:41.260 Got reply 1 to the command 1
. 2012-08-08 10:04:41.260 --------------------------------------------------------------------------
. 2012-08-08 10:04:41.276 Using FTP protocol.
. 2012-08-08 10:04:41.276 Doing startup conversation with host.
> 2012-08-08 10:04:41.292 PWD
< 2012-08-08 10:04:41.292 257 "/" is current directory.
. 2012-08-08 10:04:41.307 Got reply 1 to the command 16
. 2012-08-08 10:04:41.323 Getting current directory name.
. 2012-08-08 10:04:41.323 Retrieving directory listing...
> 2012-08-08 10:04:41.370 TYPE A
< 2012-08-08 10:04:41.385 200 Type set to A
> 2012-08-08 10:04:41.385 PASV
. 2012-08-08 10:04:41.401 m_pProxyLayer changed state from 0 to 1
< 2012-08-08 10:04:41.401 227 Entering Passive Mode (n,n,n,n,39,24)
> 2012-08-08 10:04:41.432 LIST -a
. 2012-08-08 10:04:41.432 m_pProxyLayer changed state from 1 to 2
. 2012-08-08 10:04:41.448 m_pProxyLayer changed state from 2 to 4
. 2012-08-08 10:04:41.448 m_pSslLayer changed state from 0 to 4
< 2012-08-08 10:04:41.463 150 Connection accepted
. 2012-08-08 10:04:41.463 SSL connection established
. 2012-08-08 10:04:41.494 m_pSslLayer changed state from 4 to 5
. 2012-08-08 10:04:41.510 -rw-r--r-- 1 ftp ftp              7 Jul 30 16:48 New Text Document.txt
. 2012-08-08 10:04:41.510 -rw-r--r-- 1 ftp ftp              0 Jul 20 12:13 rlond.txt
< 2012-08-08 10:04:41.635 226 Transfer OK
. 2012-08-08 10:04:41.650 Directory listing successful
. 2012-08-08 10:04:41.666 Got reply 1 to the command 2
. 2012-08-08 10:04:41.666 Startup conversation with host finished.

Reply with quote

Jaredt
Joined:
Posts:
7
Location:
London

Thread title typo

Jaredt wrote:

Passive Mode FTPS (TLS/SSL implicit) over SOCKS5 Fails.

The title of this thread should have been Passive Mode FTPS (TLS/SSL Explicit) over SOCKS5 Fails.

Reply with quote

Advertisement

Jaredt
Joined:
Posts:
7
Location:
London

Re: Passive Mode FTPS (TLS/SSL implicit) over SOCKS5 Fails.

martin wrote:

Any chance of getting a test account on your server?

I do not control the servers I am trying to upload to, but I can ask. It seems to affect any FTPS server that I connect to. If you know an FTP server that supports FTPS where you have an account, then I could try to connect to that (if you want to see the server logs)

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,440
Location:
Prague, Czechia

Re: Passive Mode FTPS (TLS/SSL implicit) over SOCKS5 Fails.

Jaredt wrote:

I do not control the servers I am trying to upload to, but I can ask. It seems to affect any FTPS server that I connect to. If you know an FTP server that supports FTPS where you have an account, then I could try to connect to that (if you want to see the server logs)
I have sent you an email with account details.

Reply with quote

martin
Site Admin
martin avatar

Re: Passive Mode FTPS (TLS/SSL implicit) over SOCKS5 Fails.

I have sent you another email with debug version for testing.

Reply with quote

Jaredt
Joined:
Posts:
7
Location:
London

Re: Passive Mode FTPS (TLS/SSL implicit) over SOCKS5 Fails.

Many Thanks,

martin wrote:

I have sent you another email with debug version for testing.

I have emailed you the debug logfiles for two attempts. The connection now works on most servers, with debug version 5.0.8 but still doesn't with 4.3.9. I found that one server wasn't working, but this was cured when "force IP in passive mode" is un-checked.

Is this related to bug 883?

Reply with quote

Advertisement

Jaredt
Joined:
Posts:
7
Location:
London

Still getting Zero-byte uploads with 5.1.2

I have just installed 5.1.2 and I am still unable to upload files using FTPS over a SOCKS 5 proxy:

1) I can connect and retrieve directory listings (I can establish the SSL/TLS connection)
2) I can download files (PASSV connections seem to work)
3) The same account works with Filezilla FTP client (the user account has the correct rights on the server)
4) The log files give no indication of a failed upload and the file is created, it is just zero bytes.

I am using Windows 7 32bit and I did a custom install without the drag & drop extensions because my Virus checker (Sophos) reported the registry changes for the drag & drop extensions as susspicious activity when I installed 5.1.1 so I was not sure that the extension had correctly registered.

I will email you the log file.

Reply with quote

Advertisement

You can post new topics in this forum