Archived Forum Post
Index of archived forum posts
Question:
Archived Forum PostQuestion:
Hello,
I am trying to establish connection to an FTP server. The vendor has provided me data connection:
I've tried several ways and the only to get a response from the server is:
ftp.Passive = 0
ftp.Hostname = "xxxx.xxxx.es"
ftp.Username = "xxxx"
ftp.Password = "xxxx"
ftp.AuthTls = 1
ftp.Ssl = 0
With FTP client, for example Filezilla, I can connect without problems, but if i use ftp2 component for asp (activex) i have errors:
converting to secure connection...
authTls:
sendCommand:
sendingCommand: AUTH TLS
--sendCommand
readCommandResponse:
replyLineQP: 500 AUTH not understood
commandResponse: 500 AUTH not understood
statusCode: 500
--readCommandResponse
--authTls
Failed to connect to FTP server.
Failed.
Thank you.
Maybe the FTP server administrator configured his server in a very unusual way. Port 990 should typically be for implicit SSL/TLS. Maybe he configured it for explicit SSL/TLS. Try this:
ftp.AutoFix = 0 ftp.AuthTls=1 ftp.Ssl = 0 ftp.port=990 ftp.passive=1
When AutoFix is turned off, Chilkat will not correct typical mistakes. One typical mistake is when port 990 is used with AUTH TLS -- because usually port 990 is for implicit SSL/TLS.
The vendor gave you instructions that would cause confusion.
In protocols that can use SSL/TLS such as FTP, SMTP, POP3, etc., there are two modes of establishing the SSL/TLS secure channel: implicit and explicit.
The implicit mode implies a pre-agreed port number such that immediately upon establishing the TCP socket connection, the SSL/TLS handshake occurs to make it a secure channel. The pre-agreed port number for FTP is typically 990.
The explicit mode is to first connect to the normal unencrypted port (21 for FTP) and then establish the SSL/TLS secure channel via a command in the protocol that initiates the SSL/TLS handshake.
The ftp.Ssl property controls whether or not you want implicit SSL/TLS.
The ftp.AuthTls property controls whether or not you want explicit SSL/TLS.
You can have one or the other, but not both.
What you really want, to follow the vendor's instructions, is to set the ftp.Port = 990, set ftp.Ssl = 1, and set ftp.AuthTls = 0.
The provider has provided me with more information and has given me a .pem certificate does not need key. How I can do to implement it?
I use this code example:
http://www.example-code.com/asp/ftp_secureWithClientCert.asp
I change data for user login/ftp and this:
success = certStore.LoadPfxFile("C:*****certserver.pem","")
The error is:
ChilkatLog: LoadPfxFile: DllDate: Jan 21 2015 ChilkatVersion: 9.5.0.47 UnlockPrefix: Anything for 30-day trial Username: **** Architecture: Little Endian; 32-bit Language: ActiveX VerboseLogging: 0 pfxPath: ***** importPfxData: pkcs12FromDb: loadPkcs12Inner: verifyHmacIntegrity: DecodeToAsn: premature end of BER encoding (F2) length: 45 numBytesLeft: 43 --DecodeToAsn PFX does not have MacData for integrity verification. --verifyHmacIntegrity der_to_xml: ASN data length exceeds remaining number of bytes available. tag: 13 idClass: 0 bConstructed: 1 headerLen: 2 dataLen: 45 inlen: 43 Abort ASN.1 processing... recursiveDepth: 1 --der_to_xml Failed to get authenticated safe. --loadPkcs12Inner --pkcs12FromDb --importPfxData Failed. --LoadPfxFile --ChilkatLog ChilkatLog: Connect_Ftp2: DllDate: Jan 21 2015 ChilkatVersion: 9.5.0.47 UnlockPrefix: Anything for 30-day trial Username: *** Architecture: Little Endian; 32-bit Language: ActiveX VerboseLogging: 0 ProgressMonitoring: enabled: yes heartbeatMs: 0 sendBufferSize: 65536 --ProgressMonitoring ImplicitSsl: 0 AuthTls: 1 AuthSsl: 0 Hostname: *** Port: 21 IdleTimeoutMs: 60000 ConnectTimeout: 60 socketOptions: SO_SNDBUF: 65536 SO_RCVBUF: 65536 TCP_NODELAY: 1 --socketOptions readCommandResponse: replyLineQP: 220 ProFTPD 1.3.4a Server (*) [] commandResponse: 220 ProFTPD 1.3.4a Server (**) [] statusCode: 220 --readCommandResponse initialStatus: 220 initialResponse: 220 ProFTPD 1.3.4a Server (*) [*] converting to secure connection... authTls: sendCommand: sendingCommand: AUTH TLS --sendCommand readCommandResponse: replyLineQP: 500 AUTH not understood commandResponse: 500 AUTH not understood statusCode: 500 --readCommandResponse --authTls Failed to connect to FTP server. Failed. --Connect_Ftp2 --ChilkatLog
You have a PEM file (certserver.pem), not a PFX file. Therefore, call LoadPemFile, not LoadPfxFile.
Also, please make sure your LastErrorText's are formatted in a readable manner. Use "pre" HTML tags to maintain line-endings.
OK,now i can load de .pem certificate but got last error on send auth tls
My code is:
ftp.Passive=0
ftp.Port = 21
ftp.Hostname = "preftp.tirea.es"
ftp.Username = "****"
ftp.Password = "****"
ftp.AuthTls = 1
ftp.Ssl = 0
set cert = Server.CreateObject("Chilkat_9_5_0.Cert")
success = cert.LoadFromFile("C:xxxxxxxxxxxxxxxx.pem")
Response.Write Server.HTMLEncode( cert.LastErrorText) & ""
ftp.SetSslClientCert cert
Response.Write Server.HTMLEncode( ftp.LastErrorText) & ""
success = ftp.Connect()
Response.Write Server.HTMLEncode( ftp.LastErrorText)
ftp.Disconnect
%>
And result is:
[OK1]ChilkatLog:
UnlockComponent:
DllDate: Jan 21 2015
ChilkatVersion: 9.5.0.47
UnlockPrefix: NONE
Username: xxxxxxxxxx
Architecture: Little Endian; 32-bit
Language: ActiveX
VerboseLogging: 0
component: Ftp2
unlockCode: xxxxxxxxxxxxxxxxxxxx
regKeyUnlock:
Component successfully unlocked using purchased unlock code.
--regKeyUnlock
Success.
--UnlockComponent
--ChilkatLog
[OK2]ChilkatLog:
LoadFromFile:
DllDate: Jan 21 2015
ChilkatVersion: 9.5.0.47
UnlockPrefix: xxxxxxxxxxxxxxxxxx
Username: xxxxxxxxxxxxx
Architecture: Little Endian; 32-bit
Language: ActiveX
VerboseLogging: 0
path: C:xxxxxxxxxxxxxxxxxxxxxxxx.pem
createFromFile:
createFromBinary:
Found -----BEGIN CERTIFICATE-----
--createFromBinary
--createFromFile
Success.
--LoadFromFile
--ChilkatLog
[OK3]ChilkatLog:
SetSslClientCert:
DllDate: Jan 21 2015
ChilkatVersion: 9.5.0.47
UnlockPrefix: xxxxxx
Username: xxxxxxxxx
Architecture: Little Endian; 32-bit
Language: ActiveX
VerboseLogging: 0
buildSslClientCertChain:
constructCertChain:
bMustReachRoot: 0
buildCertChain:
startCertDN: C=xx, O=xxxxxx, OU=xxxxxxxx, CN=xxxxxx
Certificate chain completed to root.
--buildCertChain
completedChainToRoot: 1
numCertsInChain: 2
--constructCertChain
--buildSslClientCertChain
Success.
--SetSslClientCert
--ChilkatLog
[KO4]ChilkatLog:
Connect_Ftp2:
DllDate: Jan 21 2015
ChilkatVersion: 9.5.0.47
UnlockPrefix: xxxxxxx
Username: xxxxxxxxxxxxxxx
Architecture: Little Endian; 32-bit
Language: ActiveX
VerboseLogging: 0
ProgressMonitoring:
enabled: yes
heartbeatMs: 0
sendBufferSize: 65536
--ProgressMonitoring
ImplicitSsl: 0
AuthTls: 1
AuthSsl: 0
Hostname: xxxxxxx
Port: 21
IdleTimeoutMs: 60000
ConnectTimeout: 60
socketOptions:
SO_SNDBUF: 65536
SO_RCVBUF: 65536
TCP_NODELAY: 1
--socketOptions
readCommandResponse:
replyLineQP: 220 ProFTPD 1.3.4a Server (xxxxx) [xxx.xxx.xxx.xxx]
commandResponse: 220 ProFTPD 1.3.4a Server (xxxxxxx) [xxx.xxx.xxx.xxx]
statusCode: 220
--readCommandResponse
initialStatus: 220
initialResponse: 220 ProFTPD 1.3.4a Server (TireaPreFTP) [195.53.239.194]
converting to secure connection...
authTls:
sendCommand:
sendingCommand: AUTH TLS
--sendCommand
readCommandResponse:
replyLineQP: 500 AUTH not understood
commandResponse: 500 AUTH not understood
statusCode: 500
--readCommandResponse
--authTls
Failed to connect to FTP server.
Failed.
--Connect_Ftp2
--ChilkatLog
[KO4]Secure FTP Channel NOT Established!
Please re-read my previous response:
The vendor gave you instructions that would cause confusion.
In protocols that can use SSL/TLS such as FTP, SMTP, POP3, etc., there are two modes of establishing the SSL/TLS secure channel: implicit and explicit.
The implicit mode implies a pre-agreed port number such that immediately upon establishing the TCP socket connection, the SSL/TLS handshake occurs to make it a secure channel. The pre-agreed port number for FTP is typically 990.
The explicit mode is to first connect to the normal unencrypted port (21 for FTP) and then establish the SSL/TLS secure channel via a command in the protocol that initiates the SSL/TLS handshake.
The ftp.Ssl property controls whether or not you want implicit SSL/TLS. The ftp.AuthTls property controls whether or not you want explicit SSL/TLS. You can have one or the other, but not both.
What you really want, to follow the vendor's instructions, is to set the ftp.Port = 990, set ftp.Ssl = 1, and set ftp.AuthTls = 0.
Sorry, I read this, but not connect. Excuse me, I'm new at this.
With Filezilla Client, explicit mode over TLS, port 990,passive mode, i can connect. But in ASP code, with ftp.AuthTls=1 and ftp.Ssl = 0, ftp.port=990, ftp.passive=1, i cant connect ( i got timeout).
[KO4]ChilkatLog:
Connect_Ftp2:
DllDate: Jan 21 2015
ChilkatVersion: 9.5.0.47
UnlockPrefix: xxxxxx
Username: xxxxxx
Architecture: Little Endian; 32-bit
Language: ActiveX
VerboseLogging: 0
ProgressMonitoring:
enabled: yes
heartbeatMs: 0
sendBufferSize: 65536
--ProgressMonitoring
AutoFix: Using implicit SSL/TLS because port is 990.
To prevent auto-fix, set the AutoFix property = False/0
Using Implicit SSL
ImplicitSsl: 1
AuthTls: 0
AuthSsl: 0
Hostname: xxxxxx
Port: 990
Connecting via SSL
Protocol: 0
IdleTimeoutMs: 60000
ConnectTimeout: 60
socket2Connect:
connect2:
connectImplicitSsl:
clientHandshake:
clientHandshake2:
readHandshakeMessages:
Timeout waiting to read socket or accept connection
timeoutMs: 60000
Failed to read TLS record (2)
tlsRec_msg: 62
msgLen: 8262
--readHandshakeMessages
--clientHandshake2
--clientHandshake
Client handshake failed. (3)
--connectImplicitSsl
ConnectFailReason: 0
--connect2
--socket2Connect
ConnectFailReason: 0
Failed to connect to FTP server.
Failed.
--Connect_Ftp2
--ChilkatLog
Thank you for your patient.
Thank you, it's solved :)