-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue with active FTPS connection after updating to libcurl 7.87.0/7.88.0 #10666
Comments
- since 7.87.0 we lost adding the SSL filter for an active FTP connection that uses SSL. This leads to hangers and timeouts as reported in curl#10666.
Would you be able to check if #10669 resolves the issue? Thanks! |
Hi, int debug_curl(CURL* handle, curl_infotype type, char* data, size_t size, void* userptr)
{
switch (type) {
case CURLINFO_TEXT:
printf("Curl output: * %s\n", data);
break;
case CURLINFO_HEADER_IN:
printf("Curl output: < %s\n", data);
break;
case CURLINFO_HEADER_OUT:
printf("Curl output: > %s\n", data);
break;
case CURLINFO_DATA_IN:
case CURLINFO_DATA_OUT:
case CURLINFO_SSL_DATA_IN:
case CURLINFO_SSL_DATA_OUT:
case CURLINFO_END:
break;
}
return 0;
}
int result(char *buf, size_t size, size_t nmemb, void *context)
{
printf("result: %s\n", buf);
return 0;
}
int main(int argc, char **argv)
{
char *url_with_user = argv[1];
char *password = argv[2];
CURL *curl = curl_easy_init();
struct curl_slist *m_headers = NULL;
if (!curl) {
printf("unable to init curl");
return 1;
}
curl_easy_setopt(curl, CURLOPT_TIMEOUT, 300);
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 30);
curl_easy_setopt(curl, CURLOPT_FTP_RESPONSE_TIMEOUT, 60);
curl_easy_setopt(curl, CURLOPT_TCP_KEEPALIVE, 1);
curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 60);
curl_easy_setopt(curl, CURLOPT_TCP_KEEPINTVL, 60);
curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, debug_curl);
curl_easy_setopt(curl, CURLOPT_DEBUGDATA, NULL);
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
// Option was here <-------------------------------------------------------------------
curl_easy_setopt(curl, CURLOPT_FTP_USE_EPRT, 1L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_easy_setopt(curl, CURLOPT_FTP_SSL, CURLFTPSSL_TRY);
curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_MAX_TLSv1_3);
curl_easy_setopt(curl, CURLOPT_URL, url_with_user);
curl_easy_setopt(curl, CURLOPT_USERPWD, password);
curl_easy_setopt(curl, CURLOPT_DIRLISTONLY, 0L);
curl_easy_setopt(curl, CURLOPT_NOBODY, 0);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, result);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, NULL);
curl_easy_perform(curl);
return 0;
} I believe we could disable your changes for FTP in passive mode: DEBUGF(infof(data, "ftp InitiateTransfer()"));
- if(conn->bits.ftp_use_data_ssl &&
+ if(conn->bits.ftp_use_data_ssl && data->set.ftp_use_port &&
!Curl_conn_is_ssl(conn, SECONDARYSOCKET)) {
result = Curl_ssl_cfilter_add(data, conn, SECONDARYSOCKET);
if(result) It works for me, but there might be better solutions since I'm not familiar with curl source code good enough. |
@bagder: you understand the ftp flags better than me. Does the proposed fix sound good to you? |
It seems like a good fix. The |
- since 7.87.0 we lost adding the SSL filter for an active FTP connection that uses SSL. This leads to hangers and timeouts as reported in curl#10666.
Added this to #10669. |
- since 7.87.0 we lost adding the SSL filter for an active FTP connection that uses SSL. This leads to hangers and timeouts as reported in curl#10666. Reported-by: SandakovMM on github Fixes curl#10666 Closes curl#10669
Hello
I am experiencing issues with FTP connection after updating to libcurl 7.87.0 and 7.88.0. Unable to reproduce the issue on 7.86.0.
I did this
There is a simple C utility to reproduce the issue:
It works fine with 7.86.0, but when I build it with 7.87.0 or 7.88.0, the connection hangs for a wait timeout and closes without output.
There is the output of the program with libcurl 7.87.0:
The issue disappears when I remove SSL parts of the code. So likely the problem somewhere in this part. Unfortunately, I can't see where exactly.
I expected the following
I expect to see the line:
Received from the other side.
For example this is the utility output built with libcurl 7.86.0:
curl/libcurl version
libcurl 7.87.0 and 7.88.0
operating system
Ubuntu 20
The text was updated successfully, but these errors were encountered: