Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Timeout when performing FTP file list operation using Windows schannel to provide TLS #5284

bobmitchell1956 opened this issue Apr 23, 2020 · 4 comments


Copy link

I did this

curl -v --ftp-ssl -m 20 -u"neveis_read_only:ZK8K3w6RZLrcQgmC8j5CWBX" ""

I expected the following

The file list
-rw------- 1 1004 1005 1855798 Jul 31 2018 composer.phar
followed by the command completing.

Instead of the command completing, it just sits there until the timeout expires.
I have attached the log from executing this command using curl -v. The server (vsftpd) is

available for you to reproduce the issue.

curl/libcurl version

curl 7.55.1 (Windows) libcurl/7.55.1 WinSSL
Release-Date: [unreleased]
Protocols: dict file ftp ftps http https imap imaps pop3 pop3s smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL

Note that the same issue occurs with our own code linked against libcurl 7.65.3, using schannel to provide TLS.

operating system

Windows 10 Pro Version 1903 OS build 18362.778

@jay jay added the Windows Windows-specific label Apr 23, 2020
Copy link

bagder commented Apr 23, 2020

Note that you've now exposed username and password to the world in this issue and that log file.

Does this happen against other FTPS servers too, you know? If you try to download a single file from this server, does it repro the problem (ie is this problem LIST-specific)?

Copy link

jay commented Apr 23, 2020

I can reproduce this with Windows 10 but I don't have a development environment there. Windows 7 I can't reproduce because the handshake fails with SEC_E_ILLEGAL_MESSAGE. curl w/ OpenSSL seems to work fine.

With OpenSSL there's a close_notify sent by the server, followed by a close_notify immediately sent by the client. With Schannel there's a close_notify sent by the server, then a hang for the timeout period, then a close_notify sent by the client. Perhaps the server is waiting for a reply to the close_notify?

We don't have a way to decrypt Schannel in Wireshark, and even if we did Wireshark doesn't decrypt SSL upgraded FTP connnections, so it may be more complicated than this.

Copy link

bobmitchell1956 commented Apr 23, 2020 via email

Copy link

jay commented Jul 22, 2020

Unfortunately I don't have a way to debug this. I've labeled it "help wanted" but if nothing happens in several months it's going to go stale and be closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet

No branches or pull requests

3 participants