Bug 176315

Summary: lftp has ssl problems with proftpd, older and newer lftp works
Product: [Fedora] Fedora Reporter: Jani Ollikainen <bestis+rh>
Component: lftpAssignee: Maros Barabas <mbarabas>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: FC5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-09-22 02:16:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jani Ollikainen 2005-12-21 10:40:21 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
When I use lftp to take ssl-ftp connection with one proftpd site it gives error
doing ls:

<nothing related>
drwxr-x---  28 ftpuser    ftpuser        4096 Dec 19 09:58 .
**** gnutls_record_recv: A TLS packet with unexpected length was received.
---> ABOR
---- Closing aborted data socket
---- Closing control socket
ls: Fatal error: gnutls_record_recv: A TLS packet with unexpected length was received.

Tried newest 3.3.5 from source and compiled it. It works.
Tested 3.0.6 from rhel4 machine. It works.

So it seems that lftp 3.2. is the problem..


Version-Release number of selected component (if applicable):
lftp-3.2.1-4_FC4

How reproducible:
Always

Steps to Reproduce:
1. Open proftpd ssl ftp site
2. Do ls
3.
  

Actual Results:  Got error saying:
ls: Fatal error: gnutls_record_recv: A TLS packet with unexpected length was received.

Expected Results:  I should have got the directory listing.

Additional info:

Comment 1 Jani Ollikainen 2005-12-21 11:03:31 UTC
It seems that the problem lies if lftp uses gnutls or openssl.
OpenSSL works and GNUtls doesn't..

Tested source 3.2.1 and compiled with both libs:
Gnutls: error
Openssl: works.

lftp --version:
FC4:
Libraries used: Readline 5.0
3.2.1 compiled from source:
Libraries used: Readline 5.0, Expat 1.95.8, GnuTLS 1.0.25
3.2.1 compiled from source (./configure --with-openssl):
Libraries used: Readline 5.0, Expat 1.95.8, OpenSSL 0.9.7f 22 Mar 2005

From proftpd logs i heard that those choose different ciphers, so i cannot
really know if this is a bug in proftpd or lftp. 


Comment 2 Jani Ollikainen 2005-12-21 11:21:23 UTC
Some more still..

Tested 3.3.5 with openssl/gnutls. Same versions as above with gnutls and openssl.
OpenSSL works nicely. GNUtls works kinda but not still nicely.
GNUtls can print dir listing but it comes VERY SLOWLY and when the last
directory is listed it just hangs. Ctrl-c prints Interrupt and then i can do ls
again, but same thing happens..

This test would make me to blame lftp more than gnutls/proftpd...



Comment 3 Jason Vas Dias 2005-12-21 20:28:43 UTC
Thanks for pointing this out.

The .spec file had always been using the configure argument '--with-ssl', which
does not seem to be supported by lftp anymore (yet configure did not complain ); 
even though the .spec file also added the includes and library path for openssl,
configure disabled openssl support by default and used gnutls .

lftp.spec now uses '--with-openssl=/usr' and the gnutls libs Requires have
disappeared , in lftp-3.3.5-4 (FC5) and lftp-3.2.1-10 (FC4) .



Comment 4 Fedora Update System 2005-12-21 21:09:35 UTC
From User-Agent: XML-RPC

lftp-3.2.1-10_FC4 has been pushed for FC4, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Comment 5 Fedora Update System 2006-01-09 18:58:56 UTC
From User-Agent: XML-RPC

lftp-3.2.1-10_FC4 has been pushed for FC4, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Comment 6 Bill Nottingham 2006-09-22 02:16:26 UTC
Closing bugs in MODIFIED state from prior Fedora releases. If this bug persists
in a current Fedora release (such as Fedora Core 5 or later), please reopen and
set the version appropriately.