Article delegate-en/1411 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A1409@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Howto? SSL FTP Tunneling
14 Nov 2001 17:18:48 GMT feedback@delegate.org (Yutaka Sato)


Hi,

On 11/15/01(01:47) you "Bryan Dees" <ppqcqbdyi-rcwevef6oulr.ml@ml.delegate.org> wrote
in <_A1409@delegate-en.ML_>
 |My FTP server 'goahp85.airborne.com:10021' uses AUTH TLS
 |negotiation.

I see.

 |I added your suggestions to the following command:
 |
 |   delegated -v -P10021 \
 |   SERVER=ftp://goahp85.airborne.com:10021  \
 |   CMAP="lib/sslway -st:FSV:ftp-data" \
 |   CMAP="lib/sslway -st:FCL:ftp"

Is your command literally as above?  I cannot understand your
intention to specify FSV only to ftp-data connection while
specifying FCL only to ftp control connection.

 |The error: "SSL23_GET_SERVER_HELLO:unknown" went away. And I 
 |can now establish a connection, but i'm having troubles with
 |ftp-data I think. The following is an excerpt from my

Since SSL session for ftp-data starts immediately without negotiation,
"-st" is not necessary.  This is why "CMAP" is used, to specify
"sslway -st" for ftp control connection while specifying "sslway"
without -st for ftp-data connection.

 |Or if the FTP server starts in normal non-SSL status and starts SSL
 |on demand with "AUTH TLS" negotiation (RFC2228), you must specify
 |"-st" option as FSV="sslway -st".  If this works, then you should
 |use CMAP="sslway:FSV:ftp-data" for ftp-data connection.

So I think what is neccessary for relaying from FTP/SSL client to
FTP/SSL server via FTP-DeleGate is like this:

CMAP="sslway -st:FCL:ftp" CMAP=sslway:FCL:ftp-data
CMAP="sslway -st:FSV:ftp" CMAP=sslway:FSV:ftp-data

which is a little extended from the example in 
<URL:http://www.delegate.org/delegate/ssl/>
> delegated CMAP=sslway:FCL:ftp-data CMAP="sslway -st:FCL:ftp" SERVER=ftp 

Cheers,
Yutaka
--
  @ @ Yutaka Sato <y.sato@delegate.org> http://www.delegate.org/y.sato/
 ( - ) National Institute of Advanced Industrial Science and Technology (AIST)
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V