Bug #67512 for Net-FTPSSL: 555 Can't read command channel bug

Sat Apr 16 11:16:37 2011 vijaymason [...] mac.com - Ticket created

Subject:	555 Can't read command channel bug
Date:	Sat, 16 Apr 2011 16:16:21 +0100
To:	bug-Net-FTPSSL [...] rt.cpan.org
From:	Vijay Mason <vijaymason [...] mac.com>

Hi, i'm having problems with NET::FTPSSL, see my code & log below. I can access the ftp via cyberduck (macosx) fine but not with NET::FTPSSL. My Code ======= #!/usr/bin/perl -w my $host = "ftp.secureftp-test.com"; my $port = 990; my $user = "test"; my $pass = "test"; use Net::FTPSSL; my $ftps = Net::FTPSSL->new($host, Port => $port, Timeout => 15, Encryption => "E", Debug => 1) or die "Can't open connect"; $ftps->login($user, $pass) or die "Can't login: ", $ftps->last_message(); $ftps->quit(); Log === Net-FTPSSL Version: 0.17 Perl: 5.010001 [5.10.1], OS: linux Server (port): ftp.secureftp-test.com (990) <<+ 555 Can't read command channel socket: Can't open connect at ./st.pl line 9. Kind Regards, Vijay Mason

Mon Apr 18 12:09:54 2011 CLEACH [...] cpan.org - Correspondence added

Hi Vijay, Based on the Port you selected (990), I'd guess that your server is expecting an implicit connection instead of an explicit connection. Try: Encryption => IMP_CRYPT, Curtis On Sat Apr 16 11:16:37 2011, vijaymason@mac.com wrote: Show quoted text

> Hi, > > i'm having problems with NET::FTPSSL, see my code & log below. I can > access the ftp via cyberduck (macosx) fine but not with NET::FTPSSL. > > > My Code > ======= > > #!/usr/bin/perl -w > my $host = "ftp.secureftp-test.com"; > my $port = 990; > my $user = "test"; > my $pass = "test"; > > use Net::FTPSSL; > > my $ftps = Net::FTPSSL->new($host, > Port => $port, > Timeout => 15, > Encryption => "E", > > Debug => 1) > or die "Can't open connect"; > > $ftps->login($user, $pass) or die "Can't login: ", $ftps-

> >last_message();

> $ftps->quit(); > > > > Log > === > > Net-FTPSSL Version: 0.17 > > Perl: 5.010001 [5.10.1], OS: linux > > Server (port): ftp.secureftp-test.com (990) > > <<+ 555 Can't read command channel socket: > Can't open connect at ./st.pl line 9. > > > Kind Regards, > > Vijay Mason > > > >

Mon Apr 18 12:09:55 2011 The RT System itself - Status changed from 'new' to 'open'

Mon Apr 18 13:57:54 2011 CLEACH [...] cpan.org - Correspondence added

Hi Vijay, Just for grins, I attempted to run the script below & it turned out it looks like that server is currently exposed on the internet. It looks to be a FireZilla Server verion 0.9.27 beta. I was able to log into that server only using an unencrypted command channel (Encryption=>CLR_CRYPT, Port=>21), also known as regular FTP. But as far as I can tell, that server doesn't support Implicit or Explicit connections. I attempt to do an "AUTH TLS" or "AUTH SSL" and I get a "550 Access is denied." message with EXP_CRYPT. And I get a "<<+ 555 Can't open tcp connection! (ftp.secureftp-test.com:990)" for IMP_CRYPT. I'm not sure what your cyberduck (macosx) program is, but are you sure it's not falling back to using regular FTP when connecting to that server? I tried using another package like CORE FTP and every time it tries to do a command to encrypt the command channel, that command errors out. So I'm assuming it's continuing with Regular FTP for it's communication. It could be that cyberduck is doing the same thing. But I couldn't get any FTP tool to work if I specified it to use port 990. The Net::FTPSSL code assumes you know the type of connection to use and the port #. It doesn't try out all the other connection types like some of those fancy binary utilities do. Curtis On Mon Apr 18 12:09:54 2011, CLEACH wrote: Show quoted text

> Hi Vijay, > > Based on the Port you selected (990), I'd guess that your server is > expecting an implicit connection instead of an explicit connection. > > Try: Encryption => IMP_CRYPT, > > Curtis > > > On Sat Apr 16 11:16:37 2011, vijaymason@mac.com wrote:

> > Hi, > > > > i'm having problems with NET::FTPSSL, see my code & log below. I

can Show quoted text

> > access the ftp via cyberduck (macosx) fine but not with

NET::FTPSSL. Show quoted text

> > > > > > My Code > > ======= > > > > #!/usr/bin/perl -w > > my $host = "ftp.secureftp-test.com"; > > my $port = 990; > > my $user = "test"; > > my $pass = "test"; > > > > use Net::FTPSSL; > > > > my $ftps = Net::FTPSSL->new($host, > > Port => $port, > > Timeout => 15, > > Encryption => "E", > > > > Debug => 1) > > or die "Can't open connect"; > > > > $ftps->login($user, $pass) or die "Can't login: ", $ftps-

> > >last_message();

> > $ftps->quit(); > > > > > > > > Log > > === > > > > Net-FTPSSL Version: 0.17 > > > > Perl: 5.010001 [5.10.1], OS: linux > > > > Server (port): ftp.secureftp-test.com (990) > > > > <<+ 555 Can't read command channel socket: > > Can't open connect at ./st.pl line 9. > > > > > > Kind Regards, > > > > Vijay Mason > > > > > > > >

> >

Tue Apr 19 13:36:49 2011 vijaymason [...] mac.com - Correspondence added

Subject:	Re: [rt.cpan.org #67512] 555 Can't read command channel bug
Date:	Tue, 19 Apr 2011 18:36:18 +0100
To:	bug-Net-FTPSSL [...] rt.cpan.org
From:	Vijay Mason <vijaymason [...] mac.com>

Hi Any plans to add "fancy connection types check" like other ftp clients do? Kind Regards, Vijay Mason On 18 Apr 2011, at 18:57, Curtis Leach via RT wrote: Show quoted text

> <URL: https://rt.cpan.org/Ticket/Display.html?id=67512 > > > Hi Vijay, > > Just for grins, I attempted to run the script below & it turned out it > looks like that server is currently exposed on the internet. It looks > to be a FireZilla Server verion 0.9.27 beta. > > I was able to log into that server only using an unencrypted command > channel (Encryption=>CLR_CRYPT, Port=>21), also known as regular FTP. > But as far as I can tell, that server doesn't support Implicit or > Explicit connections. > > I attempt to do an "AUTH TLS" or "AUTH SSL" and I get a "550 Access is > denied." message with EXP_CRYPT. And I get a > "<<+ 555 Can't open tcp connection! (ftp.secureftp-test.com:990)" for > IMP_CRYPT. > > I'm not sure what your cyberduck (macosx) program is, but are you sure > it's not falling back to using regular FTP when connecting to that > server? I tried using another package like CORE FTP and every time it > tries to do a command to encrypt the command channel, that command > errors out. So I'm assuming it's continuing with Regular FTP for it's > communication. It could be that cyberduck is doing the same thing. > > But I couldn't get any FTP tool to work if I specified it to use port > 990. > > The Net::FTPSSL code assumes you know the type of connection to use > and the port #. It doesn't try out all the other connection types > like some of those fancy binary utilities do. > > Curtis > > On Mon Apr 18 12:09:54 2011, CLEACH wrote:

>> Hi Vijay, >> >> Based on the Port you selected (990), I'd guess that your server is >> expecting an implicit connection instead of an explicit connection. >> >> Try: Encryption => IMP_CRYPT, >> >> Curtis >> >> >> On Sat Apr 16 11:16:37 2011, vijaymason@mac.com wrote:

>>> Hi, >>> >>> i'm having problems with NET::FTPSSL, see my code & log below. I

> can

>>> access the ftp via cyberduck (macosx) fine but not with

> NET::FTPSSL.

>>> >>> >>> My Code >>> ======= >>> >>> #!/usr/bin/perl -w >>> my $host = "ftp.secureftp-test.com"; >>> my $port = 990; >>> my $user = "test"; >>> my $pass = "test"; >>> >>> use Net::FTPSSL; >>> >>> my $ftps = Net::FTPSSL->new($host, >>> Port => $port, >>> Timeout => 15, >>> Encryption => "E", >>> >>> Debug => 1) >>> or die "Can't open connect"; >>> >>> $ftps->login($user, $pass) or die "Can't login: ", $ftps-

>>>> last_message();

>>> $ftps->quit(); >>> >>> >>> >>> Log >>> === >>> >>> Net-FTPSSL Version: 0.17 >>> >>> Perl: 5.010001 [5.10.1], OS: linux >>> >>> Server (port): ftp.secureftp-test.com (990) >>> >>> <<+ 555 Can't read command channel socket: >>> Can't open connect at ./st.pl line 9. >>> >>> >>> Kind Regards, >>> >>> Vijay Mason >>> >>> >>> >>>

>> >>

> > >

Tue Apr 19 15:38:20 2011 CLEACH [...] cpan.org - Correspondence added

Hi Vijay, I don't really have any plans to support logic that tries multiple ways to establish a connection until one succeeds. I just don't have the time to always be tweeking how it should work. Especially when it's not that difficult to implement such logic yourself if it's something you really need. (IE write a probe function which keeps calling new() with different arguments until you find one that works and it returns the ftps handle it established.) I figure if Net::FTPSSL is told to use encrypted traffic, there is a reason it must be encrypted, and I shouldn't be taking the liberty of decryping the traffic if I can't establish the requested encrypted connection. And if it was asked to use regular unencrypted FTP, I should do that instead. I can understand why some of the binary tools do this, but Net::FTPSSL is a module people code with, and it should attempt to do what was asked of it. With that said, if there is a problem in my code or a specific FTPS server doesn't play nice with the protocal, I'm willing to modify my code to fix the bug or figure out how to make it work with a specific problem FTPS server as long as it doesn't break things for everyone else. Also if there is something that Net::FTP does that Net::FTPSSL should also be doing, I'm willing to look into that as well. (That module does way more than mine does in some areas & a bit less in other areas.) I'm also willing to add new features should it add value. Like the list() & nlst() supporting wild cards or the callback feature. So let me know if I can close this ticket or if you are still having issues. If you are turning this into an enhancement request, please lay out the details of what you need me to do. Since if I understand it right, your initial problem was your server didn't support FTPS and I couldn't do anything about that problem. Curtis On Tue Apr 19 13:36:49 2011, vijaymason@mac.com wrote: Show quoted text

> Hi > > Any plans to add "fancy connection types check" like other ftp

clients do? Show quoted text

> > Kind Regards, > > Vijay Mason >

Thu Apr 21 02:55:00 2011 vijaymason [...] me.com - Correspondence added

Subject:	Re: [rt.cpan.org #67512] 555 Can't read command channel bug
Date:	Thu, 21 Apr 2011 07:54:24 +0100
To:	"bug-Net-FTPSSL [...] rt.cpan.org" <bug-Net-FTPSSL [...] rt.cpan.org>
From:	Vijay Mason <vijaymason [...] me.com>

Hi, You can close this ticket. Kind regards, Vijay On 19 Apr 2011, at 20:38, Curtis Leach via RT <bug-Net-FTPSSL@rt.cpan.org> wrote: Show quoted text

> <URL: https://rt.cpan.org/Ticket/Display.html?id=67512 > > > Hi Vijay, > > I don't really have any plans to support logic that tries multiple > ways to establish a connection until one succeeds. I just don't have > the time to always be tweeking how it should work. Especially when > it's not that difficult to implement such logic yourself if it's > something you really need. (IE write a probe function which keeps > calling new() with different arguments until you find one that works > and it returns the ftps handle it established.) > > I figure if Net::FTPSSL is told to use encrypted traffic, there is a > reason it must be encrypted, and I shouldn't be taking the liberty of > decryping the traffic if I can't establish the requested encrypted > connection. And if it was asked to use regular unencrypted FTP, I > should do that instead. > > I can understand why some of the binary tools do this, but Net::FTPSSL > is a module people code with, and it should attempt to do what was > asked of it. > > With that said, if there is a problem in my code or a specific FTPS > server doesn't play nice with the protocal, I'm willing to modify my > code to fix the bug or figure out how to make it work with a specific > problem FTPS server as long as it doesn't break things for everyone > else. > > Also if there is something that Net::FTP does that Net::FTPSSL should > also be doing, I'm willing to look into that as well. (That module > does way more than mine does in some areas & a bit less in other > areas.) > > I'm also willing to add new features should it add value. Like the > list() & nlst() supporting wild cards or the callback feature. > > So let me know if I can close this ticket or if you are still having > issues. If you are turning this into an enhancement request, please > lay out the details of what you need me to do. Since if I understand > it right, your initial problem was your server didn't support FTPS and > I couldn't do anything about that problem. > > Curtis > > On Tue Apr 19 13:36:49 2011, vijaymason@mac.com wrote:

>> Hi >> >> Any plans to add "fancy connection types check" like other ftp

> clients do?

>> >> Kind Regards, >> >> Vijay Mason >>

>

Tue Apr 26 13:00:35 2011 CLEACH [...] cpan.org - Status changed from 'open' to 'resolved'

Tue Apr 26 13:00:36 2011 CLEACH [...] cpan.org - Broken in 0.17 added

Tue Apr 26 13:00:36 2011 CLEACH [...] cpan.org - Fixed in 0.17 added

Tue Apr 26 13:00:36 2011 CLEACH [...] cpan.org - Severity Unimportant added