1. Forum
  2. FidoNet
  3. SYNC SYSOPS

  • FTPS "Protocol version" error upon upload from Reolink NVR's ftp clien

    From Rob Swindell@1:103/705 to GitLab issue in main/sbbs on Mon Oct 21 21:54:08 2024
    open https://gitlab.synchro.net/main/sbbs/-/issues/799

    This Relolink NVR (security camera recorder) has an FTP client which always tries TLS and if successful, uses that. Unfortunately, it always thinks the file upload is unsuccessful and the server-side always logs the same cryptlib error: "Protocol version"

    Here's a server-side log:
    ```
    2024-10-21T21:41:36.747809-07:00 git sbbs: ftp 0115 [47.156.x.y] Connection accepted on 71.95.196.36 port 21 from port 53724
    2024-10-21T21:41:36.760087-07:00 git sbbs: ftp 0115 New active client highwater mark: 2
    2024-10-21T21:41:36.760142-07:00 git sbbs: ftp 0115 TX: 220-Vertrauen (cvs.synchro.net)
    2024-10-21T21:41:36.760158-07:00 git sbbs: ftp 0115 TX: Synchronet FTP Server 3.20a-Linux Ready
    2024-10-21T21:41:36.760169-07:00 git sbbs: ftp 0115 TX: Anonymous/Guest logins allowed.
    2024-10-21T21:41:36.760179-07:00 git sbbs: ftp 0115 TX: Telnet to vert.synchro.net to create a full-access account.
    2024-10-21T21:41:36.760189-07:00 git sbbs: ftp 0115 TX: Synchronet files are mirrored on ftp.synchro.net (faster).
    2024-10-21T21:41:36.760202-07:00 git sbbs: ftp 0115 TX: 220 Please enter your user name.
    2024-10-21T21:41:36.932735-07:00 git sbbs: ftp 0115 <47.156.x.y> RX: AUTH TLS 2024-10-21T21:41:36.932878-07:00 git sbbs: ftp 0115 TX: 234 Ready to start TLS 2024-10-21T21:41:37.043266-07:00 git sbbs: ftp 0115 <47.156.x.y> initialized TLS successfully
    2024-10-21T21:41:37.100947-07:00 git sbbs: ftp 0115 <47.156.x.y> RXS: USER Reolink
    2024-10-21T21:41:37.101099-07:00 git sbbs: ftp 0115 TXS: 331 User name okay, need password.
    2024-10-21T21:41:37.221120-07:00 git sbbs: ftp 0115 <47.156.x.y> RXS: PASS xxxxx
    2024-10-21T21:41:37.221155-07:00 git sbbs: ftp 0115 <reolink> logged-in (17 today, 17 total)
    2024-10-21T21:41:37.221169-07:00 git sbbs: ftp 0115 TXS: 230 You are allowed 240 minutes of use for this session.
    2024-10-21T21:41:37.342326-07:00 git sbbs: ftp 0115 <reolink> RXS: CWD Main 2024-10-21T21:41:37.342476-07:00 git sbbs: ftp 0115 TXS: 250 CWD command successful.
    2024-10-21T21:41:37.463505-07:00 git sbbs: ftp 0115 <reolink> RXS: CWD xxxxx 2024-10-21T21:41:37.463621-07:00 git sbbs: ftp 0115 TXS: 250 CWD command successful.
    2024-10-21T21:41:37.583639-07:00 git sbbs: ftp 0115 <reolink> RXS: MODE S 2024-10-21T21:41:37.583741-07:00 git sbbs: ftp 0115 TXS: 200 STREAM mode. 2024-10-21T21:41:37.700265-07:00 git sbbs: ftp 0115 <reolink> RXS: TYPE A 2024-10-21T21:41:37.700347-07:00 git sbbs: ftp 0115 TXS: 200 All files sent in BINARY mode.
    2024-10-21T21:41:37.832506-07:00 git sbbs: ftp 0115 <reolink> RXS: PBSZ 0 2024-10-21T21:41:37.832541-07:00 git sbbs: ftp 0115 TXS: 200 OK 2024-10-21T21:41:37.952787-07:00 git sbbs: ftp 0115 <reolink> RXS: PROT P 2024-10-21T21:41:37.952826-07:00 git sbbs: ftp 0115 TXS: 200 Accepted 2024-10-21T21:41:38.073110-07:00 git sbbs: ftp 0115 <reolink> RXS: PASV 2024-10-21T21:41:38.073806-07:00 git sbbs: ftp 0115 TXS: 227 Entering Passive Mode (71,95,196,36,4,0)
    2024-10-21T21:41:38.194103-07:00 git sbbs: ftp 0115 <reolink> RXS: STOR NVR_00_20241021214136.txt
    2024-10-21T21:41:38.194175-07:00 git sbbs: ftp 0115 <reolink> uploading: NVR_00_20241021214136.txt to /Main/xxxx/ (/xfer/xx/) in passive mode
    2024-10-21T21:41:38.194201-07:00 git sbbs: ftp 0115 TXS: 150 Opening BINARY mode data connection for file transfer.
    2024-10-21T21:41:38.222120-07:00 git sbbs: ftp Created TLS private key and certificate 4711
    2024-10-21T21:41:38.404119-07:00 git sbbs: ftp 0110 TLS dbg 'Received TLS alert message: Close notify' (-24) popping data
    2024-10-21T21:41:38.404159-07:00 git sbbs: ftp 0115 <reolink> DATA Transfer successful: 69 bytes received in 0 seconds (138 cps)
    2024-10-21T21:41:38.404170-07:00 git sbbs: ftp 0115 <reolink> DATA Extracting DIZ from: /xfer/xxx/NVR_00_20241021214136.txt
    2024-10-21T21:41:38.404298-07:00 git sbbs: ftp 0115 <reolink> DATA DIZ does not exist in: /xfer/xxxx/NVR_00_20241021214136.txt
    2024-10-21T21:41:38.412580-07:00 git sbbs: ftp 0115 <reolink> DATA uploaded file: NVR_00_20241021214136.txt
    2024-10-21T21:41:38.415624-07:00 git sbbs: ftp 0115 TX: 226 Upload complete (138 cps).
    2024-10-21T21:41:38.442861-07:00 git sbbs: ftp 0115 TLS info 'Received TLS alert message: Protocol version' (-20) popping data
    2024-10-21T21:41:38.442957-07:00 git sbbs: ftp 0115 !ERROR: recv on socket returned unexpected value: -20 (line 525)
    2024-10-21T21:41:38.443202-07:00 git sbbs: ftp 0115 <reolink> logged-out 2024-10-21T21:41:38.443302-07:00 git sbbs: ftp 0115 [47.156.x.y] Session thread terminated (1 clients and 2 threads remain, 10 served)
    ```
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rick Parrish@1:103/705 to GitLab note in main/sbbs on Tue Oct 22 05:29:51 2024
    https://gitlab.synchro.net/main/sbbs/-/issues/799#note_5770

    Does Synchronet implement (and require) TLS session resumption for the data connection? Our FTPS at work does, and we ran into a client that does not support it, and saw behaviour somewhat like this.
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to GitLab note in main/sbbs on Tue Oct 22 13:30:08 2024
    https://gitlab.synchro.net/main/sbbs/-/issues/799#note_5771

    I believe Synchronet does have a very small cache for session resumption, but it's certainly not required (. That said, the data connection seems fine, it looks like the error is when sending the success notification on the control socket... but I'm not really good at reading the ftp log messages.

    I don't actually see the data connection in that log.
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to GitLab note in main/sbbs on Tue Oct 22 13:40:07 2024
    https://gitlab.synchro.net/main/sbbs/-/issues/799#note_5772

    Here's an FTPS failure log with the DEBUG_DATA option enabled:

    ```
    2024-10-22T13:36:21.908099-07:00 git sbbs: ftp 0109 Session thread started 2024-10-22T13:36:21.908152-07:00 git sbbs: ftp 0109 [47.156.x.y] Connection accepted on 71.95.196.36 port 21 from port 55500
    2024-10-22T13:36:21.919538-07:00 git sbbs: ftp 0109 TX: 220-Vertrauen (cvs.synchro.net)
    2024-10-22T13:36:21.919568-07:00 git sbbs: ftp 0109 TX: Synchronet FTP Server 3.20a-Linux Ready
    2024-10-22T13:36:21.919584-07:00 git sbbs: ftp 0109 TX: Anonymous/Guest logins allowed.
    2024-10-22T13:36:21.919594-07:00 git sbbs: ftp 0109 TX: Telnet to vert.synchro.net to create a full-access account.
    2024-10-22T13:36:21.919604-07:00 git sbbs: ftp 0109 TX: Synchronet files are mirrored on ftp.synchro.net (faster).
    2024-10-22T13:36:21.919614-07:00 git sbbs: ftp 0109 TX: 220 Please enter your user name.
    2024-10-22T13:36:22.096103-07:00 git sbbs: ftp 0109 <47.156.x.y> RX: AUTH TLS 2024-10-22T13:36:22.096149-07:00 git sbbs: ftp 0109 TX: 234 Ready to start TLS 2024-10-22T13:36:22.202291-07:00 git sbbs: ftp 0109 [47.156.x.y] initialized TLS successfully
    2024-10-22T13:36:22.267639-07:00 git sbbs: ftp 0109 <47.156.x.y> RXS: USER Reolink
    2024-10-22T13:36:22.267743-07:00 git sbbs: ftp 0109 TXS: 331 User name okay, need password.
    2024-10-22T13:36:22.384959-07:00 git sbbs: ftp 0109 <47.156.x.y> RXS: PASS xxxx
    2024-10-22T13:36:22.385019-07:00 git sbbs: ftp 0109 [47.156.x.y] <reolink> logged-in (20509 today, 21250 total)
    2024-10-22T13:36:22.385034-07:00 git sbbs: ftp 0109 TXS: 230-Welcome! 2024-10-22T13:36:22.385049-07:00 git sbbs: ftp 0109 TXS: --- 2024-10-22T13:36:22.385059-07:00 git sbbs: ftp 0109 TXS: Synchronet files are located in /Synchronet
    2024-10-22T13:36:22.385074-07:00 git sbbs: ftp 0109 TXS: Synchronet files are mirrored on ftp.synchro.net (faster).
    2024-10-22T13:36:22.385086-07:00 git sbbs: ftp 0109 TXS: --- 2024-10-22T13:36:22.385094-07:00 git sbbs: ftp 0109 TXS: Uploads are not allowed in most directories.
    2024-10-22T13:36:22.385104-07:00 git sbbs: ftp 0109 TXS: Upload to /incoming if you're unsure where a file should go.
    2024-10-22T13:36:22.385113-07:00 git sbbs: ftp 0109 TXS: --- 2024-10-22T13:36:22.385124-07:00 git sbbs: ftp 0109 TXS: If you have any problems, please e-mail the details to rob [at] synchro [dot] net.
    2024-10-22T13:36:22.385135-07:00 git sbbs: ftp 0109 TXS: 230-reolink logged in.
    2024-10-22T13:36:22.385147-07:00 git sbbs: ftp 0109 TXS: 230-You have 23000148415 download credits.
    2024-10-22T13:36:22.385160-07:00 git sbbs: ftp 0109 TXS: 230 You are allowed 240 minutes of use for this session.
    2024-10-22T13:36:22.725411-07:00 git sbbs: ftp 0109 <reolink> RXS: CWD Main 2024-10-22T13:36:22.725457-07:00 git sbbs: ftp 0109 TXS: 250 CWD command successful.
    2024-10-22T13:36:22.845530-07:00 git sbbs: ftp 0109 <reolink> RXS: CWD xxxx 2024-10-22T13:36:22.845577-07:00 git sbbs: ftp 0109 TXS: 250 CWD command successful.
    2024-10-22T13:36:22.966489-07:00 git sbbs: ftp 0109 <reolink> RXS: TYPE I 2024-10-22T13:36:22.966593-07:00 git sbbs: ftp 0109 TXS: 200 All files sent in BINARY mode.
    2024-10-22T13:36:23.087386-07:00 git sbbs: ftp 0109 <reolink> RXS: MODE S 2024-10-22T13:36:23.087476-07:00 git sbbs: ftp 0109 TXS: 200 STREAM mode. 2024-10-22T13:36:23.190998-07:00 git sbbs: ftp 0109 <reolink> RXS: PBSZ 0 2024-10-22T13:36:23.191048-07:00 git sbbs: ftp 0109 TXS: 200 OK 2024-10-22T13:36:23.295843-07:00 git sbbs: ftp 0109 <reolink> RXS: PROT P 2024-10-22T13:36:23.295942-07:00 git sbbs: ftp 0109 TXS: 200 Accepted 2024-10-22T13:36:23.405911-07:00 git sbbs: ftp 0109 <reolink> RXS: PASV 2024-10-22T13:36:23.407593-07:00 git sbbs: ftp 0109 <reolink> PASV DATA socket 106 opened
    2024-10-22T13:36:23.407705-07:00 git sbbs: ftp 0109 <reolink> PASV DATA trying to bind socket to port 1024
    2024-10-22T13:36:23.407747-07:00 git sbbs: ftp 0109 <reolink> PASV DATA trying to bind socket to port 1025
    2024-10-22T13:36:23.407782-07:00 git sbbs: ftp 0109 <reolink> PASV DATA trying to bind socket to port 1026
    2024-10-22T13:36:23.407818-07:00 git sbbs: ftp 0109 <reolink> PASV DATA trying to bind socket to port 1027
    2024-10-22T13:36:23.407850-07:00 git sbbs: ftp 0109 <reolink> PASV DATA trying to bind socket to port 1028
    2024-10-22T13:36:23.407880-07:00 git sbbs: ftp 0109 <reolink> PASV DATA socket 106 bound to port 1028
    2024-10-22T13:36:23.407912-07:00 git sbbs: ftp 0109 <reolink> PASV DATA IP address in response: 71.95.196.36 (subject to NAT)
    2024-10-22T13:36:23.407945-07:00 git sbbs: ftp 0109 TXS: 227 Entering Passive Mode (71,95,196,36,4,4)
    2024-10-22T13:36:23.526852-07:00 git sbbs: ftp 0109 <reolink> RXS: STOR NVR_04_20241022133621.jpg
    2024-10-22T13:36:23.527112-07:00 git sbbs: ftp 0109 <reolink> uploading: NVR_04_20241022133621.jpg to /Main/xxxx/ (/xfer/xxxx/) in passive mode
    2024-10-22T13:36:23.527201-07:00 git sbbs: ftp 0109 TXS: 150 Opening BINARY mode data connection for file transfer.
    2024-10-22T13:36:23.527241-07:00 git sbbs: ftp 0109 <reolink> PASV DATA socket 106 listening on 47.156.x.y port 1028
    2024-10-22T13:36:23.527278-07:00 git sbbs: ftp 0109 <reolink> PASV DATA socket 112 connected to 47.156.x.y port 48220
    2024-10-22T13:36:23.567258-07:00 git sbbs: ftp Created TLS private key and certificate 15821
    2024-10-22T13:36:23.632791-07:00 git sbbs: ftp 0109 <reolink> DATA socket 112 receiving /xfer/xxxx/NVR_04_20241022133621.jpg from offset 0
    2024-10-22T13:36:23.632859-07:00 git sbbs: ftp 0109 <reolink> DATA Limiting uploaded file size to 2147483648 (2.0G) bytes
    2024-10-22T13:36:24.676495-07:00 git sbbs: ftp 0112 TLS dbg 'Operation complete/can't continue' (-24) popping data
    2024-10-22T13:36:24.676606-07:00 git sbbs: ftp 0109 <reolink> DATA socket 112 closed by client
    2024-10-22T13:36:24.676642-07:00 git sbbs: ftp 0109 <reolink> DATA Transfer successful: 622165 bytes received in 1 seconds (622165 cps)
    2024-10-22T13:36:24.676987-07:00 git sbbs: ftp 0109 <reolink> DATA Extracting DIZ from: /xfer/xxxx/NVR_04_20241022133621.jpg
    2024-10-22T13:36:24.677619-07:00 git sbbs: ftp 0109 <reolink> DATA DIZ does not exist in: /xfer/xxxx/NVR_04_20241022133621.jpg
    2024-10-22T13:36:24.691583-07:00 git sbbs: ftp 0109 <reolink> DATA uploaded file: NVR_04_20241022133621.jpg
    2024-10-22T13:36:24.695783-07:00 git sbbs: ftp 0109 TX: 226 Upload complete (622165 cps).
    2024-10-22T13:36:24.714846-07:00 git sbbs: ftp 0109 TLS info 'Received TLS alert message: Protocol version' (-20) popping data
    2024-10-22T13:36:24.714890-07:00 git sbbs: ftp 0109 !ERROR: recv on socket returned unexpected value: -20 (line 525)
    2024-10-22T13:36:24.715316-07:00 git sbbs: ftp 0109 <reolink> logged-out 2024-10-22T13:36:24.715423-07:00 git sbbs: ftp 0109 [47.156.x.y] Session thread terminated (0 clients and 1 threads remain, 4 served)
    ```
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to GitLab note in main/sbbs on Tue Oct 22 13:53:24 2024
    https://gitlab.synchro.net/main/sbbs/-/issues/799#note_5773

    I notice that the "Upload complete" is marked as TX: not TXS: implying that it's not actually using TLS to send that? Can you grab a wireshark capture and see if that's sent "in the clear" on the control connection?

    If so, there's the problem.
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to GitLab note in main/sbbs on Tue Oct 22 14:07:20 2024
    https://gitlab.synchro.net/main/sbbs/-/issues/799#note_5774

    It looks like the session established in ctrl_thread() isn't passed to receive_thread() at all... I think that perhaps the fix is to just set sess = xfer->ctrl_sock in receive_thread().
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to GitLab note in main/sbbs on Tue Oct 22 14:10:33 2024
    https://gitlab.synchro.net/main/sbbs/-/issues/799#note_5775

    Actually, it looks like everywhere sess is used should jsut be replaced with xfer.ctrl_sess and the sess variable removed.
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to GitLab issue in main/sbbs on Tue Oct 22 14:15:28 2024
    close https://gitlab.synchro.net/main/sbbs/-/issues/799
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to GitLab note in main/sbbs on Tue Oct 22 15:49:16 2024
    https://gitlab.synchro.net/main/sbbs/-/issues/799#note_5776

    I can confirm, this change appears to fix the issue I was having.
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to GitLab note in main/sbbs on Tue Oct 22 15:51:24 2024
    https://gitlab.synchro.net/main/sbbs/-/issues/799#note_5777

    I'm guessing that FTPS uploads were never tested before (?).
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to GitLab note in main/sbbs on Tue Oct 22 19:45:25 2024
    https://gitlab.synchro.net/main/sbbs/-/issues/799#note_5778

    I did test them at one point, but I presumably I didn't test the full expansion of active/passive/EPSV with all the different combinations of ways TLS can be enabled (dedicated port, auth TLS, per-data-connection, etc) after whatever change stuck the sess variable in there (or maybe moved the too-many arguments to a struct?)
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to GitLab note in main/sbbs on Tue Oct 22 19:49:55 2024
    https://gitlab.synchro.net/main/sbbs/-/issues/799#note_5779

    Looks like receive_thread() has "always" been broken with TLS, so I guess I just didn't test uploads.
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)