ID: 36103 User updated by: rebe at unit01 dot net Reported By: rebe at unit01 dot net Status: Open Bug Type: FTP related Operating System: linux PHP Version: 5.1.2 New Comment:
OK here's what we figured out with a friend of mine. Login function in ext/ftp.c treat all errors (also "want_more..." ) as login fail but it is not true. A patch below is fixing problem and makes everything working fine: @@ -243,6 +243,7 @@ { #if HAVE_OPENSSL_EXT SSL_CTX *ctx = NULL; + int err,errs; #endif if (ftp == NULL) { return 0; @@ -291,13 +292,24 @@ } SSL_set_fd(ftp->ssl_handle, ftp->fd); - +/* if (SSL_connect(ftp->ssl_handle) <= 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSL/TLS handshake failed"); SSL_shutdown(ftp->ssl_handle); return 0; } - +*/ +err=SSL_connect(ftp->ssl_handle); +while (err <= 0) { + errs = SSL_get_error(ftp->fd, err); + if ((errs != SSL_ERROR_WANT_READ) && (errs != SSL_ERROR_WANT_WRITE) && (errs != SSL_ERROR_WANT_X509_LOOKUP)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSL/TLS handshake failed"); + SSL_shutdown(ftp->ssl_handle); + return 0; + } + err = SSL_connect(ftp->ssl_handle); +} + Previous Comments: ------------------------------------------------------------------------ [2006-01-23 10:10:34] rebe at unit01 dot net OK. I did that test from Trustix distro. The same piece of code acts exactly the same way. For me it looks like that openssl works fine as long as many other aplications using it successfuly (apache, ftp, openvpn etc.). ------------------------------------------------------------------------ [2006-01-20 17:18:47] [EMAIL PROTECTED] AFAIR Debian had some problems with Openssl packages. Try to build the newest openssl from sources and recompile PHP using it. ------------------------------------------------------------------------ [2006-01-20 17:07:47] rebe at unit01 dot net debian:/var/www/test# uname -a Linux debian 2.6.8-1-686 #1 Thu Nov 25 04:34:30 UTC 2004 i686 GNU/Linux ------------------------------------------------------------------------ [2006-01-20 16:54:58] [EMAIL PROTECTED] Which linux is it? ------------------------------------------------------------------------ [2006-01-20 16:52:31] rebe at unit01 dot net It is an CLI script running as root user: debian:/var/www/test# ./ftptls.php Warning: ftp_login(): SSL/TLS handshake failed in /var/www/test/ftptls.php on line 4 Warning: ftp_login(): AUTH TLS successful in /var/www/test/ftptls.php on line 4 login failed now lftp connection: debian:/var/www/test# lftp lftp :~> open 192.168.10.120 lftp 192.168.10.120:~> login admin qwerty lftp [EMAIL PROTECTED]:~> pwd ftp://admin:[EMAIL PROTECTED] lftp [EMAIL PROTECTED]:~> ls drwxrwxr-x 35 ftp ftp 4096 Jan 16 16:22 . drwxrwxr-x 35 ftp ftp 4096 Jan 16 16:22 .. lftp [EMAIL PROTECTED]:/> Server (proftpd on second machine) is configured with options: TLSRSACertificateFile /etc/embedos/ftp/ftpserver.cert.cert TLSRSACertificateKeyFile /etc/embedos/ftp/ftpserver.cert.key TLSVerifyClient off TLSEngine on TLSProtocol TLSv1 TLSRequired on SSL is required. TO test it i did ftp'ing with non-ssl client: debian:/var/www/test# ftp 192.168.10.120 Connected to 192.168.10.120. 220 Ethernus FTP Server Name (192.168.10.120:root): admin 550 SSL/TLS required on the control channel Login failed. Remote system type is UNIX. Using binary mode to transfer files. ftp> ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/36103 -- Edit this bug report at http://bugs.php.net/?id=36103&edit=1