All geek questions in one place

PHP curl FTPes with explicit TLS / SSL

I am trying to connect to a remote FTP with an explicit TLS / SSL server and the connection is timed out. It connects, but I do not know where it stops, but I assume that something is connected to it with the FTP / TLS / SSL control channel. Any help would be greatly appreciated.

Through FileZilla I can connect without problems, but not through curl. I probably missed something and hoped that someone here would find out the best way to recreate the session using curl. Here's the debugging output from FileZilla and sample code that I worked on in PHP / curl. Here the PHP code and below is a copy of a successful FileZilla session.

Here are the versions, but I tried them on different systems with the same results.

Curl: v7.43.0

└─(08:04:00 on master ✹)──> php -v                                          ──(Thu,Sep10)β”€β”˜
PHP 5.5.27 (cli) (built: Jul 14 2015 17:04:01)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies
    with Xdebug v2.3.3, Copyright (c) 2002-2015, by Derick Rethans

Here is the actual code.

<?php

$server_data = array(
   'transfer_id' => 123456789,
   'post_url' => "ftps://ftps.widgetsltd.com",
   'port' => 21,
   'username' => 'widgetsftp',
   'password' => 'password',
);

$filename = sprintf("%s-%s-%s.csv",
                    $server_data['transfer_id'],
                    microtime(TRUE),
                    rand(1000, 9999));

$temp_filename = sprintf("/tmp/%s", $filename);
$ftp_data = "This is a test";

$fp = fopen($temp_filename, 'w');
fprintf($fp, "%s", $ftp_data);
fclose($fp);

$fp = fopen($temp_filename, 'r');

$ch = curl_init();

curl_setopt($ch, CURLOPT_VERBOSE, TRUE);    
curl_setopt($ch, CURLOPT_URL, sprintf("%s/%s", $server_data['post_url'], $filename));
curl_setopt($ch, CURLOPT_PORT, 21);    
curl_setopt($ch, CURLOPT_USERPWD, sprintf("%s:%s", $server_data['username'], $server_data['password']));

curl_setopt($ch, CURLOPT_UPLOAD, TRUE);
curl_setopt($ch, CURLOPT_INFILE, $fp);
curl_setopt($ch, CURLOPT_INFILESIZE, filesize($temp_filename));

curl_setopt($ch, CURLOPT_USE_SSL, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0);
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'AES-128-CBC');

curl_setopt($ch, CURLOPT_FTP_SSL, CURLOPT_FTPSSLAUTH);
curl_setopt($ch, CURLOPT_FTPSSLAUTH, CURLFTPAUTH_TLS);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);

print_r(array('curl_exec' => curl_exec($ch)));
print_r(array(
           'curl_errno' => curl_errno($ch),
           'curl_error' => curl_error($ch),
        ));

This is a FileZilla session.

Status:        Resolving address of ftps.widgetsltd.com
Status:        Connecting to 123.123.123.123:21...
Status:        Connection established, waiting for welcome message...
Trace:         CFtpControlSocket::OnReceive()
Response:  220-Microsoft FTP Service
Response:  220 Widgets, LTD FTP server
Trace:         CFtpControlSocket::SendNextCommand()
Command:   AUTH TLS
Trace:         CFtpControlSocket::OnReceive()
Response:  234 AUTH command ok. Expecting TLS Negotiation.
Status:        Initializing TLS...
Trace:         CTlsSocket::Handshake()
Trace:         CTlsSocket::ContinueHandshake()
Trace:         CTlsSocket::OnSend()
Trace:         CTlsSocket::OnRead()
Trace:         CTlsSocket::ContinueHandshake()
Trace:         CTlsSocket::OnRead()
Trace:         CTlsSocket::ContinueHandshake()
Trace:         TLS Handshake successful
Trace:         Protocol: TLS1.0, Key exchange: RSA, Cipher: AES-128-CBC, MAC: SHA1
Status:        Verifying certificate...
Status:        TLS connection established.
Trace:         CFtpControlSocket::SendNextCommand()
Command:   USER s-rokfri
Trace:         CTlsSocket::OnRead()
Trace:         CFtpControlSocket::OnReceive()
Response:  331 Password required for s-rokfri.
Trace:         CFtpControlSocket::SendNextCommand()
Command:   PASS ********
Trace:         CTlsSocket::OnRead()
Trace:         CFtpControlSocket::OnReceive()
Response:  230-This service and information contained therein belong to Widgets, LTD.
Response:  230 User logged in.
Trace:         CFtpControlSocket::SendNextCommand()
Command:   OPTS UTF8 ON
Trace:         CTlsSocket::OnRead()
Trace:         CFtpControlSocket::OnReceive()
Response:  200 OPTS UTF8 command successful - UTF8 encoding now ON.
Trace:         CFtpControlSocket::SendNextCommand()
Command:   PBSZ 0
Trace:         CTlsSocket::OnRead()
Trace:         CFtpControlSocket::OnReceive()
Response:  200 PBSZ command successful.
Trace:         CFtpControlSocket::SendNextCommand()
Command:   PROT P
Trace:         CTlsSocket::OnRead()
Trace:         CFtpControlSocket::OnReceive()
Response:  200 PROT command successful.
Status:        Connected
Trace:         CFtpControlSocket::ResetOperation(0)
Trace:         CControlSocket::ResetOperation(0)
Trace:         CFileZillaEnginePrivate::ResetOperation(0)
Trace:         Measured latency of 141 ms
Status:        Retrieving directory listing...
Trace:         CFtpControlSocket::SendNextCommand()
Trace:         CFtpControlSocket::ChangeDirSend()
Command:   PWD
Trace:         CTlsSocket::OnRead()
Trace:         CFtpControlSocket::OnReceive()
Response:  257 "/" is current directory.
Trace:         CFtpControlSocket::ResetOperation(0)
Trace:         CControlSocket::ResetOperation(0)
Trace:         CFtpControlSocket::ParseSubcommandResult(0)
Trace:         CFtpControlSocket::ListSubcommandResult()
Trace:           state = 1
Trace:         CFtpControlSocket::ResetOperation(0)
Trace:         CControlSocket::ResetOperation(0)
Status:        Directory listing of "/" successful
Trace:         CFileZillaEnginePrivate::ResetOperation(0)

Here is the result of bending.

*   Trying 123.123.123.123...
* Connected to ftps.widgetsltd.com (123.123.123.123) port 21 (#0)
* SSL connection timeout
* Closing connection 0
Array
(
    [curl_exec] =>
)
Array
(
    [curl_errno] => 28
    [curl_error] => SSL connection timeout
)
+4
3

, curl FTP ( TLS/SSL , FTP ).

, ftps://, TLS. , TLS (990). CURLOPT_PORT.

TLS FTP- (21), ftp://. TLS, CURLOPT_USE_SSL ( , , - , boolean).

, :

$server_data = array(
   ...
   'post_url' => "ftp://ftps.widgetsltd.com", // ftp:// URL
   ...
);

curl_setopt($ch, CURLOPT_URL, sprintf("%s/%s", $server_data['post_url'], $filename));
curl_setopt($ch, CURLOPT_USE_SSL, CURLUSESSL_ALL); // Enable TLS/SSL

, CURLOPT_FTP_SSL CURLOPT_USE_SSL. , .

+4

s ftps:// ftps vs ftp.

   'post_url' => "ftp://ftps.widgetsltd.com",
+2

, FTPS PHP cURL. , , : curl_errno 28 - - SSL.

, , , . , , , .

, PHP cURL FTPS:

<?php
// !!! MAKE SURE SERVER ADDRESS STARTS WITH ftp://...
$ftp_server="ftp://ftps.example.com";  
$ftp_user_name="USERNAME";
$ftp_user_pass="PASSWORD";

$localFileName = "test.txt";
$remoteFileName = "/Export/test.txt";

$fp = fopen($localFileName, 'r');
$stderr = fopen("curl.txt", "w"); //for error msg logging

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $ftp_server.$remoteFileName);
curl_setopt($ch, CURLOPT_PORT, 21);
curl_setopt($ch, CURLOPT_USERPWD, "$ftp_user_name:$ftp_user_pass");
curl_setopt($ch, CURLOPT_UPLOAD, 1);
curl_setopt($ch, CURLOPT_INFILE, $fp);
curl_setopt($ch, CURLOPT_INFILESIZE, filesize($localFileName));
//SSL stuff
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);  //use for development only; unsecure 
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);  //use for development only; unsecure
curl_setopt($ch, CURLOPT_FTP_SSL, CURLOPT_FTPSSLAUTH);
curl_setopt($ch, CURLOPT_FTPSSLAUTH, CURLFTPAUTH_TLS); 
//curl_setopt($ch, CURLOPT_SSLVERSION, 3);
//end SSL
curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
curl_setopt($ch, CURLOPT_STDERR, $stderr);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);

curl_exec ($ch);

$error_no = curl_errno($ch);
$error_msg = curl_error($ch);

curl_close ($ch);
fclose($fp);
fclose($stderr);

if ($error_no == 0) 
{
    $status = "Success";
} 
else
{
    $status = "Failed"; 

}

echo "FTP RESULT: <BR/>error_no: ".$error_no . "<br/>msg: " . $error_msg;
?>
+2

Source: https://habr.com/ru/post/1606686/

More articles:


All Articles