Recent

Author Topic: How to solve this synapse ftp(s) error? [SOLVED]  (Read 1083 times)

Hartmut

  • Hero Member
  • *****
  • Posts: 550
How to solve this synapse ftp(s) error? [SOLVED]
« on: August 10, 2022, 06:03:56 pm »
EDIT: I changed sftp to ftps because sftp was wrong. Sorry.

I want to use synapse version 40 for ftps. During Login I get the error:
 - "140A90C4:SSL routines:func(169):reason(196)" with library "libssl-dev" ver 1.1.1-1ubuntu2.1~1 or
 - "140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol" with library "libssl1.0-dev" ver 1.0.2n-1ubuntu5.10

I'm on Linux Ubuntu 18.04 LTS 64-bit with FPC 3.2.0.

Code: Pascal  [Select][+][-]
  1. var FTX: TFTPSend
  2.     ok: boolean;
  3.  
  4. FTX:=TFTPSend.Create;
  5. FTX.TargetHost:=...
  6. FTX.TargetPort:=...
  7. FTX.Username:=...
  8. FTX.Password:=...
  9. FTX.FullSSL:=true;
  10. ok:=FTX.Login;
  11. writeln('SSLImplementation=', SSLImplementation = TSSLOpenSSL); // => TRUE

Unit 'ssl_openssl' is in the uses clause of the main program.

In Unit 'ssl_openssl' is written: "You need OpenSSL libraries version 0.9.7."
Do I have the wrong version? How to install the correct one? My packet manager Synaptic shows only version "1.1.1-1ubuntu2.1~1". I don't know how to install another one.

Here are informations about the libraries I'm aware of:

Code: Text  [Select][+][-]
  1. hg6@i3300:/usr/lib/x86_64-linux-gnu/ruby/2.5.0$ ls -l openssl*
  2. -rw-r--r-- 1 root root 350120 Mai 24 16:47 openssl.so
  3.  
  4. hg6@i3300:/usr/lib/x86_64-linux-gnu$ ls -l libssl*
  5. -rw-r--r-- 1 root root 328128 Jul  6 13:25 libssl3.so
  6. -rw-r--r-- 1 root root 995650 Jul  4 13:25 libssl.a
  7. lrwxrwxrwx 1 root root     13 Jul  4 13:25 libssl.so -> libssl.so.1.1
  8. -rw-r--r-- 1 root root 424664 Jun 20 19:34 libssl.so.1.0.0
  9. -rw-r--r-- 1 root root 577312 Jul  4 13:25 libssl.so.1.1
  10.  
  11. hg6@i3300:/usr/lib/x86_64-linux-gnu$ ls -l libcrypto*
  12. -rw-r--r-- 1 root root 5413392 Jul  4 13:25 libcrypto.a
  13. lrwxrwxrwx 1 root root      16 Jun 27  2017 libcryptopp.so.6 -> libcrypto++.so.6
  14. lrwxrwxrwx 1 root root      16 Jul  4 13:25 libcrypto.so -> libcrypto.so.1.1
  15. -rw-r--r-- 1 root root 2361984 Jun 20 19:34 libcrypto.so.1.0.0
  16. -rw-r--r-- 1 root root 2917216 Jul  4 13:25 libcrypto.so.1.1
  17. lrwxrwxrwx 1 root root      20 Jun 27  2017 libcrypto++.so.6 -> libcrypto++.so.6.0.0
  18. -rw-r--r-- 1 root root 3634520 Jun 27  2017 libcrypto++.so.6.0.0

Thanks a lot for your help in advance.
« Last Edit: August 12, 2022, 05:49:29 pm by Hartmut »

rvk

  • Hero Member
  • *****
  • Posts: 4948
Re: How to solve this synapse sftp error?
« Reply #1 on: August 10, 2022, 06:43:51 pm »
See my post here:
https://forum.lazarus.freepascal.org/index.php/topic,60230.msg449953.html#msg449953

Do you want SFTP or FTPS (which are very different from each other).

What you are trying to do is FTPS.
Are you really trying to connect to a FTPS server (or are you trying to connect to a SFTP server)?

Hartmut

  • Hero Member
  • *****
  • Posts: 550
Re: How to solve this synapse sftp error?
« Reply #2 on: August 10, 2022, 07:22:32 pm »
I was not aware of this difference. The server I want to use was set up by a friend who is not a great expert (like me). I must ask him, whether he implemented sftp or ftps, but currently I cannot get him. I will write the answer when I have them.

Hartmut

  • Hero Member
  • *****
  • Posts: 550
Re: How to solve this synapse ftps error?
« Reply #3 on: August 11, 2022, 10:16:28 am »
Now I got the information that the FTP-Server offers:
 - ftp and ftps on port 45032
 - and sftp on port 45034.

What I try is ftps on port 45032. With the code I showed in the 1. Topic I get the error messages showed there too. Sorry for confusion.

rvk

  • Hero Member
  • *****
  • Posts: 4948
Re: How to solve this synapse ftps error?
« Reply #4 on: August 11, 2022, 10:49:32 am »
I'm not sure what version 40 is but it might not support openssl 1.1.1

Synapse trunk however has a ssl_openssl11 which should support it.

So if your synapse 40 doesn't contain ssl_openssl11 you may want to try trunk.
https://sourceforge.net/p/synalist/code/HEAD/tree/trunk/

If it does contain ssl_openssl11, use that instead of ssl_openssl in your uses.

Edit: and for openssl 3 you'll need ssl_openssl3.

« Last Edit: August 11, 2022, 10:57:41 am by rvk »

Hartmut

  • Hero Member
  • *****
  • Posts: 550
Re: How to solve this synapse ftps error?
« Reply #5 on: August 11, 2022, 12:38:51 pm »
Thank you rvk for that informations. I downloaded and tested trunk (r266). But this still does not work:

1) With Unit 'ssl_openssl11' I get Error "1408F10B:SSL routines:ssl3_get_record:wrong version number" at Login.
Command "writeln('SSLImplementation=', SSLImplementation = TSSLOpenSSL)" still shows TRUE.

2) With Unit 'ssl_openssl3' I get again Error "SSL/TLS support is not compiled!" at Login.
Command "writeln('SSLImplementation=', SSLImplementation = TSSLOpenSSL3)" now shows FALSE.

Does this mean, one of my libraries is bad or missing? Which one?
The only openssl library which I found is:

Code: Text  [Select][+][-]
  1. hg6@i3300:/usr/lib/x86_64-linux-gnu/ruby/2.5.0$ ls -l openssl*
  2. -rw-r--r-- 1 root root 350120 May 24 2022 16:47 openssl.so

Please pay attention to it's directory ".../ruby/2.5.0" which looks strange to me.

Packet Manager Synaptic says that I have openssl ver 1.1.1-1ubuntu2.1~1 installed and does NOT offer another version to install (nothing which starts with "openssl").

rvk

  • Hero Member
  • *****
  • Posts: 4948
Re: How to solve this synapse ftps error?
« Reply #6 on: August 11, 2022, 02:37:45 pm »
ssl_openssl3 is only for OpenSSL 3. I only mentioned it so for future reference when upgrading you'll might need to change it again.

openssl.so isn't used.
Only libssl.so.1.1 and libcrypto.so.1.1 are used in ssl_openssl11 (which uses ssl_openssl11_lib where they are loaed).

Both these files are in /usr/lib/x86_64-linux-gnu so that should be correct.

You could try implicit TLS (but when failing that might connect you to plain FTP)
Code: Pascal  [Select][+][-]
  1. //FTX.FullSSL:=true;       // Explicit
  2. FTX.AutoTLS := true;     // implicit

- ftp and ftps on port 45032
FTP and FTPS are both on the same port. So you could put in some OnStatus event to read out what the communication with the server is exactly.

I take it you already tried plain FTP and it worked?

sstvmaster

  • Sr. Member
  • ****
  • Posts: 292
Re: How to solve this synapse ftps error?
« Reply #7 on: August 11, 2022, 02:54:17 pm »
Here is the actual synapse trunk version: https://sourceforge.net/p/synalist/code/HEAD/tree/trunk/

It should support openssl: 1.0, 1.1 and 3.0 also tls 1, 1.1, 1.2, 1.3.
greetings Maik

Windows 10,
- Lazarus 2.2.4 (stable) + fpc 3.2.2 (stable)
- Lazarus 2.2.5 (fixes) + fpc 3.3.1 (main/trunk)

rvk

  • Hero Member
  • *****
  • Posts: 4948
Re: How to solve this synapse ftps error?
« Reply #8 on: August 11, 2022, 03:01:32 pm »
Here is the actual synapse trunk version: https://sourceforge.net/p/synalist/code/HEAD/tree/trunk/

It should support openssl: 1.0, 1.1 and 3.0 also tls 1, 1.1, 1.2, 1.3.
Already mentioned and tried.

Thank you rvk for that informations. I downloaded and tested trunk (r266). But this still does not work:

Hartmut

  • Hero Member
  • *****
  • Posts: 550
Re: How to solve this synapse ftps error?
« Reply #9 on: August 11, 2022, 03:53:08 pm »
Thank you very much again rvk (and sstvmaster) for your help.

When setting 'FTX.AutoTLS:=true' (instead of 'FTX.FullSSL') I can login without any problems, but I can't upload or download files, because this always results to error "110=Connection timed out" after 130 seconds.

This is exactly the same behaviour, as when I don't use 'FTX.FullSSL' and 'FTX.AutoTLS' which means normal FTP. The only reason, why I'm trying FTPS is to see, if (if it would work) I get with FTPS the same 130 seconds timeout as with FTP or not.

So my real goal is FTP, not FTPS. FTPS is only a test which I wanted to try. If you want, we can pause the FTPS problem and switch to the FTP problem.

To check if the FTP/FTPS server is working correctly I tested this with TotalCommander (a wellknown filemanger which supports FTP and FTPS) and FileZilla. Both can login and upload and download without any problems both for FTP and FTPS on port 45032.

EDIT:
I tested plain FTP with my code on a Windows computer and it works. No 130 seconds timeout. So it must be a Linux problem or a problem on my Linux computer.
« Last Edit: August 11, 2022, 03:57:33 pm by Hartmut »

Zvoni

  • Hero Member
  • *****
  • Posts: 1339
Re: How to solve this synapse ftps error?
« Reply #10 on: August 11, 2022, 04:08:24 pm »
I remember setting up a FTPS-Server on a FreeBSD-Box, and everytime i tried to connect to it, i got a connect, and then the server aborted the connection.
The Solution/Problem was: On the Server, the TLS-Module wasn't loaded!

Have you checked if this FTPS-Server has the TLS-module loaded? Are the Keys/Certs correctly created and pointed to in the FTPS-config?
At the time i was playing around with FreeBSD, i used ProFTPd, and i missed in its config, that "<IfModule mod_tls.c>" was MISSING!

btw: Have you tried to connect with FileZilla to this FTPS-Server?
« Last Edit: August 11, 2022, 04:09:57 pm by Zvoni »
One System to rule them all, One Code to find them,
One IDE to bring them all, and to the Framework bind them,
in the Land of Redmond, where the Windows lie
---------------------------------------------------------------------
Code is like a joke: If you have to explain it, it's bad

rvk

  • Hero Member
  • *****
  • Posts: 4948
Re: How to solve this synapse ftps error?
« Reply #11 on: August 11, 2022, 04:59:20 pm »
So my real goal is FTP, not FTPS. FTPS is only a test which I wanted to try. If you want, we can pause the FTPS problem and switch to the FTP problem.
Ok. If FTP doesn't even work we can forget about FTPS.

Did you try flipping FTX.PassiveMode.
(I think default is true so see if setting it to false helps)

Hartmut

  • Hero Member
  • *****
  • Posts: 550
Re: How to solve this synapse ftps error?
« Reply #12 on: August 11, 2022, 05:18:35 pm »
Have you checked if this FTPS-Server has the TLS-module loaded? Are the Keys/Certs correctly created and pointed to in the FTPS-config?

Thank you Zvoni for trying to help me. The friend, who has configured the server, says yes (but he is not an expert for this - like me).

Quote
btw: Have you tried to connect with FileZilla to this FTPS-Server?

Yes, as I wrote in reply #9. I added a screenshot of the certificate shown by FileZilla (there is a chain of 4 certificates and the screenshot shows the 1st).

Zvoni

  • Hero Member
  • *****
  • Posts: 1339
Re: How to solve this synapse ftps error?
« Reply #13 on: August 11, 2022, 05:41:51 pm »
And you did see, that the server uses TLS 1.2 ?

And i do hope, those Valid from/to dates in the screenshot is american notation
« Last Edit: August 11, 2022, 05:43:31 pm by Zvoni »
One System to rule them all, One Code to find them,
One IDE to bring them all, and to the Framework bind them,
in the Land of Redmond, where the Windows lie
---------------------------------------------------------------------
Code is like a joke: If you have to explain it, it's bad

Hartmut

  • Hero Member
  • *****
  • Posts: 550
Re: How to solve this synapse ftps error?
« Reply #14 on: August 11, 2022, 05:58:03 pm »
Ok. If FTP doesn't even work we can forget about FTPS.
Please keep in mind that FTP *can* connect to the server without problems. "Only" upload and download hangs in a 130 sec timeout. FTPS cannot even connect and results an error message.

Quote
Did you try flipping FTX.PassiveMode.
The default is True. After setting it to False the Login succeeds, but upload and download fail after 40 millisec. But in this case both 'FTX.Sock.LastError' and 'FTX.DSock.LastError' are zero :-((



And you did see, that the server uses TLS 1.2 ?
I saw this but I'm a beginner to that stuff so this does not tell me something. Is this a / the problem?

Quote
And i do hope, those Valid from/to dates in the screenshot is american notation
Yes, I checked this from another certificate in the chain which is valid until "09/30/2024".

 

TinyPortal © 2005-2018