headers
Dr. Peter Voigt | 1 Jul 2010 16:31
Picon

Re: [Proftpd-user] proftpd hanging


I have been following this thread with increasing interest for some
time because it describes a similar behavior with my ProFTPD
installation.

I am currently using ProFTPD 1.3.3 on a openSUSE 11.0 x64_64 system. I
have built ProFTPD from source against OpenSSL 0.9.8n.

In a reproducible manner ProFTPD hangs with SSL/TLS connections.
Hanging means, that a successfully connected client cannot list files,
upload or download. Only a regular disconnect is possible. Any list or
change directory command results in a "550 ~/pub: No such file or
directory" error message.

Interesting is the observation that the log files do not show any
errors until a disconnect is issued:

...
Jul 01 16:09:06 tiger2008 proftpd[19282] localhost (tiger2008.pvoigt-wan.de[192.168.0.96]):
dispatching CMD command 'QUIT' to mod_core
Jul 01 16:09:06 tiger2008 proftpd[19282] localhost (tiger2008.pvoigt-wan.de[192.168.0.96]):
dispatching LOG_CMD command 'QUIT' to mod_log
Jul 01 16:09:06 tiger2008 proftpd[19282] localhost (tiger2008.pvoigt-wan.de[192.168.0.96]):
dispatching LOG_CMD command 'QUIT' to mod_core
Jul 01 16:09:06 tiger2008 proftpd[19282] localhost (tiger2008.pvoigt-wan.de[192.168.0.96]):
mod_tls/2.4.1: unexpected OpenSSL error, disconnecting
Jul 01 16:09:06 tiger2008 proftpd[19282] localhost (tiger2008.pvoigt-wan.de[192.168.0.96]):
mod_tls/2.4.1: SSL_shutdown syscall error: No such file or directory
Jul 01 16:09:06 tiger2008 proftpd[19282] localhost (tiger2008.pvoigt-wan.de[192.168.0.96]): FTP
session closed.
(Continue reading)

Permalink | Reply | 5 comments |
headers
TJ Saunders | 1 Jul 2010 17:01

Re: [Proftpd-user] proftpd hanging


> I am currently using ProFTPD 1.3.3 on a openSUSE 11.0 x64_64 system. I
> have built ProFTPD from source against OpenSSL 0.9.8n.

Hmm.  It's possible that this is related to:

  http://bugs.proftpd.org/show_bug.cgi?id=3419

due to changes in the semantics of SSL_shutdown() in OpenSSL.

Cheers,
TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   Reach high, for stars lie hidden in your soul.
   Dream deep, for every dream precedes the goal.

   	-Ralph Vaull Starr

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
(Continue reading)

Permalink | Reply | 4 comments |
headers
TJ Saunders | 1 Jul 2010 17:37

[Proftpd-user] ProFTPD 1.3.3a released!


Hello, ProFTPD community. The ProFTPD Project team is pleased to announce
that the first maintenance release for ProFTPD 1.3.3 is now available for
public consumption.

You can download 1.3.3a, including PGP signatures and MD5 sums, from any
of the proftpd mirrors.  Mirrors are available via FTP as:

  ftp.<two_letter_iso_country_code>.proftpd.org

(example: ftp.nl.proftpd.org).  Not all countries have mirrors; however
you should select one that is geographically close to you.

Alternatively, you can download proftpd from the main site:

  ftp://ftp.proftpd.org/distrib/source

RPMs, once available, will be placed here:

  ftp://ftp.proftpd.org/distrib/packages/RPMS

The 1.3.3a release is a maintenance release, containing backported fixes
for issues found in the 1.3.3 release.

Please read the included NEWS and ChangeLog files for the full details.

The MD5 sums for the source tarballs are:

  55ae8b32c9f5c00340188b7094c36ffc  proftpd-1.3.3a.tar.bz2
  841205173526af20c120208d4ae9446d  proftpd-1.3.3a.tar.gz
(Continue reading)

Permalink | Reply | 0 comments |
headers
Dr. Peter Voigt | 2 Jul 2010 01:00
Picon

Re: [Proftpd-user] proftpd hanging

TJ, you're probably right - thanks for the corresponding bug
URL.

However, the error log is more or less a side problem. My main problem
is that there are no SSL/TLS connections possible any more with
mod_tls.

The new release 1.3.3a has been published today and the release notes
promise a fix of SSL_shutdown() errors. If your assumption is right,
my mod_tls related problems could be fixed as well. Immediately, I
build ProFTPD 1.3.3a against OpenSSL 0.9.8n. My test results are
a bit suprising:

- The SSL_shutdown() errors do still appear in the log files. The
  "TLSOptions EnableDiags" just gives some more information.

- mod_tls connections are possible again, ProFTPD is not hanging
  anymore.

I am happy to have back a working mod_tls enabled ProFTPD of
the latest release. Nevertheless, I would like to know, if I should
give an OpenSSL update a try. Latest sub 1.0.x version is 0.9.8o,
version 1.0.x still needs some time to become more stable.

By the way: ProFTPD 1.3.2e produces the same SSL_shutdown() log
errors as 1.3.3 and 1.3.3a do. My tests reveal the following mod_tls
versions:

ProFTPD    mod_tls
------------------
(Continue reading)

Permalink | Reply | 3 comments |
headers
TJ Saunders | 2 Jul 2010 01:37

Re: [Proftpd-user] proftpd hanging


> However, the error log is more or less a side problem. My main problem
> is that there are no SSL/TLS connections possible any more with
> mod_tls.
> 
> The new release 1.3.3a has been published today and the release notes
> promise a fix of SSL_shutdown() errors. If your assumption is right,
> my mod_tls related problems could be fixed as well. Immediately, I
> build ProFTPD 1.3.3a against OpenSSL 0.9.8n. My test results are
> a bit suprising:
> 
> - The SSL_shutdown() errors do still appear in the log files. The
>   "TLSOptions EnableDiags" just gives some more information.

Could you provide that additional EnableDiags information?  Since I'm not 
able to reproduce the behavior locally, I'm totally dependent on people 
experiencing the issue for data.

The patch for Bug#3419 would still produce the same TLSLog entries; the   
functional change is that for SSL_shutdown() return value, mod_tls no
longer considers it a fatal error and closes the session.  Instead,
mod_tls just logs the case, and moves on with its business.

> - mod_tls connections are possible again, ProFTPD is not hanging 
>   anymore.

That's certainly good news.

> I am happy to have back a working mod_tls enabled ProFTPD of
> the latest release. Nevertheless, I would like to know, if I should
(Continue reading)

Permalink | Reply | 2 comments |
headers
Ryan Tang | 2 Jul 2010 01:51
Favicon

Re: [Proftpd-user] proftpd hanging

Hi Peter,

The connection you draw between these errors and proftpd hanging isn't
readily apparent to me.

Can you provide more details on how you've been able to trigger proftpd
to hang with SSL/TLS connections?

Thanks,
Ryan

-----Original Message-----
From: Dr. Peter Voigt [mailto:pvoigt <at> uos.de] 
Sent: Thursday, July 01, 2010 4:00 PM
To: proftp-user <at> lists.sourceforge.net
Subject: Re: [Proftpd-user] proftpd hanging

TJ, you're probably right - thanks for the corresponding bug
URL.

However, the error log is more or less a side problem. My main problem
is that there are no SSL/TLS connections possible any more with
mod_tls.

The new release 1.3.3a has been published today and the release notes
promise a fix of SSL_shutdown() errors. If your assumption is right,
my mod_tls related problems could be fixed as well. Immediately, I
build ProFTPD 1.3.3a against OpenSSL 0.9.8n. My test results are
a bit suprising:
(Continue reading)

Permalink | Reply | 1 comment |
headers
Dr. Peter Voigt | 3 Jul 2010 12:18
Picon

Re: [Proftpd-user] proftpd hanging

TJ Saunders <tj <at> castaglia.org> writes:

>> However, the error log is more or less a side problem. My main problem
>> is that there are no SSL/TLS connections possible any more with
>> mod_tls.
>> 
>> The new release 1.3.3a has been published today and the release notes
>> promise a fix of SSL_shutdown() errors. If your assumption is right,
>> my mod_tls related problems could be fixed as well. Immediately, I
>> build ProFTPD 1.3.3a against OpenSSL 0.9.8n. My test results are
>> a bit suprising:
>> 
>> - The SSL_shutdown() errors do still appear in the log files. The
>>   "TLSOptions EnableDiags" just gives some more information.
>
> Could you provide that additional EnableDiags information?  Since I'm not 
> able to reproduce the behavior locally, I'm totally dependent on people 
> experiencing the issue for data.
>
> The patch for Bug#3419 would still produce the same TLSLog entries; the   
> functional change is that for SSL_shutdown() return value, mod_tls no
> longer considers it a fatal error and closes the session.  Instead,
> mod_tls just logs the case, and moves on with its business.
>

The slightly more detailed SSL_shutdown() error log message is:

Jul 03 11:37:13 mod_tls/2.4.1[8428]: [msg] sent TLSv1 warning 'close_notify' Alert message (2 bytes)
Jul 03 11:37:13 mod_tls/2.4.1[8428]: [info] writing: SSL/TLS alert warning: close notify
Jul 03 11:37:14 mod_tls/2.4.1[8428]: panic: SSL_ERROR_SYSCALL, line 4574: Broken pipe
(Continue reading)

Permalink | Reply | 0 comments |
headers
Dr. Peter Voigt | 3 Jul 2010 12:54
Picon

Re: [Proftpd-user] proftpd hanging

"Ryan Tang" <rtang <at> completegenomics.com> writes:

> Hi Peter,
>
> The connection you draw between these errors and proftpd hanging isn't
> readily apparent to me.
>
> Can you provide more details on how you've been able to trigger proftpd
> to hang with SSL/TLS connections?
>
> Thanks,
> Ryan

Hi Ryan,

I've done some more detailed tests with two different FTP clients lftp
4.0.9 and FileZilla 3.3.3 and ProFTPD 1.3.3 with SSL/TLS (mod_tls). 

It turns out that both clients behave differently.

FileZilla:
----------
After a successfull login an error appears after changing into some
different directories "Failed to retrieve directory
listing" appears on the client side. The correspondig tls log entry
is:

Jul 03 12:29:06 mod_tls/2.4.1[8888]: unable to accept TLS connection: system call error: [104]
Connection reset by peer
Jul 03 12:29:06 mod_tls/2.4.1[8888]: unable to open data connection: TLS negotiation failed
(Continue reading)

Permalink | Reply | 0 comments |
headers
刘知言 | 9 Jul 2010 10:54
Picon

[Proftpd-user] help! about mod_cap/1.0: setreuid: Operation not permitte

Hi, all:

I use 1.3.3a (and tried 1.3.3) on RHEL 5.3 x86_64 os, when I use sftp
client to connect proftd sftp server, I got this error:
=======================
FTP session opened.
Preparing to chroot to directory '/home/home_sftp/testuser'
USER testuser: Login successful
mod_cap/1.0: setreuid: Operation not permitte
SSH2 session closed.
=======================

and client sftp socket reset by peer.

the proftp config is:
=======================
ServerName			"TEST SFTP Server"
ServerType			standalone
DefaultServer		on
Port				21
UseIPv6				off
Umask				022
MaxInstances		30
User				nobody
Group				nobody
DefaultRoot 		/home/test_sftp
AllowOverwrite		on
<Limit SITE_CHMOD>
	DenyAll
</Limit>
(Continue reading)

Permalink | Reply | 1 comment |
headers
rashmi.swaroop | 12 Jul 2010 15:05

[Proftpd-user] proftpd.syslog file is growing how to stop it

Hi All,

 

On the system somebody has enabled proftpd debugging. How to check what is the log level it is enabled?

 

In proftpd.conf I have SystemLog  /var/log/proftpd.syslog. but by default it will not be written. To write to it I use proftpd –d9. How to disable it.

Now I commented “SystemLog  /var/log/proftpd.syslog” in proftpd.conf. Please let me know the solution.

 

Regards,

Rashmi Swaroop

 

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Permalink | Reply | 0 comments |

Gmane