News  [SoftwareSite

Latest News
Older News
RSS Feed
 
Complete Projects
Useful Classes
Top Downloads
Message Board
AllAPI.net
 
Send Comments
Software License
Mentalis.org Buttons
Donate
 
Forums -> Security Library Forum
 
Authentication failed (broken in newest version)  
by Jérémie Lumbroso [jeremie at lumbroso dot fr]
posted on 2004/06/30

>> As I said, it's a glftpd problem, not a bug in our library. We can't fix
>> that, and we're also not going to mutilate our library in order to work
>> around someone else's implementation problems.
>> There are basically three things you can do:


I am sorry to stretch out this installment, and I truthfully hope I am not getting you to hate me. After my last drunken message I have done some investigating. Here are my findings:

(I believe the test site is: ftps://DowBot:SSL%2Ftls0@thesheep.ath.cx:63091/ but I might be wrong, I forgot the one I gave you; in any case, even if the login doesn't work anymore, the AUTH is successful--nobody can log in ATM, because there is IP blocking--I will try to resolve that soon)


>> it doesn't appear to be a problem with the Security Library.

- I disagree. I have tried login into that site with SmartFTP, with FlashFXP, and with the trial version of another (but bulky) library "PowerTCP SslSockets.NET". All work with this site, and agree that it is SSL v3.

- I have tried to login using the *previous* version of the Seclib (the one with Ssl2 and Pct support) and it has logged in *perfectly*. This is using the Ssl3 protocol

- To be make sure the problem was with the recent version of your library, I tried connecting (with the previous version) after setting the security options to:

SecurityOptions options = new SecurityOptions(SecureProtocol.Ssl2);

It does not work. Thus proving that the site does not use Ssl2.

- Lastly, I reported the problem to glftpd as you asked me to. I turns out glftpd is simply using the latest version of the popular C++ open source OpenSSL library.



Last time, your main argument, was that the problem must reside in the server and not the security library, because you could not log in with WS_FTP. I realize maybe your IP was blocked by the security firewall. It is indeed a private FTP, that only allows specific IPs to connect. And although I thought I'd allowed all IP masks for that account I may have been wrong.

In any case, to avoid you being sceptical, I have made a screenshot of the trial Home version of WS_FTP Pro:
ftp://www.lumbroso.fr/sshot.jpg

As you can see, even though the login account is no longer active, the AUTH SSL command works perfectly, here too.

If you cannot login to the FTP at all, I will try to find you another test FTP.

I really, really hope that seeing that WS_FTP works without a glitch will make you reconsider trying to track this bug, because I have yet to find a more ingenious .NET library on the Internet--which is why I am so persistent.

by Pieter Philippaerts [Pieter at mentalis dot org]
posted on 2004/07/04

Problem solved via personal communication.

The server only supports Diffie-Hellman suites, something our library doesn't support.

 

Copyright © 2002-2007, The Mentalis.org Team. All rights reserved.
This site is located at http://www.mentalis.org/
Send comments to the webmaster.