Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

curl >= 7.71.0: failed to upload a file: curl: (18) SSL shutdown timeout #5797

Closed
gold22 opened this issue Aug 10, 2020 · 4 comments
Closed

curl >= 7.71.0: failed to upload a file: curl: (18) SSL shutdown timeout #5797

gold22 opened this issue Aug 10, 2020 · 4 comments
Labels

Comments

@gold22
Copy link

@gold22 gold22 commented Aug 10, 2020

I did this

# echo 123 | ./curl -T - --ftp-create-dirs -v --ftp-pasv --ssl -k -u ftpuser 'ftp://10.52.59.74/./test-dir/test-file.txt'
Enter host password for user 'ftpuser':
* Trying 10.52.59.74:21...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 10.52.59.74 (10.52.59.74) port 21 (#0)
< 220 (vsFTPd 3.0.3)
> AUTH SSL
< 234 Proceed with negotiation.
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [88 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [155 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [6 bytes data]
* TLSv1.3 (IN), TLS handshake, Request CERT (13):
{ [49 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1080 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS handshake, Certificate (11):
} [8 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* Server certificate:
* subject: C=XX; ST=XX; L=XX; O=XX; OU=XX; CN=XX; emailAddress=XX
* start date: Aug 10 06:54:34 2020 GMT
* expire date: Jan 31 06:54:34 2026 GMT
* issuer: C=XX; ST=XX; L=XX; O=XX; OU=XX; CN=XX; emailAddress=XX
* SSL certificate verify result: self signed certificate (18), continuing anyway.
} [5 bytes data]
> USER ftpuser
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [233 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [233 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< 331 Please specify the password.
} [5 bytes data]
> PASS *****
{ [5 bytes data]
< 230 Login successful.
} [5 bytes data]
> PBSZ 0
{ [5 bytes data]
< 200 PBSZ set to 0.
} [5 bytes data]
> PROT P
{ [5 bytes data]
< 200 PROT now Private.
} [5 bytes data]
> PWD
{ [5 bytes data]
< 257 "/home/ftpuser" is the current directory
* Entry path is '/home/ftpuser'
} [5 bytes data]
> CWD test-dir
* ftp_perform ends with SECONDARY: 0
{ [5 bytes data]
< 250 Directory successfully changed.
} [5 bytes data]
> EPSV
* Connect data stream passively
{ [5 bytes data]
< 229 Entering Extended Passive Mode (|||9069|)
* Trying 10.52.59.74:9069...
* Connecting to 10.52.59.74 (10.52.59.74) port 9069
* Connected to 10.52.59.74 (10.52.59.74) port 21 (#0)
} [5 bytes data]
> TYPE I
{ [5 bytes data]
< 200 Switching to Binary mode.
} [5 bytes data]
> STOR test-file.txt
{ [5 bytes data]
< 150 Ok to send data.
* Doing the SSL/TLS handshake on the data stream
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL re-using session ID
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [565 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [88 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [598 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [161 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [6 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* Server certificate:
* subject: C=XX; ST=XX; L=XX; O=XX; OU=XX; CN=XX; emailAddress=XX
* start date: Aug 10 06:54:34 2020 GMT
* expire date: Jan 31 06:54:34 2026 GMT
* issuer: C=XX; ST=XX; L=XX; O=XX; OU=XX; CN=XX; emailAddress=XX
* SSL certificate verify result: self signed certificate (18), continuing anyway.
} [5 bytes data]
* Remembering we are in dir "test-dir/"
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [233 bytes data]
* old SSL session ID is stale, removing
* SSL_ERROR_WANT_READ
* SSL shutdown timeout
{ [5 bytes data]
< 426 Failure reading network stream.
* server did not report OK, got 426
100 4 0 0 0 4 0 0 --:--:-- 0:00:10 --:--:-- 0
* Connection #0 to host 10.52.59.74 left intact
curl: (18) SSL shutdown timeout

I expected the following

The 'test-file.txt' file is uploaded successfully.

curl/libcurl version

curl 7.71.1 (x86_64-pc-linux-gnu) libcurl/7.71.1 OpenSSL/1.1.1c-fips zlib/1.2.11
Release-Date: 2020-07-01
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets

operating system

FTP server

  • CentOS Linux release 8.1.1911 (Core)
  • vsftpd-3.0.3-28.el8.x86_64
  • Linux server.tld 4.18.0-147.8.1.el8_1.x86_64 #1 SMP Thu Apr 9 13:49:54 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Client

  • CentOS Linux release 8.1.1911 (Core)
  • Linux client.tld 4.18.0-147.8.1.el8_1.x86_64 #1 SMP Thu Apr 9 13:49:54 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
@bagder
Copy link
Member

@bagder bagder commented Aug 10, 2020

I think f002c85 is to blame again. I think that one was a least partially incorrect.

bagder added a commit that referenced this issue Aug 10, 2020
The shutdown function is for downgrading a connection from TLS to plain,
and this is not requested here.

This partially reverts commit f002c85

Reported-by: Rasmus Melchior Jacobsen
Reported-by: Denis Goleshchikhin
Fixes #5797
@bagder
Copy link
Member

@bagder bagder commented Aug 10, 2020

I believe #5798 fixes your issue. Any chance you can test that theory?

@gold22
Copy link
Author

@gold22 gold22 commented Aug 10, 2020

I have tested #5798 and it helps. Thank you!

@bagder
Copy link
Member

@bagder bagder commented Aug 10, 2020

👍 thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

2 participants
You can’t perform that action at this time.