TLS broken
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pure-ftpd (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: pure-ftpd
While pure-ftpd was working flawlessly n Jaunty, it is broken in Karmic:
/usr/sbin/
With TLS enabled, a client can connect, auth, but gets no directory listing. Without TLS, it is working.
Debug-output:
WITH TLS:
Dec 23 15:27:26 www pure-ftpd: (?@ip-109-
Dec 23 15:27:26 www pure-ftpd: (?@ip-109-
Dec 23 15:27:26 www pure-ftpd: (?@ip-109-
Dec 23 15:27:26 www pure-ftpd: (?@ip-109-
Dec 23 15:27:26 www pure-ftpd: (?@ip-109-
Dec 23 15:27:26 www pure-ftpd: (?@ip-109-
Dec 23 15:27:26 www pure-ftpd: (<email address hidden>) [DEBUG] Command [pbsz] [0]
Dec 23 15:27:26 www pure-ftpd: (<email address hidden>) [DEBUG] Command [prot] [P]
Dec 23 15:27:26 www pure-ftpd: (<email address hidden>) [DEBUG] Command [feat] []
Dec 23 15:27:26 www pure-ftpd: (<email address hidden>) [DEBUG] Command [opts] [UTF8 ON]
Dec 23 15:27:26 www pure-ftpd: (<email address hidden>) [DEBUG] Command [noop] []
Dec 23 15:27:26 www pure-ftpd: (<email address hidden>) [DEBUG] Command [cwd] [/]
Dec 23 15:27:26 www pure-ftpd: (<email address hidden>) [DEBUG] Command [syst] []
Dec 23 15:27:26 www pure-ftpd: (<email address hidden>) [DEBUG] Command [stat] [/]
Dec 23 15:27:26 www pure-ftpd: (<email address hidden>) [DEBUG] Command [port] [192,168,
Dec 23 15:27:26 www pure-ftpd: (<email address hidden>) [DEBUG] Command [pasv] []
Dec 23 15:27:26 www pure-ftpd: (<email address hidden>) [DEBUG] Command [mlsd] []
Dec 23 15:28:36 www pure-ftpd: (<email address hidden>) [ERROR] SSL/TLS [/etc/ssl/
Dec 23 15:28:36 www pure-ftpd: (?@ip-109-
Dec 23 15:28:36 www pure-ftpd: (?@ip-109-
Dec 23 15:28:37 www pure-ftpd: (?@ip-109-
Dec 23 15:28:37 www pure-ftpd: (?@ip-109-
Dec 23 15:28:37 www pure-ftpd: (?@ip-109-
Dec 23 15:28:37 www pure-ftpd: (?@ip-109-
Dec 23 15:28:37 www pure-ftpd: (<email address hidden>) [DEBUG] Command [pbsz] [0]
Dec 23 15:28:37 www pure-ftpd: (<email address hidden>) [DEBUG] Command [prot] [P]
Dec 23 15:28:37 www pure-ftpd: (<email address hidden>) [DEBUG] Command [feat] []
Dec 23 15:28:37 www pure-ftpd: (<email address hidden>) [DEBUG] Command [opts] [UTF8 ON]
Dec 23 15:28:37 www pure-ftpd: (<email address hidden>) [DEBUG] Command [pwd] []
Dec 23 15:29:14 www pure-ftpd: (<email address hidden>) [DEBUG] Command [quit] []
Dec 23 15:29:14 www pure-ftpd: (<email address hidden>) [INFO] Logout.
WITHOUT TLS:
Dec 23 15:29:25 www pure-ftpd: (?@ip-109-
Dec 23 15:29:25 www pure-ftpd: (?@ip-109-
Dec 23 15:29:25 www pure-ftpd: (?@ip-109-
Dec 23 15:29:26 www pure-ftpd: (?@ip-109-
Dec 23 15:29:26 www pure-ftpd: (<email address hidden>) [DEBUG] Command [feat] []
Dec 23 15:29:26 www pure-ftpd: (<email address hidden>) [DEBUG] Command [opts] [UTF8 ON]
Dec 23 15:29:26 www pure-ftpd: (<email address hidden>) [DEBUG] Command [noop] []
Dec 23 15:29:26 www pure-ftpd: (<email address hidden>) [DEBUG] Command [cwd] [/]
Dec 23 15:29:26 www pure-ftpd: (<email address hidden>) [DEBUG] Command [syst] []
Dec 23 15:29:26 www pure-ftpd: (<email address hidden>) [DEBUG] Command [stat] [/]
Dec 23 15:29:30 www pure-ftpd: (<email address hidden>) [DEBUG] Command [quit] []
Dec 23 15:29:30 www pure-ftpd: (<email address hidden>) [INFO] Logout.
I have recreated the PEM-file like in the README.TLS.gz described, but this does not fix the problem. Also not firewalls active at the moment.
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 9.10
Release: 9.10
Codename: karmic
pure-ftpd-ldap 1.0.22-1
In 32bit environment in a KVM guest on AMD
Regards
Christian
Hi,
not only the TLS side to the client is broken! Also the connection to the LDAP server does not work. I needed to install stunnel to get pure-ftpd working over ssl with the LDAP server. Very bad, because I did not want to open port 636 (old style) :-(
Any plans to fix it?
Christian