Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

522 SSL connection failed; session reuse required: see require_ssl_reuse option in vsftpd.conf man page #1283

Closed
jack7leven opened this issue Jun 27, 2023 · 4 comments
Closed

522 SSL connection failed; session reuse required: see require_ssl_reuse option in vsftpd.conf man page #1283

jack7leven opened this issue Jun 27, 2023 · 4 comments
Labels
FluentFTP.GnuTLS SSL Session Resume Collection: SSL Session Resume issues vsftpd-server

Comments

@jack7leven
Copy link

FTP Server OS: Unknown

FTP Server Type: Unknown

Client Computer OS: Windows

FluentFTP Version: Latest

Framework: .NET 7

Uploading file fails. In FileZilla it copies fine if I choose overwrite.

Logs :

# AutoConnect()

# AutoDetect(True, False)

# Connect(False)
Status:   FluentFTP 46.0.2.0
Status:   Connecting to IP #1= ***:21
Status:   Waiting for a response
Response: 220 You successfully have connected [738697.957d]
Command:  AUTH TLS
Status:   Waiting for response to: AUTH TLS
Response: 234 Proceed with negotiation. [84ms]
Warning:  SSL Buffering force disabled, is .NET 5.0 and later
Status:   FTPS authentication successful, lib = .NET SslStream, cipher suite = Tls12 (Aes256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 44550, 256) [244ms]
Command:  USER ***
Status:   Waiting for response to: USER ***
Response: 331 Please specify the password. [77ms]
Command:  PASS ***
Status:   Waiting for response to: PASS ***
Response: 230 Login successful. [112ms]
Command:  PBSZ 0
Status:   Waiting for response to: PBSZ 0
Response: 200 PBSZ set to 0. [191ms]
Command:  PROT P
Status:   Waiting for response to: PROT P
Response: 200 PROT now Private. [118ms]
Command:  FEAT
Status:   Waiting for response to: FEAT
Response: 550 Permission denied. [98ms]
Status:   Text encoding: System.Text.UTF8Encoding+UTF8EncodingSealed
Command:  OPTS UTF8 ON
Status:   Waiting for response to: OPTS UTF8 ON
Response: 200 Always in UTF8 mode. [75ms]
Command:  SYST
Status:   Waiting for response to: SYST
Response: 550 Permission denied. [78ms]
Warning:  Cannot auto-detect listing parser for system 'Unknown', using Unix parser
Status:   Listing parser set to: Unix
Command:  PWD
Status:   Waiting for response to: PWD
Response: 257 "/" [74ms]

# FileExists("FILENAME.csv")

# GetNameListing("/")
Command:  TYPE I
Status:   Waiting for response to: TYPE I
Response: 200 Switching to Binary mode. [74ms]

# OpenDataStreamAsync("NLST /", 0)

# OpenPassiveDataStreamAsync(PASV, "NLST /", 0)
Command:  PASV
Status:   Waiting for response to: PASV
Response: 227 Entering Passive Mode (3,214,116,245,182,188). [77ms]
Status:   Connecting to IP #1= ***:46780
Command:  NLST /
Status:   Waiting for response to: NLST /
Response: 550 Permission denied. [84ms]
Status:   Closing/Disposing FtpSocketStream(data connection)

# CloseDataStream()

# UploadFile("C:\ExportLocation\FILENAME.csv", "FILENAME.csv", Overwrite, False, None)

# FileExists("FILENAME.csv")

# GetNameListing("/")

# OpenDataStreamAsync("NLST /", 0)

# OpenPassiveDataStreamAsync(PASV, "NLST /", 0)
Command:  PASV
Status:   Waiting for response to: PASV
Response: 227 Entering Passive Mode (3,214,116,245,182,184). [75ms]
Status:   Connecting to IP #1= ***:46776
Command:  NLST /
Status:   Waiting for response to: NLST /
Response: 550 Permission denied. [171ms]
Status:   Closing/Disposing FtpSocketStream(data connection)

# CloseDataStream()

# OpenWrite("FILENAME.csv", Binary)

# OpenDataStreamAsync("STOR FILENAME.csv", 0)

# OpenPassiveDataStreamAsync(PASV, "STOR FILENAME.csv", 0)
Command:  PASV
Status:   Waiting for response to: PASV
Response: 227 Entering Passive Mode (3,214,116,245,182,148). [335ms]
Status:   Connecting to IP #1= ***:46740
Command:  STOR FILENAME.csv
Status:   Waiting for response to: STOR FILENAME.csv
Response: 150 Ok to send data. [74ms]
Warning:  SSL Buffering force disabled, is .NET 5.0 and later
Status:   FTPS authentication successful, lib = .NET SslStream, cipher suite = Tls12 (Aes256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 44550, 256) [187ms]
Status:   Closing/Disposing FtpSocketStream(data connection)
Status:   Attempting upload resume at position 65536

# OpenAppend("FILENAME.csv", Binary)

# GetFileSize("FILENAME.csv", -1)

# OpenDataStreamAsync("APPE FILENAME.csv", 0)

# OpenPassiveDataStreamAsync(PASV, "APPE FILENAME.csv", 0)
Status:   Socket has stale data - prior to command execution
Status:   The stale data was:
Stale:    522 SSL connection failed; session reuse required: see require_ssl_reuse option in vsftpd.conf man page
Warning:  Reconnect needed due to stale data present on control connection (SslSessionLength: 15)
Status:   Command stashed: PASV
Status:   Closing/Disposing FtpSocketStream(control connection)

# Connect(True)
Warning:  Reconnect (Count: 1)
Status:   FluentFTP 46.0.2.0
Status:   Connecting to IP #1= ***:21
Status:   Waiting for a response
Response: 220 You successfully have connected [1.37s]
Command:  AUTH TLS
Status:   Waiting for response to: AUTH TLS
Response: 234 Proceed with negotiation. [76ms]
Warning:  SSL Buffering force disabled, is .NET 5.0 and later
Status:   FTPS authentication successful, lib = .NET SslStream, cipher suite = Tls12 (Aes256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 44550, 256) [307ms]
Command:  USER ***
Status:   Waiting for response to: USER ***
Response: 331 Please specify the password. [83ms]
Command:  PASS ***
Status:   Waiting for response to: PASS ***
Response: 230 Login successful. [116ms]
Command:  PBSZ 0
Status:   Waiting for response to: PBSZ 0
Response: 200 PBSZ set to 0. [83ms]
Command:  PROT P
Status:   Waiting for response to: PROT P
Response: 200 PROT now Private. [108ms]
Command:  FEAT
Status:   Waiting for response to: FEAT
Response: 550 Permission denied. [96ms]
Status:   Text encoding: System.Text.UTF8Encoding+UTF8EncodingSealed
Command:  OPTS UTF8 ON
Status:   Waiting for response to: OPTS UTF8 ON
Response: 200 Always in UTF8 mode. [235ms]
Command:  SYST
Status:   Waiting for response to: SYST
Response: 550 Permission denied. [112ms]
Warning:  Cannot auto-detect listing parser for system 'Unknown', using Unix parser
Status:   Listing parser set to: Unix
Command:  TYPE I
Status:   Waiting for response to: TYPE I
Response: 200 Switching to Binary mode. [90ms]

# SetWorkingDirectory("/")
Command:  CWD /
Status:   Waiting for response to: CWD /
Response: 250 Directory successfully changed. [173ms]
Command:  PWD
Status:   Waiting for response to: PWD
Response: 257 "/" [75ms]

Status:   Executing stashed command

Command:  PASV
Status:   Waiting for response to: PASV
Response: 227 Entering Passive Mode (3,214,116,245,183,8). [75ms]
Status:   Connecting to IP #1= ***:46856
Command:  APPE FILENAME.csv
Status:   Waiting for response to: APPE FILENAME.csv
Response: 550 Permission denied. [78ms]
Status:   Closing/Disposing FtpSocketStream(data connection)

# CloseDataStream()
Status:   Closing/Disposing FtpSocketStream(data connection)

Here's the sample source used for this application

		Code example:
        AsyncFtpClient client = new AsyncFtpClient(ftpHost, ftpUsername, ftpPassword);
        client.Config.ValidateAnyCertificate = true;
        client.Config.LogToConsole = true;
        FileInfo extension = new FileInfo(fileLocation);
        await client.AutoConnect();
		
		 if (await client.FileExists(fileDestination + extension.Name))
            {
                await client.DeleteFile(fileDestination + extension.Name);
            }

            try
            {
             string   result = (await client.UploadFile(fileLocation, fileDestination + extension.Name, FtpRemoteExists.Overwrite)).IsSuccess() ? "Success" : string.Empty;
            }
            catch (Exception exception)
            {
              
            }
@FanDjango FanDjango changed the title Upload fails with 550 Permission denied on APPE command 522 SSL connection failed; session reuse required: see require_ssl_reuse option in vsftpd.conf man page Jun 28, 2023
@FanDjango
Copy link
Collaborator

Hi, thanks for the detailed log. Did you read it?

Apart from permission denied on FEAT and SYST commands, as well as NLST commands, which makes overall usage of the FTP server a bit difficult (why has the server owner configured this in this way?), the first showstopper in the log is here:

Command:  STOR FILENAME.csv
Status:   Waiting for response to: STOR FILENAME.csv
Response: 150 Ok to send data. [74ms]
Warning:  SSL Buffering force disabled, is .NET 5.0 and later
Status:   FTPS authentication successful, lib = .NET SslStream, cipher suite = Tls12 (Aes256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 44550, 256) [187ms]
Status:   Closing/Disposing FtpSocketStream(data connection)
Status:   Attempting upload resume at position 65536

# OpenAppend("FILENAME.csv", Binary)

# GetFileSize("FILENAME.csv", -1)

# OpenDataStreamAsync("APPE FILENAME.csv", 0)

# OpenPassiveDataStreamAsync(PASV, "APPE FILENAME.csv", 0)
Status:   Socket has stale data - prior to command execution
Status:   The stale data was:
Stale:    522 SSL connection failed; session reuse required: see require_ssl_reuse option in vsftpd.conf man page
Warning:  Reconnect needed due to stale data present on control connection (SslSessionLength: 15)

From then onwards, the retry of the upload by doing an APPE, which of course causes a reconnect because of the dropped control connection, causes a flurry of subsequent errors that ensue from that first one.

So it is NOT a 550 permission denied on APPE command.

It is rather caused by:

522 SSL connection failed; session reuse required: see require_ssl_reuse option in vsftpd.conf man page

I will reword the issue title to reflect this.

Investigate all issues labelled "Session Resume", "FluentFTP.GnuTLS" to solve your problem.

@jack7leven
Copy link
Author

jack7leven commented Jul 3, 2023
edited

Hi,
I apologize for the late reply, I'm reviewing your suggestions and will revert. I saw the other errors, but got hung up on fixing the last one instead of reviewing the previous ones. My tests in Filezilla never showed the APPE so, I went down a rabbit hole of disabling that as I thought it was trying to append instead of overwrite and that was causing the overall failure. Thanks again for your prompt response.

@jack7leven
Copy link
Author

Thank you so much, this worked. I installed the FluentFTP.GnuTLS package and just added this.
client.Config.CustomStream = typeof(GnuTlsStream);

@FanDjango
Copy link
Collaborator

Happy to hear that.

My tests in Filezilla never showed the APPE s

Well, there is a difference in how Filezilla does things, and how FluentFTP does things.

The APPE is just a sort of retry. There is a list of errors for which a retry is deemed to be doomed to failure so it is not done. But the stupid non standard vsftpd session resume failure message is not on that list.

And Filezilla is not getting the session resume error anyway, because he uses GnuTLS, like you are now doing too.

@DeeTigIT DeeTigIT mentioned this issue Apr 12, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
FluentFTP.GnuTLS SSL Session Resume Collection: SSL Session Resume issues vsftpd-server
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jack7leven @FanDjango