Page 2 of 7
Posted: 2006-11-06, 17:47 UTC
by oldhouse
Do u have any web link on how to do so? I really don't have any idea...
Posted: 2006-11-06, 18:28 UTC
by franck8244
For those who want to test the new ftp / ssl features:
ftps server : 194.146.111.60
username : pub_tc_user
passwd : tctest
pub key of the server (save as rootcert.pem)
Code: Select all
-----BEGIN CERTIFICATE-----
MIICeTCCAeICCQDFOUrIQ9jyfzANBgkqhkiG9w0BAQQFADCBgDELMAkGA1UEBhMC
R0UxDzANBgNVBAgTBkdFTkVWQTELMAkGA1UEBxMCR0UxDDAKBgNVBAoTAzdnMDEM
MAoGA1UECxMDN2cwMRcwFQYDVQQDEw4xOTQuMTQ2LjExMS42MDEeMBwGCSqGSIb3
DQEJARYPZnJnQGhlcHRhZ28uY29tMB4XDTA2MDkyNTEwMTc0MFoXDTA3MDkyNTEw
MTc0MFowgYAxCzAJBgNVBAYTAkdFMQ8wDQYDVQQIEwZHRU5FVkExCzAJBgNVBAcT
AkdFMQwwCgYDVQQKEwM3ZzAxDDAKBgNVBAsTAzdnMDEXMBUGA1UEAxMOMTk0LjE0
Ni4xMTEuNjAxHjAcBgkqhkiG9w0BCQEWD2ZyZ0BoZXB0YWdvLmNvbTCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEA4cHYSQtW/CxgzR21ES9ZPqFfl3UOXxK28lmv
fkhvWorSCSm1B3DDWitQwz7/A90GwSXBgbNn8VMc2aAd9TqQfIZrvnUXAruNKZeQ
eiLZCa9CnyovxcqoJ98lIzRZKfxuEl/9GinTTrGEpBmnjIwaLXUPfY01vbtxHHFZ
UOWR/zECAwEAATANBgkqhkiG9w0BAQQFAAOBgQAfLz0+zvnTOBrqRwIOCkaN4jJm
epLwtAPvHlRKq0wbIEA98tdHnib2A0PqQ/+lxI49jGzLqBi4qf3PagKNhJZ9I6BW
fK06o7SnhTsGokkfen2v08x3bplrI+79P/EjZRwd4+MXPkMGnAM4/D6vRhjjZk/j
JRQdvU4uz5g+EQgSSA==
-----END CERTIFICATE-----
Uploaded files will be removed every hours...
Franck
Posted: 2006-11-07, 10:03 UTC
by oldhouse
How can I get the public key from a site where I don't own certificate?
Posted: 2006-11-07, 15:58 UTC
by Teal_One
ghisler(Author) wrote:Try to connect anonymously to our forum server:
ftps://ghisler.ch/
I did, however it hang on the command "LIST".
Code: Select all
----------
Connect to: (07.11.2006 16:46:28)
hostname=ghisler.ch
username=anonymous
startdir=
ghisler.ch=204.157.1.65
220---------- Welcome to Pure-FTPd [TLS] ----------
220-You are user number 6 of 50 allowed.
220-Local time is now 10:46. Server port: 21.
220 You will be disconnected after 15 minutes of inactivity.
AUTH TLS
234 AUTH TLS OK.
Cert subject: /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=gandalf.dewahost.net/emailAddress=ssl@cpanel.net
Cert issuer: /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=gandalf.dewahost.net/emailAddress=ssl@cpanel.net
USER anonymous
230 Anonymous user logged in
SYST
215 UNIX Type: L8
FEAT
211-Extensions supported:
EPRT
IDLE
MDTM
SIZE
REST STREAM
MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
MLSD
ESTP
PASV
EPSV
SPSV
ESTA
AUTH TLS
PBSZ
PROT
211 End.
PBSZ 0
200 PBSZ=0
PROT P
534 Fallback to [C]
Connect ok!
CWD /
250 OK. Current directory is /
PWD
257 "/" is your current location
Verzeichnis einlesen
TYPE A
200 TYPE is now ASCII
PORT 85,216,78,207,5,237
200 PORT command successful
LIST
Taste 'Abbrechen' betätigt!
franck8244 wrote:ftps server : 194.146.111.60
username : pub_tc_user
passwd : tctest
Thx a lot, however I've the same problem: It hang on the "LIST" command.
So three different server same problem (the problem I reported first is gone).
I use version 0.9.8d of libeay32.dll and libssl32.dll
be484325e8d904b61d769bdcec66bbb0 *libeay32.dll
57053e0ed5d31f7f776f9481d5d5cd83 *libssl32.dll
Posted: 2006-11-07, 17:09 UTC
by ghisler(Author)
Try passive mode.
Posted: 2006-11-07, 17:44 UTC
by norfie²
I got no successful connection. Probably the router is the reason? The same error message with passive mode.
Code: Select all
----------
Connect to: (07.11.2006 16:51:08)
hostname=ghisler.ch
username=anonymous
startdir=
ghisler.ch=204.157.1.65
220---------- Welcome to Pure-FTPd [TLS] ----------
220-You are user number 2 of 50 allowed.
220-Local time is now 10:51. Server port: 21.
220 You will be disconnected after 15 minutes of inactivity.
AUTH TLS
234 AUTH TLS OK.
Cert subject: /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=gandalf.dewahost.net/emailAddress=ssl@cpanel.net
Cert issuer: /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=gandalf.dewahost.net/emailAddress=ssl@cpanel.net
USER anonymous
230 Anonymous user logged in
SYST
215 UNIX Type: L8
FEAT
211-Extensions supported:
EPRT
IDLE
MDTM
SIZE
REST STREAM
MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
MLSD
ESTP
PASV
EPSV
SPSV
ESTA
AUTH TLS
PBSZ
PROT
211 End.
PBSZ 0
200 PBSZ=0
PROT P
534 Fallback to [C]
Connect ok!
PWD
257 "/" is your current location
Verzeichnis einlesen
TYPE A
200 TYPE is now ASCII
PORT 192,168,102,2,5,106
500 I won't open a connection to 192.168.102.2 (only to 85.216.78.207)
Posted: 2006-11-07, 17:56 UTC
by franck8244
2norfie²
That's indeed your router's problem...
ftps:// option does not work with a proxy
Posted: 2006-11-08, 06:49 UTC
by 848
To establish a FTPS connection the URL must be entered like ftps://ghisler.ch This does not work well when connecting through a proxy. TC sends the URL including ftps:// to the proxy. The proxy does not know what to do with it.
This is sent to the example;
GET
ftp://ftps://ghisler.ch/ HTTP/1.0
Host: ftps://ghisler.ch
User-Agent: Mozilla/4.0 (compatible; Totalcmd; Windows XP)
TC should omit ftps:// from the URL send to the proxy.
Maybe it is possible to enable FTPS via an optionbox like "Use firewall"? If so, this option should also be available with ctrl-n.
Posted: 2006-11-08, 16:57 UTC
by ghisler(Author)
PORT 192,168,102,2,5,106
You are still in port mode! You need to switch that specific connection to passive mode, it's stored in the settings of each connection.
To establish a FTPS connection the URL must be entered like ftps://ghisler.ch This does not work well when connecting through a proxy.
Do not use the HTTP proxy with ftp support for ftps. It's a clear text http connection, and doesn't support encrypted ftp.
Instead, use the other HTTP proxy option HTTP CONNECT!
Posted: 2006-11-08, 17:28 UTC
by Teal_One
ghisler(Author) wrote:Try passive mode.
Yes, now it works. Thx - but why is there the "insecure" icon (open key)?
Posted: 2006-11-08, 17:29 UTC
by norfie²
ghisler(Author) wrote:PORT 192,168,102,2,5,106
You are still in port mode! You need to switch that specific connection to passive mode, it's stored in the settings of each connection.
Same error with passive mode
wcx_ftp.ini wrote:[ftps-Test Ghisler]
host=ftps://ghisler.ch
username=anonymous
anonymous=1
pasvmode=1
Code: Select all
----------
Connect to: (08.11.2006 18:22:05)
hostname=ghisler.ch
username=anonymous
startdir=
ghisler.ch=204.157.1.65
220---------- Welcome to Pure-FTPd [TLS] ----------
220-You are user number 3 of 50 allowed.
220-Local time is now 12:21. Server port: 21.
220 You will be disconnected after 15 minutes of inactivity.
AUTH TLS
234 AUTH TLS OK.
Cert subject: /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown
/CN=gandalf.dewahost.net/emailAddress=ssl@cpanel.net
Cert issuer: /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown
/CN=gandalf.dewahost.net/emailAddress=ssl@cpanel.net
USER anonymous
230 Anonymous user logged in
SYST
215 UNIX Type: L8
FEAT
211-Extensions supported:
EPRT
IDLE
MDTM
SIZE
REST STREAM
MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
MLSD
ESTP
PASV
EPSV
SPSV
ESTA
AUTH TLS
PBSZ
PROT
211 End.
PBSZ 0
200 PBSZ=0
PROT P
534 Fallback to [C]
Connect ok!
PWD
257 "/" is your current location
Verzeichnis einlesen
TYPE A
200 TYPE is now ASCII
PASV
227 Entering Passive Mode (204,157,1,65,120,47)
PORT 192,168,102,2,4,183
500 I won't open a connection to 192.168.102.2 (only to 85.216.78.7)
EDIT: If I disable the firewall it works like expected. Which additional ports has to be enabled for working? FTPS Port 990 is enabled already.
Posted: 2006-11-09, 16:59 UTC
by ghisler(Author)
You cannot open a fixed outgoing port for that - ftp and ftps use random ports for data connections, as you can see in the reponse to the PASV command (the last two numbers form the port).
Posted: 2006-11-12, 21:50 UTC
by OutlawZ
Hi!
I have problem.
Tried the new ftps feature. I've copied all the required files to tc's dir (ssleay32.dll, libeay32.dll and even tried libssl32.dll and rootcerts.pem) and always get the error msg:
OpenSSL Library not found!
What can/shoud i do to get it work?
Regards,
OutlawZ
Version ?
Posted: 2006-11-12, 22:22 UTC
by Clo
2
OutlawZ
Hello ! Welcome aboard !
• Please, check if you have a correct version :
- Here, I've
0.9.8.1 and that works.
Kind regards,
Claude
Clo
Posted: 2006-11-13, 00:30 UTC
by OutlawZ
Thanks a lot!
It looks i've tried too old dll-s and i'm just installed openssl on my pc. Now with 0.9.8d it looks to work.
Is it possible the problem was that i haven't installed open ssl just downloaded the dll-s or fully the wrong versions of the dll's?
Thx a lot again
And thx the welcome;)
Regards
OutlawZ