directory listing problem with ssl

[spec1alk]

non-ssl on port 21 works fine, ssl on port 990 pukes when trying to do directory listing. I was using flashfxp and decided to try filezilla client when it would not retrieve the directory listing. FileZilla client does the same thing.

Here is the debug output from filezilla client:

Code: Select all

Status:	Connecting to myftpserver.example.com:990 ...
Trace:	FtpControlSocket.cpp(4894): m_pSslLayer changed state from 0 to 1   caller=0x00d59bcc
Trace:	FtpControlSocket.cpp(4894): m_pSslLayer changed state from 1 to 2   caller=0x00d59bcc
Trace:	FtpControlSocket.cpp(4894): m_pSslLayer changed state from 2 to 4   caller=0x00d59bcc
Trace:	FtpControlSocket.cpp(889): OnConnect(0)  OpMode=1 OpState=-1   caller=0x00d59bcc
Status:	Connected with myftpserver.example.com:990, negotiating SSL connection...
Trace:	SSL_connect: SSLv3 read server hello A
Trace:	SSL_connect: SSLv3 read server certificate A
Trace:	SSL_connect: SSLv3 read server done A
Trace:	SSL_connect: SSLv3 write client key exchange A
Trace:	SSL_connect: SSLv3 write change cipher spec A
Trace:	SSL_connect: SSLv3 write finished A
Trace:	SSL_connect: SSLv3 flush data
Trace:	SSL_connect: SSLv3 read finished A
Trace:	Using TLSv1, cipher TLSv1/SSLv3: AES256-SHA, 1024 bit RSA
Status:	SSL connection established. Waiting for welcome message...
Trace:	FtpControlSocket.cpp(712): OnReceive(0)  OpMode=1 OpState=-1   caller=0x00d59bcc
Response:	220-FileZilla Server version 0.9.6a beta
Response:	220-written by Tim Kosse (Tim.Kosse@gmx.de)
Response:	220 Please visit http://sourceforge.net/projects/filezilla/
Command:	USER ********
Trace:	FtpControlSocket.cpp(712): OnReceive(0)  OpMode=1 OpState=0   caller=0x00d59bcc
Response:	331 Password required for removed
Command:	PASS ********
Trace:	FtpControlSocket.cpp(712): OnReceive(0)  OpMode=1 OpState=3   caller=0x00d59bcc
Response:	230 Logged on
Command:	FEAT
Trace:	FtpControlSocket.cpp(712): OnReceive(0)  OpMode=1 OpState=-13   caller=0x00d59bcc
Response:	211-Features:
Trace:	FtpControlSocket.cpp(712): OnReceive(0)  OpMode=1 OpState=-13   caller=0x00d59bcc
Response:	 MDTM
Trace:	FtpControlSocket.cpp(712): OnReceive(0)  OpMode=1 OpState=-13   caller=0x00d59bcc
Response:	 REST STREAM
Trace:	FtpControlSocket.cpp(712): OnReceive(0)  OpMode=1 OpState=-13   caller=0x00d59bcc
Response:	 SIZE
Trace:	FtpControlSocket.cpp(712): OnReceive(0)  OpMode=1 OpState=-13   caller=0x00d59bcc
Response:	 MODE Z
Trace:	FtpControlSocket.cpp(712): OnReceive(0)  OpMode=1 OpState=-13   caller=0x00d59bcc
Response:	 MLST type*;size*;modify*;
Trace:	FtpControlSocket.cpp(712): OnReceive(0)  OpMode=1 OpState=-13   caller=0x00d59bcc
Response:	211 End
Command:	SYST
Trace:	FtpControlSocket.cpp(712): OnReceive(0)  OpMode=1 OpState=-14   caller=0x00d59bcc
Response:	215 UNIX emulated by FileZilla
Status:	Connected
Trace:	FtpControlSocket.cpp(3729): ResetOperation(1)  OpMode=1 OpState=-14   caller=0x00d59bcc
Trace:	FtpControlSocket.cpp(1097): List(FALSE,0,"","",1)  OpMode=0 OpState=-1   caller=0x00d59bcc
Status:	Retrieving directory listing...
Command:	PWD
Trace:	FtpControlSocket.cpp(712): OnReceive(0)  OpMode=4 OpState=0   caller=0x00d59bcc
Response:	257 "/" is current directory.
Trace:	FtpControlSocket.cpp(1097): List(FALSE,0,"","",0)  OpMode=4 OpState=0   caller=0x00d59bcc
Command:	MODE Z
Trace:	FtpControlSocket.cpp(712): OnReceive(0)  OpMode=4 OpState=5   caller=0x00d59bcc
Response:	504 MODE Z not enabled
Trace:	FtpControlSocket.cpp(1097): List(FALSE,0,"","",0)  OpMode=4 OpState=5   caller=0x00d59bcc
Command:	PORT 172,22,3,212,10,109
Trace:	FtpControlSocket.cpp(712): OnReceive(0)  OpMode=4 OpState=7   caller=0x00d59bcc
Response:	200 Port command successful
Trace:	FtpControlSocket.cpp(1097): List(FALSE,0,"","",0)  OpMode=4 OpState=7   caller=0x00d59bcc
Command:	TYPE A
Trace:	FtpControlSocket.cpp(712): OnReceive(0)  OpMode=4 OpState=8   caller=0x00d59bcc
Response:	200 Type set to A
Trace:	FtpControlSocket.cpp(1097): List(FALSE,0,"","",0)  OpMode=4 OpState=8   caller=0x00d59bcc
Trace:	TransferSocket.cpp(565): SetActive()   caller=0x01602444
Command:	LIST
Trace:	FtpControlSocket.cpp(712): OnReceive(0)  OpMode=4 OpState=9   caller=0x00d59bcc
Response:	150 Opening data channel for directory list.
Trace:	FtpControlSocket.cpp(1097): List(FALSE,0,"","",0)  OpMode=4 OpState=9   caller=0x00d59bcc
Trace:	FtpControlSocket.cpp(712): OnReceive(0)  OpMode=4 OpState=10   caller=0x00d59bcc
Response:	425 Can't open data connection.
Trace:	FtpControlSocket.cpp(1097): List(FALSE,0,"","",0)  OpMode=4 OpState=10   caller=0x00d59bcc
Trace:	FtpControlSocket.cpp(3729): ResetOperation(4)  OpMode=4 OpState=10   caller=0x00d59bcc
Trace:	TransferSocket.cpp(97): ~CTransferSocket()   caller=0x01602444
Trace:	TransferSocket.cpp(1146): Close()   caller=0x01602444
Error:	Could not retrieve directory listing
Trace:	FtpControlSocket.cpp(1028): DoClose(0)  OpMode=1024 OpState=-1   caller=0x00d59bcc
Trace:	FtpControlSocket.cpp(3729): ResetOperation(4100)  OpMode=1024 OpState=-1   caller=0x00d59bcc
Status:	Disconnected from server

[spec1alk]

I did try with the ftps:// in the address field too. still didnt work.

[spec1alk]

also, I tried this from inside my firewall at home and it works fine. From my work computer, it doesnt work. Any ideas? Do I need to open an additional port?

I have port 990 and 21 configured on my router to NAT to the server. Works fine with port 21 through my router. ssl on port 990 or 21(I configured ssl for port 21 to test) doesnt work.

[spec1alk]

ok, since no one would help me, I helped myself.

What I found is that it appears SSL does not work unless you are also using passive transfers. It would be nice if there was a note somewhere saying this. So I added some PASV ports and forwarded them with my router and now I get my directory listing.

[botg]

SSL works fine with non-passive transfers. If not, your router/firewall is not configured properly.