Quarks 0 Posted April 1, 2020 I am currently confused about my secure FTP daemon in Delphi RIO and using ICS 8.6.4 from the SVN. I have tried to mimic exactly the OverbyteIcsSslFtpServ example project (copy & paste components or manually copying and verifying it). The problem is my project doesn't understand the AUTH TLS handshake. When using openssl client, the result is : openssl s_client -connect 127.0.0.1:21 -starttls ftp CONNECTED(00000164) write:errno=0 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 94 bytes and written 303 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- Like you have see above, my secure FTPd somehow doesn't serving TLS handshake. Probably my code below is relevant to why it's doesn't work? : procedure TfrmMain.StartServer; var wsi : TWSADATA; SSLType : TFtpSslType; SSLVer : TSslVerMethod; SSLCache : TSslSessCacheMode; SSLCachemodes : TSslSessCacheModes; MinSSLMethod : TSslVerMethod; MaxSSLMethod : TSslVerMethod; SSLTypeModes : TFtpSslTypes; begin { Display version info for program and use components } wsi := WinsockInfo; Logit(Trim(CopyRight)); Logit('Using:'); Logit(' ' + OverbyteIcsWSocket.CopyRight); Logit(' ' + OverbyteIcsFtpSrv.CopyRight); Logit(' Winsock:'); Logit(' Version ' + Format('%d.%d', [WinsockInfo.wHighVersion shr 8, WinsockInfo.wHighVersion and 15])); Logit(' ' + String(StrPas(wsi.szDescription))); Logit(' ' + String(StrPas(wsi.szSystemStatus))); {$IFNDEF VER100} { A bug in Delphi 3 makes lpVendorInfo invalid } if wsi.lpVendorInfo <> nil then Logit(' ' + String(StrPas(wsi.lpVendorInfo))); {$ENDIF} { Set SSL properties, internal session caching enabled } // SslContext1.SslVersionMethod := sslV23_SERVER; //SslContext1.SslOptions := [sslOpt_NO_SSLv2]; //it's unsecure SslContext1.InitContext; //Pre-loads OpenSSL DLL's Logit(OpenSslVersion); Logit(OpenSslCompilerFlags); Logit(OpenSslBuiltOn); Logit(OpenSslPlatForm); Logit(OpenSslDir); frmMain.SslContext1.SslMinVersion := sslVerTLS1_2; { V8.37} frmMain.SslContext1.SslMaxVersion := sslVerMax; { V8.37} frmMain.SslContext1.SslCipherList := CipherListEdit.Text; frmMain.SslContext1.SslDHParamFile := DHParamEdit.Text; { Enables OpenSsl's internal session caching } frmMain.SslContext1.SslSessionCacheModes := [sslSESS_CACHE_SERVER]; frmMain.SslContext1.SslSessionTimeout := 300; //sec frmMain.SslContext1.SslDefaultSessionIDContext := 'AnyStringForSessionCaching'; frmMain.SslContext1.SslCertFile := CertFileEdit.Text; frmMain.SslContext1.SslPassPhrase := PassPhraseEdit.Text; frmMain.SslContext1.SslPrivKeyFile := PrivKeyFileEdit.Text; frmMain.SslContext1.SslCAFile := CAFileEdit.Text; frmMain.SslContext1.SslCAPath := CAPathEdit.Text; frmMain.SslContext1.SslVerifyPeer := VerifyPeerCheckBox.Checked; frmMain.SslFtpServer1.FtpSslTypes := [ftpAuthTls, ftpAuthSsl]; { Use a custom multiline banner } //frmMain.SslFtpServer1.Banner := ''; frmMain.SslFtpServer1.Banner := '220-Welcome to my Server' + #13#10 + '220-' + #13#10 + '220 ICS FTP Server ready.'; frmMain.SslFtpServer1.Addr := ServIpAddr.Text; { V8.37 } frmMain.SslFtpServer1.Port := FPortEdit.Text; frmMain.SslFtpServer1.Start; MinSSLMethod := frmMain.SslContext1.SslMinVersion; MaxSSLMethod := frmMain.SslContext1.SslMaxVersion; for SSLVer := sslVerSSL3 to sslVerMax do begin If SSLVer = MinSSLMethod then Logit('SSL Minimum Version : : ' + GetEnumName(TypeInfo(TSslVerMethod), Ord(MinSSLMethod))); end; for SSLVer := sslVerSSL3 to sslVerMax do begin If SSLVer = MaxSSLMethod then Logit('SSL Maximum Version : : ' + GetEnumName(TypeInfo(TSslVerMethod), Ord(MaxSSLMethod))); end; //Logit('SSL Minimum Version :' + String(frmMain.SslContext1.ToString) ); //Logit('SSL Maximum Version :' + ToString(frmMain.SslContext1.) ); SSLCacheModes := frmMain.SslContext1.SslSessionCacheModes; for SSLCache := sslSESS_CACHE_CLIENT to sslSESS_CACHE_NO_INTERNAL_STORE do begin If SSLCache in SSLCacheModes then Logit('SSL Session Cache Modes : ' + GetEnumName(TypeInfo(TSslSessCacheMode), Ord(SSLCache))); end; Logit('SSL Session Timeout :' + UIntToStr(frmMain.SslContext1.SslSessionTimeout) + 's' ); Logit('SSL Certificate File :' + frmMain.SslContext1.SslCertFile ); Logit('SSL Private List :' + frmMain.SslContext1.SslPrivKeyFile ); Logit('SSL CA File :' + frmMain.SslContext1.SslCAPath + '\' + frmMain.SslContext1.SslCAFile ); Logit('SSL Verify Peer :' + BoolToStr(frmMain.SslContext1.SslVerifyPeer) ); SSLTypeModes := frmMain.SslFtpServer1.FtpSslTypes; for SSLType := ftpAuthSsl to ftpImplicitSsl do begin If SSLType in SSLTypeModes then Logit('FTP SSL Types : ' + GetEnumName(TypeInfo(TFtpSslType), Ord(SSLType))); end; Logit('Successfully Started the FTP Server'); end; Full project files attached below, been spending more than 10 hours trying to debug it but no matter what i have tried, it doesn't serving TLS. Simple FTP Server_send.rar Share this post Link to post
Angus Robertson 577 Posted April 1, 2020 The code itself is probably OK if you copied it correctly. the issue is more likely all the settings and SSL/TLS certificates that are needed to make a secure server work, of which you show none. You could also have shown the protocol that you logged with all the errors. What SSL certificate are you using, and what intermediate, since you are setting SslCaFile. But servers don't use SslCAPath. Angus Share this post Link to post
Quarks 0 Posted April 1, 2020 (edited) @Angus Robertson Thanks you for taking a look at my thread, that's the problems, Ticslogger is doesn't work in my part, showing up as "Integer Overflow" when starting the x64 server. >>What SSL certificate are you using, and what intermediate, since you are setting SslCaFile. But servers don't use SslCAPath. The 01cert.pem, 01key.pem, cacert.pem are only default one from the ..\ICS\Samples\Delphi\SslInternet folder. What i have tried is also tinkering with the OpenSSL cipherlist and even accepting all cipher with "ALL" still couldn't make it working. Also countless time tinkering with SslMinVersion & SslMaxVersion still no dice, somehow it's like ICS ignoring my configurations/parameters :-(. If you have time, please take a look at my project, i am sure something simple or worse something in the code, upon comparing with beyond compare, i don't notice any big differences. Edited April 1, 2020 by Quarks Share this post Link to post
Angus Robertson 577 Posted April 1, 2020 Not sure what you are trying to achieve, but I suggest you get the original ICS sample working first, then work out what is different with your project. The IcsLogger is for our development purposes, not debugging applications. Your code has lots of Logit commands, it's what those report that helps with debugging. Angus Share this post Link to post
Quarks 0 Posted April 1, 2020 What i am trying to achieve is only simple FTPd with only TLS v1.2 working. Original ICS sample is working fine with the same components parameters that i have copied from it, but on my project somehow it doesn't with the same certificates, key, CA. Just tried to generate my own self-signing certificate, key, and CA but the same thing happened. Used the ..\ICS\Samples\Delphi\SslInternet\SslCerts\IcsSslBuildCerts.bat file. Currently here is the log from logit : 02/04/2020 01:38:59 - - Disconnected 02/04/2020 01:38:59 - - AUTH C:\TEMP\TLS 02/04/2020 01:38:59 - - Connected 02/04/2020 01:38:58 - - Disconnected 02/04/2020 01:38:58 - - AUTH C:\TEMP\TLS 02/04/2020 01:38:58 - - Connected 02/04/2020 01:38:53 - Successfully Started the FTP Server 02/04/2020 01:38:53 - FTP SSL Types : ftpAuthTls 02/04/2020 01:38:53 - FTP SSL Types : ftpAuthSsl 02/04/2020 01:38:53 - SSL Verify Peer :0 02/04/2020 01:38:53 - SSL CA File 😕 02/04/2020 01:38:53 - SSL Private List :ServerKey.pem 02/04/2020 01:38:53 - SSL Certificate File :ServerCert.pem 02/04/2020 01:38:53 - SSL Session Timeout :300s 02/04/2020 01:38:53 - SSL Session Cache Modes : sslSESS_CACHE_SERVER 02/04/2020 01:38:53 - SSL Maximum Version : : sslVerMax 02/04/2020 01:38:53 - SSL Minimum Version : : sslVerTLS1_2 02/04/2020 01:38:53 - OPENSSLDIR: "C:\Program Files\Common Files\SSL" 02/04/2020 01:38:53 - platform: VC-WIN64A-rtt 02/04/2020 01:38:53 - built on: Tue Mar 17 20:12:47 2020 UTC 02/04/2020 01:38:53 - compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MT /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM 02/04/2020 01:38:53 - OpenSSL 1.1.1e 17 Mar 2020 02/04/2020 01:38:53 - Running 02/04/2020 01:38:53 - WinSock 2.0 02/04/2020 01:38:53 - Version 2.2 02/04/2020 01:38:53 - Winsock: 02/04/2020 01:38:53 - TFtpServer (c) 1998-2020 F. Piette V8.64 02/04/2020 01:38:53 - TWSocket (c) 1996-2020 Francois Piette V8.64 02/04/2020 01:38:53 - Using: 02/04/2020 01:38:53 - SslFtpServ (c) 1998-2020 F. Piette V8.64 From the openssl client : openssl s_client -connect 127.0.0.1:5420 -starttls ftp CONNECTED(00000164) write:errno=0 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 94 bytes and written 303 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- Share this post Link to post
Angus Robertson 577 Posted April 2, 2020 You don't log the IP address and port your server is using, although your client says port 5420 which is not an SSL FTP port, so the server does not attempt to negotiate SSL Using non standard ports for SSL requires extra code. V8.64 has a new Option ftpsAuthForceSsl that might do it simply. Not sure why you are testing an FTP servers with a non-FTP client that does not send the correct protocol. Angus Share this post Link to post
Quarks 0 Posted April 2, 2020 (edited) >> You don't log the IP address and port your server is using, although your client says port 5420 which is not an SSL FTP port, so the server does not attempt to negotiate SSL Using non standard ports for SSL requires extra code. V8.64 has a new Option ftpsAuthForceSsl that might do it simply. Using normal FTP port 21 also doing the same thing in openssl s_client and filezilla/smartftp. I have specified in filezilla/smartftp to do explicit AUTH TLS. Can you tell me on which event or parts for the extra code?, so i can make comparison with the ICS project. Already tried using 'ftpsAuthForceSsl' option but doesn't make any differences :-(. >> Not sure why you are testing an FTP servers with a non-FTP client that does not send the correct protocol. The following command below is sending the correct explicit TLS protocol, first connect with plain text FTP protocol until "AUTH TLS", you can search it on the internet about it. It being used normally for testing TLS server. The specified ftp part is for the FTP testing specification not a port. (using it on ICS sample project is working perfectly) openssl s_client -connect 127.0.0.1:5420 -starttls ftp The same thing from filezilla or smartftp 6:25:37 Status: Connecting to 127.0.0.1:5420... 16:25:37 Status: Connection established, waiting for welcome message... 16:25:37 Status: Initializing TLS... 16:25:37 Error: GnuTLS error -110: The TLS connection was non-properly terminated. 16:25:37 Status: Server did not properly shut down TLS connection 16:25:37 Status: Connection attempt failed with "ECONNABORTED - Connection aborted". 16:25:37 Error: Could not connect to server 16:25:37 Status: Waiting to retry... Edited April 2, 2020 by Quarks Share this post Link to post
Angus Robertson 577 Posted April 2, 2020 I have no idea how the openssl client tool works or why you are using it to test FTP, but 'AUTH C:\TEMP\TLS' is not a valid command, it should be AUTH TLS'. You have not shown what smartftp sent. Since the ICS sample works, you have missed something in your implementation but I can not debug your code. Angus Share this post Link to post
Quarks 0 Posted April 3, 2020 >> I have no idea how the openssl client tool works or why you are using it to test FTP, but 'AUTH C:\TEMP\TLS' is not a valid command, it should be AUTH TLS'. You have not shown what smartftp sent. I couldn't figure it out why either in the server or client (filezilla) it's sent or received as 'AUTH C:\TEMP\TLS', in smartftp it just mentioned as cannot connect just if as the server is down. >> Since the ICS sample works, you have missed something in your implementation but I can not debug your code. The project was originally as normal plain non-secure FTP server, so i think also it may have missed something in the codes. Currently i cannot quite figure it out to pin point which is wrong. Other than 'barking' at the same tree, i think i will re-base my project with using the ICS sample project in which the project already 'guaranteed' & designed to work. Thanks a lot for all these times. Share this post Link to post
Angus Robertson 577 Posted April 3, 2020 Improving your logging will help, you did not report the response or errors to commands received which is essential to error tracing with bad clients. The latest ICS in SVN has FTP server improvements to simplify SSL configuration in the same way as the web and proxy servers two years ago using IcsHosts, but there is no sample to copy yet, you need to look at the multi-web server sample and see how that configures listeners and at http://wiki.overbyte.eu/wiki/index.php/FAQ_Using_IcsHosts. Angus. Share this post Link to post
Quarks 0 Posted April 3, 2020 (edited) >> Improving your logging will help, you did not report the response or errors to commands received which is essential to error tracing with bad clients. I haven't know to logging the received command, perhaps you could give me the pointer or sample codes?. Logging in using filezilla or smartftp into ICS sample project is working fine. >>The latest ICS in SVN has FTP server improvements to simplify SSL configuration in the same way as the web and proxy servers two years ago using IcsHosts, but there is no sample to copy yet, you need to look at the multi-web server sample and see how that configures listeners and at http://wiki.overbyte.eu/wiki/index.php/FAQ_Using_IcsHosts. Thanks for the reminder, i am already using latest and greatest SVN commit, but i don't use any proxy as these tests is only from local range. Does that info also relevant with TSslFTPServer? About ICS 8.64 release, does sslTLS_V1_3_SERVER and sslTLS_V1_3_CLIENT will be finalized or completed before the final release? Edited April 3, 2020 by Quarks Share this post Link to post
Angus Robertson 577 Posted April 3, 2020 The FTP server sample does all the logging properly,SslFtpServer1AnswerToClient. If you use IcsHosts in the latest server, you don't need an SslContext, all that is handled by the component. You set the certificates and an SSL security level and everything else is done automatically, including installing Let's Encrypt SSL certificates on a public server. This all works now, just no new sample yet. Angus Share this post Link to post
Quarks 0 Posted April 3, 2020 (edited) Thank you. New logging as follow : 03/04/2020 20:31:37 - - Disconnected 03/04/2020 20:31:37 - > 127.0.0.1 234 Using authentication type TLS 03/04/2020 20:31:37 - - AUTH C:\TEMP\TLS 03/04/2020 20:31:37 - - Connected 03/04/2020 20:30:58 - - Disconnected 03/04/2020 20:30:58 - > 127.0.0.1 234 Using authentication type TLS 03/04/2020 20:30:58 - - AUTH C:\TEMP\TLS 03/04/2020 20:30:58 - - Connected 03/04/2020 20:30:20 - Successfully Started the FTP Server The code is simple : procedure TfrmMain.SSLFtpServer1AnswerToClient(Sender: TObject; Client: TFtpCtrlSocket; var Answer: TFtpString); begin Logit('> ' + Client.GetPeerAddr + ' ' + Answer) end; I could not quite figuring out on why there is extra "C:\TEMP" on client? or server? replies. Waiting for IcsHosts for secure ftp server sample. Edited April 3, 2020 by Quarks Share this post Link to post
Angus Robertson 577 Posted April 3, 2020 What it should say is: 02:10:08 > AUTH TLS 02:10:08 < 234 Using authentication type TLS 02:10:08 Check for Old SSL Session 02:10:08 No Old SSL Session Cached 02:10:08 Starting SSL Session 02:10:08 Cache SSL Session: New 02:10:08 ! SSL Connected OK with TLSv1.2, cipher ECDHE-RSA-CHACHA20-POLY1305, key auth RSA, key exchange ECDH, encryption CHACHA20/POLY1305(256), message auth AEAD But that depends on how many other events you are logging, you cam see in the sample where all this comes from (although this log is from a real server). I suspect you are still testing with the OpenSSL client which to be honest is a waste of time, it does not understand the FTP protocol. With TCP, it is rarely obvious which end caused disconnection. Angus Share this post Link to post
Quarks 0 Posted April 3, 2020 I don't have a clue without someone checking the project out. No, openssl s_client is understand the explicit starttls & ftp protocol, you can check the definition in here : -starttls protocol Send the protocol-specific message(s) to switch to TLS for communication. protocol is a keyword for the intended protocol. Currently, the only supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp", "xmpp-server", "irc", "postgres", "mysql", "lmtp", "nntp", "sieve" and "ldap". Share this post Link to post
Quarks 0 Posted April 3, 2020 (edited) The reason i am not using more proper FTP Client is because it's faster to paste from windows command prompt. When using openssl s_client working then it will be guarantee to work in full pledges ftp client. Edited April 3, 2020 by Quarks Share this post Link to post
Fr0sT.Brutal 900 Posted April 3, 2020 In FileZilla you can enable detailed log (right-click over log control) to see what happens actually. The AUTH C:\TEMP\TLS you get is very suspicious. Share this post Link to post
Quarks 0 Posted April 3, 2020 Here is from filezilla : 23:16:31 Status: Connecting to 127.0.0.1:5420... 23:16:31 Status: Connection established, waiting for welcome message... 23:16:31 Response: 220-Welcome to my Server 23:16:31 Response: 220- 23:16:31 Response: 220 ICS FTP Server ready. 23:16:31 Command: AUTH TLS 23:16:31 Response: 234 Using authentication type TLS 23:16:31 Status: Initializing TLS... 23:16:31 Error: GnuTLS error -110: The TLS connection was non-properly terminated. 23:16:31 Status: Server did not properly shut down TLS connection 23:16:31 Status: Connection attempt failed with "ECONNABORTED - Connection aborted". 23:16:31 Error: Could not connect to server 23:16:31 Status: Waiting to retry... From smartftp, the ftp server logged also the same like openssl s_client, filezilla, smartftp : 03/04/2020 23:19:41 - - Disconnected 03/04/2020 23:19:41 - > 127.0.0.1 234 Using authentication type TLS 03/04/2020 23:19:41 - - AUTH C:\TEMP\TLS 03/04/2020 23:19:41 - - Connected So confirmed it's from my ftp server. searching thorough ICS folder or my project file doesn't return a match for 'C:\TEMP' or 'TEMP'. Share this post Link to post
Angus Robertson 577 Posted April 3, 2020 I always test the ICS FTP server with the ICS OverbyteIcsXferTst sample, then you just click a single button to perform a complete FTP session, with proper logging. Angus Share this post Link to post
Quarks 0 Posted April 3, 2020 Here is from OverbyteIcsXferTst : 23:38:18:401 03/04/2020 23:38:18:401 Connect/Logon to FTP Server: 127.0.0.1:5420 23:38:18:401 23:38:18:401 Control DNS Lookup Done - 127.0.0.1 23:38:18:402 23:38:18:402 02562470 Socket handle created handle=1780 23:38:18:402 23:38:18:402 TWSocket will connect to 127.0.0.1:5420 23:38:18:402 23:38:18:402 Control Socket Connect, error=0 to 127.0.0.1:5420 23:38:18:402 < 220-Welcome to my Server 23:38:18:402 < 220- 23:38:18:402 < 220 ICS FTP Server ready. 23:38:18:402 FTP Session Connected OK to: 127.0.0.1:5420 23:38:18:402 23:38:18:402 Start command, Req=HostAsync - HOST [127.0.0.1] 23:38:18:402 > HOST [127.0.0.1] 23:38:18:402 23:38:18:402 02562470 PutDataInSendBuffer handle=1780 [9] Data:$4F48 $5453 $5B20 $3231 $2E37 $2E30 $2E30 $5D31 $A0D $00 $00 $00 $10 $264 $4B0 $02 $01 $00 23:38:18:404 < 220 HOST Ok, FTP Server ready. 23:38:18:404 23:38:18:404 Start command, Req=AuthAsync - AUTH TLS 23:38:18:404 > AUTH TLS 23:38:18:404 23:38:18:404 02562470 PutDataInSendBuffer handle=1780 [10] Data:$5541 $4854 $5420 $534C $A0D $00 $00 $00 $6061 $271 23:38:18:405 < 234 Using authentication type TLS 23:38:18:405 23:38:18:405 02562470 StartSslHandshake handle=1780 23:38:18:405 23:38:18:405 02562470 InitSSLConnection handle=1780 23:38:18:405 Check for Old SSL Session 23:38:18:405 No Old SSL Session Cached 23:38:18:405 23:38:18:405 02562470 Start Ssl ReadBIO 23:38:18:405 23:38:18:405 02562470 ICB> SSL_handshake_start: where=00000010, state=before SSL initialization 23:38:18:405 23:38:18:405 02562470 ICB> SSL_connect: before SSL initialization 23:38:18:405 23:38:18:405 ProtoMsg: None, State: SSLv3/TLS write client hello, Send, DataLen: 5, Data= 160301019A 23:38:18:405 23:38:18:405 ProtoMsg: TLS 1.3 Handshake: Client Hello, State: SSLv3/TLS write client hello, Send, DataLen: 410, Data= 0100019603031EBEED0E108F8683EC69BDE3CDF6D17ABAD9C6D50CB5482E5C25CA61335517C420C515D9A0637BB8533DC1CF5BE2EBEB6460B36D1DF0F0BB4BD8E571FE517E2A7900B8130213031301C02CC03000A3009FCCA9CCA8CCAAC0AFC0ADC0A3C09FC05DC061C057C05300A7C02BC02F00A2009EC0AEC0ACC0A2C09EC05CC060C056C05200A6C024C028006B006AC073C07700C400C3006D00C5C023C02700670040C072C07600BE00BD006C00BFC00AC0140039003800880087C019003A0089C009C01300330032009A009900450044C0180034009B0046009DC0A1C09DC051009CC0A0C09CC050003D00C0003C00BA00350084002F00960041000700FF01000095000B000403000102000A000C000A001D0017001E00190018002300000016000000170000000D0030002E040305030603080708080809080A080B080408050806040105010601030302030301020103020202040205020602002B0009080304030303020301002D00020101003300260024001D0020C75A256AD644C155D13B89F87F19F3F5F46FD3170B381C087A0E546B9C9AE973 23:38:18:405 23:38:18:405 02562470 ICB> SSL_connect: SSLv3/TLS write client hello 23:38:18:405 23:38:18:405 02562470 BIO_read(nbio, 0x24F2FF8, 415) = 415 [11] Data:$316 $101 $19A $100 $396 $1E03 $EDBE $100E $868F $EC83 $BD69 $CDE3 $D1F6 $BA7A $C6D9 $CD5 $48B5 $5C2E $CA25 $3361 $1755 $20C4 $15C5 $A0D9 $7B63 $53B8 $C13D $5BCF $EBE2 $64EB $B360 $1D6D $F0F0 $4BBB $E5D8 $FE71 $7E51 $792A $B800 $213 $313 $113 $2CC0 $30C0 $A300 $9F00 $A9CC $A8CC $AACC $AFC0 $ADC0 $A3C0 $9FC0 $5DC0 $61C0 $57C0 $53C0 $A700 $2BC0 $2FC0 $A200 $9E00 $AEC0 $ACC0 $A2C0 $9EC0 $5CC0 $60C0 $56C0 $52C0 $A600 $24C0 $28C0 $6B00 $6A00 $73C0 $77C0 $C400 $C300 $6D00 $C500 $23C0 $27C0 $6700 $4000 $72C0 $76C0 $BE00 $BD00 $6C00 $BF00 $AC0 $14C0 $3900 $3800 $8800 $8700 $19C0 $3A00 $8900 $9C0 $13C0 $3300 $3200 $9A00 $9900 $4500 $4400 $18C0 $3400 $9B00 $4600 $9D00 $A1C0 $9DC0 $51C0 $9C00 $A0C0 $9CC0 $50C0 $3D00 $C000 $3C00 $BA00 $3500 $8400 $2F00 $9600 $4100 $700 $FF00 $01 $9500 $B00 $400 $03 $201 $A00 $C00 $A00 $1D00 $1700 $1E00 $1900 $1800 $2300 $00 $1600 $00 $1700 $00 $D00 $3000 $2E00 $304 $305 $306 $708 $808 $908 $A08 $B08 $408 $508 $608 $104 $105 $106 $303 $302 $103 $102 $203 $202 $204 $205 $206 $2B00 $900 $308 $304 $303 $302 $01 -$102 $01 3&$$1D $C720 $255A $D66A $C144 $D155 $893B $7FF8 $F319 $F4F5 $D36F $B17 $1C38 $7A08 $540E $9C6B $E99A s$00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 $00 23:38:18:405 23:38:18:405 02562470 BIO_read(nbio, 0x24F14C8, 0) = 0 [12] Data: 23:38:18:406 23:38:18:406 02562470 TCustomSslWSocket.Do_FD_CLOSE error #0 handle=1780 23:38:18:406 23:38:18:406 02562470 *CloseCalled handle=1780, State=SSLv3/TLS write client hello (TLS_ST_CW_Client_Hello), Err=error:00000000:lib(0):func(0):reason(0) 23:38:18:406 23:38:18:406 02562470 SslHandshakeDone(1) Handle=1780. error:00000000:lib(0):func(0):reason(0), State: SSLv3/TLS write client hello, connection closed unexpectedly, session reused=False 23:38:18:406 SSL Handshake Failed - error:00000000:lib(0):func(0):reason(0), State: SSLv3/TLS write client hello, connection closed unexpectedly 23:38:18:406 23:38:18:406 02562470 TCustomWSocket.Shutdown 1 handle=1780 23:38:18:406 23:38:18:406 02562470 FCloseInvoked=0 handle=1780, State=SSLv3/TLS write client hello 23:38:18:406 23:38:18:406 Control Socket Closed, error=0 23:38:18:406 FTP Session Closed 23:38:18:406 23:38:18:406 02562470 ResetSslSession handle=1780 From the server : 03/04/2020 23:38:18 - - Disconnected 03/04/2020 23:38:18 - > 127.0.0.1 234 Using authentication type TLS 03/04/2020 23:38:18 - - AUTH C:\TEMP\TLS 03/04/2020 23:38:18 - > 127.0.0.1 220 HOST Ok, FTP Server ready. 03/04/2020 23:38:18 - - HOST C:\TEMP\[127.0.0.1] 03/04/2020 23:38:18 - - Connected 03/04/2020 23:38:10 - Successfully Started the FTP Server The TfrmMain.SSLFtpServer1Host code : procedure TfrmMain.SSLFtpServer1Host(Sender: TObject; Client: TFtpCtrlSocket; Host: TFtpString; var Allowed: Boolean); begin { HOST might be ftp.domain.com or [123.123.123.123] } Allowed := true; end; Share this post Link to post
Angus Robertson 577 Posted April 3, 2020 When you improve the logging in the server to show errors and events, similarly to the sample you copied code from,. you'll get some debugging information. See SslFtpServer1SslVerifyPeer, SslFtpServer1SslHandshakeDone, And also fix the logging bug that is adding this path, not coming from the clients, HOST C:\TEMP\[127.0.0.1] Angus Share this post Link to post