-
-
Notifications
You must be signed in to change notification settings - Fork 6.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FTP upload with TLS 1.3 results in 0 byte file on the server, eventually times out #13556
Comments
This is the verbose output of the failing FTP upload command that eventually times out and results in a 0 byte file on the server:
|
The problem might be related to #6149 This issue was actually discovered when using libcurl to upload a file >18KB using FTP with explicit auth SSL to that server. With libcurl and |
I just set up a brand new vsftpd server on a Debian 12 machine that is publicly accessible. I created a new RSA 4096 key and enabled SSL for the FTP server. Now uploading a file larger than a certain size results in a 0 byte file on the server and the curl command times out. Can I privately share the commands to reproduce this issue with you? The problem is that the command only works once, then vsftp seems to keep accessing the file, so when the command is issued a second time, it shows a different behavior. That's why I wouldn't want to post this publicly. |
The redacted commands to reproduce this after setting up the vsftpd server with SSL are: To create a local file with a size of 18 kB:
Upload the file:
The upload starts, times out, and results in a 0 byte "test-curl.txt" file on the server. Uploading the same file to the same server with FileZilla using TLS 1.3 works without problems. |
I also asked the support team at all-inkl.com what FTP server software they are using. They answered that they are using ProFTPD from the original Ubuntu repository. So it looks like this is an issue with both vsftpd and ProFTPD servers when using TLS 1.3. |
Can you reproduce this issue? Is there anything I can do to help? |
@icing there's no upload among the new ftp tests yet is there? |
Added @blach could you add |
- refs curl#13556 - allow anon uploads on vsftpd test server - add test_30_05 for plain upload of 1k, 100k, 1m - add test_31_05 for SSL upload of 1k, 100k, 1m - verify file size and contents
Another thing to test with you |
I just added I see no difference in behavior. It still results in a 0 byte file on the server and a timeout of the upload. |
Here is the log:
|
Some additional details: I just tried running the curl command on the server that runs the vsftpd server. Curl 7.88.1 on the Debian server also resulted in a timeout and a 0 byte file. Then I installed curl 8.7.1 from bookworm backports. This version uploads the file to the vsftpd server running on the same server successfully! So, curl 8.7.1 from Homebrew on my Mac shows the error while curl 8.7.1 on Debian does not show the error. On my Mac:
On the Debian server:
|
Could this be an aarch64 vs x86_64 architecture issue? |
@blach I suspect more a timing issue. TLS has this concept of When ending the transfer, curl is sending If you enable the following on your vsftp setup, we might see in the server log what it complains about:
You can set |
Thanks, I added those configuration options and see this in the log file:
|
When I run the command successfully on the server itself, I get this instead:
So it's indeed a problem with the SSL shutdown not working correctly when uploading from my Mac. |
#6149 sounds similar and my conclusion there was basically for each connection we need a separate optional state to do a proper SSL shutdown if the user specifies it or it's required because the server does not send the final message like for ftps data conn see also https://curl.se/docs/knownbugs.html#FTPS_upload_data_loss_with_TLS_1 |
I did this
I'm using the following command line to upload the file "test.html" with a size of 18815 bytes to a server using FTP with SSL encryption:
curl --ssl-reqd ftp://<redacted>.kasserver.com/test/ -u <redacted> --upload-file test.html
This command results in a 0 byte file on the server instead of the expected file with 18815 bytes.
The transfer progress looks like this:
It claims that 18815 bytes are transferred immediately, but then nothing happens and the upload times out after 1 minute.
When I add
--tls-max 1.2
, the upload works immediately and the file on the server has the correct size and contents.This is the FTP server of the popular German hoster https://all-inkl.com/
I expected the following
I expected the file to upload successfully.
curl/libcurl version
curl 8.7.1 (aarch64-apple-darwin23.4.0) libcurl/8.7.1 (SecureTransport) OpenSSL/3.3.0 zlib/1.2.12 brotli/1.1.0 zstd/1.5.6 libidn2/2.3.7 libssh2/1.11.0 nghttp2/1.61.0 librtmp/2.3 OpenLDAP/2.6.7
Release-Date: 2024-03-27
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd
operating system
macOS Sonoma 14.4.1
The text was updated successfully, but these errors were encountered: