mod_proxy_ftp does not work over SSL connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I want to use mod_proxy_ftp over a https connection, but it somehow
doesn't work. The basic setup is as follows:

   SSLEngine On
   SSLProxyEngine on
   SSLCertificateFile /etc/apache2/ssl/ca.pem
   SSLCertificateKeyFile /etc/apache2/ssl/ca.key

   <Proxy *>
   Order deny,allow
   Allow from all
   </Proxy>

   ProxyRequests Off
   ProxyPass /myftp ftp://user:pass@xxxxxxxxxxxxxxxxxxxxxx

This works without problems over http, but with https I only see a
status message about a successful login to the ftp-server, but no
directory listing. The problem seems to be that the mod_proxy_ftp sends
the data without SSL, at least that's what I figure from the following
log entries:

[Fri May 30 14:10:39 2008] [debug] mod_proxy_ftp.c(1783): proxy: FTP: start body send
[Fri May 30 14:10:39 2008] [debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start
[Fri May 30 14:10:39 2008] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: before/accept initialization
[Fri May 30 14:10:39 2008] [debug] ssl_engine_io.c(1775): OpenSSL: read 11/11 bytes from BIO#83632d8 [mem: 8370020] (BIO dump follows)
[Fri May 30 14:10:39 2008] [debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+
[Fri May 30 14:10:39 2008] [debug] ssl_engine_io.c(1747): | 0000: 64 72 77 78 72 2d 78 72-2d 78                    drwxr-xr-x       |
[Fri May 30 14:10:39 2008] [debug] ssl_engine_io.c(1751): | 0011 - <SPACES/NULS>
[Fri May 30 14:10:39 2008] [debug] ssl_engine_io.c(1753): +-------------------------------------------------------------------------+
[Fri May 30 14:10:39 2008] [debug] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv2/v3 read client hello A
[Fri May 30 14:10:39 2008] [info] [client xx.xx.xx.xx] SSL library error 1 in handshake (server xx.xx.xx.xx:443)
[Fri May 30 14:10:39 2008] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!?

I already tried to fiddle with the SSLProxy-options (e.g. SSLProxyEngine
on), but to no avail. I guess these are only necessary if I'd want to
proxy to other SSL enabled servers anyway?

-David


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux