ID: 36103
User updated by: rebe at unit01 dot net
Reported By: rebe at unit01 dot net
Status: Open
Bug Type: FTP related
Operating System: linux
PHP Version: 5.1.2
New Comment:
OK here's what we figured out with a friend of mine. Login function in
ext/ftp.c treat all errors (also "want_more..." ) as login fail but it
is not true. A patch below is fixing problem and makes everything
working fine:
@@ -243,6 +243,7 @@
{
#if HAVE_OPENSSL_EXT
SSL_CTX *ctx = NULL;
+ int err,errs;
#endif
if (ftp == NULL) {
return 0;
@@ -291,13 +292,24 @@
}
SSL_set_fd(ftp->ssl_handle, ftp->fd);
-
+/*
if (SSL_connect(ftp->ssl_handle) <= 0) {
php_error_docref(NULL TSRMLS_CC,
E_WARNING, "SSL/TLS handshake failed");
SSL_shutdown(ftp->ssl_handle);
return 0;
}
-
+*/
+err=SSL_connect(ftp->ssl_handle);
+while (err <= 0) {
+ errs = SSL_get_error(ftp->fd, err);
+ if ((errs != SSL_ERROR_WANT_READ) && (errs !=
SSL_ERROR_WANT_WRITE) && (errs != SSL_ERROR_WANT_X509_LOOKUP)) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSL/TLS handshake
failed");
+ SSL_shutdown(ftp->ssl_handle);
+ return 0;
+ }
+ err = SSL_connect(ftp->ssl_handle);
+}
+
Previous Comments:
------------------------------------------------------------------------
[2006-01-23 10:10:34] rebe at unit01 dot net
OK. I did that test from Trustix distro. The same piece of code acts
exactly the same way.
For me it looks like that openssl works fine as long as many other
aplications using it successfuly (apache, ftp, openvpn etc.).
------------------------------------------------------------------------
[2006-01-20 17:18:47] [EMAIL PROTECTED]
AFAIR Debian had some problems with Openssl packages.
Try to build the newest openssl from sources and recompile PHP using
it.
------------------------------------------------------------------------
[2006-01-20 17:07:47] rebe at unit01 dot net
debian:/var/www/test# uname -a
Linux debian 2.6.8-1-686 #1 Thu Nov 25 04:34:30 UTC 2004 i686 GNU/Linux
------------------------------------------------------------------------
[2006-01-20 16:54:58] [EMAIL PROTECTED]
Which linux is it?
------------------------------------------------------------------------
[2006-01-20 16:52:31] rebe at unit01 dot net
It is an CLI script running as root user:
debian:/var/www/test# ./ftptls.php
Warning: ftp_login(): SSL/TLS handshake failed in
/var/www/test/ftptls.php on line 4
Warning: ftp_login(): AUTH TLS successful in /var/www/test/ftptls.php
on line 4
login failed
now lftp connection:
debian:/var/www/test# lftp
lftp :~> open 192.168.10.120
lftp 192.168.10.120:~> login admin qwerty
lftp [EMAIL PROTECTED]:~> pwd
ftp://admin:[EMAIL PROTECTED]
lftp [EMAIL PROTECTED]:~> ls
drwxrwxr-x 35 ftp ftp 4096 Jan 16 16:22 .
drwxrwxr-x 35 ftp ftp 4096 Jan 16 16:22 ..
lftp [EMAIL PROTECTED]:/>
Server (proftpd on second machine) is configured with options:
TLSRSACertificateFile /etc/embedos/ftp/ftpserver.cert.cert
TLSRSACertificateKeyFile /etc/embedos/ftp/ftpserver.cert.key
TLSVerifyClient off
TLSEngine on
TLSProtocol TLSv1
TLSRequired on
SSL is required. TO test it i did ftp'ing with non-ssl client:
debian:/var/www/test# ftp 192.168.10.120
Connected to 192.168.10.120.
220 Ethernus FTP Server
Name (192.168.10.120:root): admin
550 SSL/TLS required on the control channel
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/36103
--
Edit this bug report at http://bugs.php.net/?id=36103&edit=1
