[Bug 499854] [NEW] TLS broken

[Christian Roessner]

Public bug reported:

Binary package hint: pure-ftpd

While pure-ftpd was working flawlessly n Jaunty, it is broken in Karmic:

/usr/sbin/pure-ftpd-ldap-virtualchroot -l ldap:/etc/pure-
ftpd/db/ldap.conf -l pam -c 50 -b -u 1000 -U 133:022 -Y 1 -O
clf:/var/log/pure-ftpd/transfer.log -8 UTF-8 -j -I 15 -p 18188:18240 -A
-C 10 -E -Z -B

With TLS enabled, a client can connect, auth, but gets no directory
listing. Without TLS, it is working.

Debug-output:

WITH TLS:
Dec 23 15:27:26 www pure-ftpd: (?@ip-109-91-219-9.unitymediagroup.de) [INFO] New connection from ip-109-91-219-9.unitymediagroup.de
Dec 23 15:27:26 www pure-ftpd: (?@ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [auth] [TLS]
Dec 23 15:27:26 www pure-ftpd: (?@ip-109-91-219-9.unitymediagroup.de) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with RC4-MD5, 128 secret bits cipher
Dec 23 15:27:26 www pure-ftpd: (?@ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [user] [de10000]
Dec 23 15:27:26 www pure-ftpd: (?@ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [pass] [<*>]
Dec 23 15:27:26 www pure-ftpd: (?@ip-109-91-219-9.unitymediagroup.de) [INFO] de10000 is now logged in
Dec 23 15:27:26 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [pbsz] [0]
Dec 23 15:27:26 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [prot] [P]
Dec 23 15:27:26 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [feat] []
Dec 23 15:27:26 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [opts] [UTF8 ON]
Dec 23 15:27:26 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [noop] []
Dec 23 15:27:26 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [cwd] [/]
Dec 23 15:27:26 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [syst] []
Dec 23 15:27:26 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [stat] [/]
Dec 23 15:27:26 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [port] [192,168,1,10,192,40]
Dec 23 15:27:26 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [pasv] []
Dec 23 15:27:26 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [mlsd] []
Dec 23 15:28:36 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [ERROR] SSL/TLS [/etc/ssl/private/pure-ftpd.pem]: error:00000000:lib(0):func(0):reason(0)
Dec 23 15:28:36 www pure-ftpd: (?@ip-109-91-219-9.unitymediagroup.de) [INFO] New connection from ip-109-91-219-9.unitymediagroup.de
Dec 23 15:28:36 www pure-ftpd: (?@ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [auth] [TLS]
Dec 23 15:28:37 www pure-ftpd: (?@ip-109-91-219-9.unitymediagroup.de) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with RC4-MD5, 128 secret bits cipher
Dec 23 15:28:37 www pure-ftpd: (?@ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [user] [de10000]
Dec 23 15:28:37 www pure-ftpd: (?@ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [pass] [<*>]
Dec 23 15:28:37 www pure-ftpd: (?@ip-109-91-219-9.unitymediagroup.de) [INFO] de10000 is now logged in
Dec 23 15:28:37 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [pbsz] [0]
Dec 23 15:28:37 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [prot] [P]
Dec 23 15:28:37 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [feat] []
Dec 23 15:28:37 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [opts] [UTF8 ON]
Dec 23 15:28:37 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [pwd] []
Dec 23 15:29:14 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [quit] []
Dec 23 15:29:14 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [INFO] Logout.

WITHOUT TLS:
Dec 23 15:29:25 www pure-ftpd: (?@ip-109-91-219-9.unitymediagroup.de) [INFO] New connection from ip-109-91-219-9.unitymediagroup.de
Dec 23 15:29:25 www pure-ftpd: (?@ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [user] [de10000]
Dec 23 15:29:25 www pure-ftpd: (?@ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [pass] [<*>]
Dec 23 15:29:26 www pure-ftpd: (?@ip-109-91-219-9.unitymediagroup.de) [INFO] de10000 is now logged in
Dec 23 15:29:26 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [feat] []
Dec 23 15:29:26 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [opts] [UTF8 ON]
Dec 23 15:29:26 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [noop] []
Dec 23 15:29:26 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [cwd] [/]
Dec 23 15:29:26 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [syst] []
Dec 23 15:29:26 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [stat] [/]
Dec 23 15:29:30 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [DEBUG] Command [quit] []
Dec 23 15:29:30 www pure-ftpd: (de10000 at ip-109-91-219-9.unitymediagroup.de) [INFO] Logout.

I have recreated the PEM-file like in the README.TLS.gz described, but
this does not fix the problem. Also not firewalls active at the moment.

lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 9.10
Release:        9.10
Codename:       karmic

pure-ftpd-ldap                     1.0.22-1

In 32bit environment in a KVM guest on AMD


Regards
Christian

** Affects: pure-ftpd (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: tls

-- 
TLS broken
https://bugs.launchpad.net/bugs/499854
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs