curl >= 7.71.0: failed to upload a file: curl: (18) SSL shutdown timeout

[gold22]

I did this

# echo 123 | ./curl -T - --ftp-create-dirs -v --ftp-pasv --ssl -k -u ftpuser 'ftp://10.52.59.74/./test-dir/test-file.txt'
Enter host password for user 'ftpuser':
* Trying 10.52.59.74:21...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 10.52.59.74 (10.52.59.74) port 21 (#0)
< 220 (vsFTPd 3.0.3)
> AUTH SSL
< 234 Proceed with negotiation.
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [88 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [155 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [6 bytes data]
* TLSv1.3 (IN), TLS handshake, Request CERT (13):
{ [49 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1080 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS handshake, Certificate (11):
} [8 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* Server certificate:
* subject: C=XX; ST=XX; L=XX; O=XX; OU=XX; CN=XX; emailAddress=XX
* start date: Aug 10 06:54:34 2020 GMT
* expire date: Jan 31 06:54:34 2026 GMT
* issuer: C=XX; ST=XX; L=XX; O=XX; OU=XX; CN=XX; emailAddress=XX
* SSL certificate verify result: self signed certificate (18), continuing anyway.
} [5 bytes data]
> USER ftpuser
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [233 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [233 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< 331 Please specify the password.
} [5 bytes data]
> PASS *****
{ [5 bytes data]
< 230 Login successful.
} [5 bytes data]
> PBSZ 0
{ [5 bytes data]
< 200 PBSZ set to 0.
} [5 bytes data]
> PROT P
{ [5 bytes data]
< 200 PROT now Private.
} [5 bytes data]
> PWD
{ [5 bytes data]
< 257 "/home/ftpuser" is the current directory
* Entry path is '/home/ftpuser'
} [5 bytes data]
> CWD test-dir
* ftp_perform ends with SECONDARY: 0
{ [5 bytes data]
< 250 Directory successfully changed.
} [5 bytes data]
> EPSV
* Connect data stream passively
{ [5 bytes data]
< 229 Entering Extended Passive Mode (|||9069|)
* Trying 10.52.59.74:9069...
* Connecting to 10.52.59.74 (10.52.59.74) port 9069
* Connected to 10.52.59.74 (10.52.59.74) port 21 (#0)
} [5 bytes data]
> TYPE I
{ [5 bytes data]
< 200 Switching to Binary mode.
} [5 bytes data]
> STOR test-file.txt
{ [5 bytes data]
< 150 Ok to send data.
* Doing the SSL/TLS handshake on the data stream
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL re-using session ID
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [565 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [88 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [598 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [161 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [6 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* Server certificate:
* subject: C=XX; ST=XX; L=XX; O=XX; OU=XX; CN=XX; emailAddress=XX
* start date: Aug 10 06:54:34 2020 GMT
* expire date: Jan 31 06:54:34 2026 GMT
* issuer: C=XX; ST=XX; L=XX; O=XX; OU=XX; CN=XX; emailAddress=XX
* SSL certificate verify result: self signed certificate (18), continuing anyway.
} [5 bytes data]
* Remembering we are in dir "test-dir/"
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [233 bytes data]
* old SSL session ID is stale, removing
* SSL_ERROR_WANT_READ
* SSL shutdown timeout
{ [5 bytes data]
< 426 Failure reading network stream.
* server did not report OK, got 426
100 4 0 0 0 4 0 0 --:--:-- 0:00:10 --:--:-- 0
* Connection #0 to host 10.52.59.74 left intact
curl: (18) SSL shutdown timeout

I expected the following

The 'test-file.txt' file is uploaded successfully.

curl/libcurl version

curl 7.71.1 (x86_64-pc-linux-gnu) libcurl/7.71.1 OpenSSL/1.1.1c-fips zlib/1.2.11
Release-Date: 2020-07-01
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets

operating system

FTP server

• CentOS Linux release 8.1.1911 (Core)
• vsftpd-3.0.3-28.el8.x86_64
• Linux server.tld 4.18.0-147.8.1.el8_1.x86_64 docs/libcurl/libcurl.m4 bug #1 SMP Thu Apr 9 13:49:54 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Client

• CentOS Linux release 8.1.1911 (Core)
• Linux client.tld 4.18.0-147.8.1.el8_1.x86_64 docs/libcurl/libcurl.m4 bug #1 SMP Thu Apr 9 13:49:54 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

[bagder]

I think f002c85 is to blame again. I think that one was a least partially incorrect.

[bagder]

I believe #5798 fixes your issue. Any chance you can test that theory?

[gold22]

I have tested #5798 and it helps. Thank you!

[bagder]

👍 thanks!