home *** CD-ROM | disk | FTP | other *** search
/ Columbia Kermit / kermit.zip / newsgroups / misc.20021006-20030409 / 000088_jhaines@benplan.com_Fri Nov 15 13:57:36 EST 2002.msg < prev    next >
Text File  |  2020-01-01  |  8KB  |  200 lines
  1. Article: 13854 of comp.protocols.kermit.misc
  2. Path: newsmaster.cc.columbia.edu!panix!bloom-beacon.mit.edu!newsfeed.stanford.edu!postnews1.google.com!not-for-mail
  3. From: jhaines@benplan.com (John Haines)
  4. Newsgroups: comp.protocols.kermit.misc
  5. Subject: Kermit-FTP and SSL
  6. Date: 15 Nov 2002 10:31:04 -0800
  7. Organization: http://groups.google.com/
  8. Lines: 182
  9. Message-ID: <684be77d.0211151031.2ed9f7b5@posting.google.com>
  10. NNTP-Posting-Host: 216.136.79.238
  11. Content-Type: text/plain; charset=ISO-8859-1
  12. Content-Transfer-Encoding: 8bit
  13. X-Trace: posting.google.com 1037385064 1540 127.0.0.1 (15 Nov 2002 18:31:04 GMT)
  14. X-Complaints-To: groups-abuse@google.com
  15. NNTP-Posting-Date: 15 Nov 2002 18:31:04 GMT
  16. Xref: newsmaster.cc.columbia.edu comp.protocols.kermit.misc:13854
  17.  
  18. I saw a question on comp.protocols.kermit.misc in May about C-Kermit
  19. on AIX 4.3.3 using SSL with WS_FTP Server.  I'm trying to perform the
  20. same thing and thought I would ask for some assistance.  My goal is to
  21. have my AIX box be an FTP client to an NT WS_FTP Server using SSL with
  22. certificates.  How do I setup Kermit (and OpenSSL) to send the signed
  23. certificate from my AIX client?
  24.  
  25. If anyone can help it would be greatly appreciated.  Thanks!
  26.  
  27. Below is my environment
  28.     AIX 4.3.3
  29.         OpenSSL 0.9.6g 9 Aug 2002
  30.         C-Kermit 8.0.206, 24 Oct 2002, for IBM AIX 4.3
  31.         Note: I could not find an AIX Kermit version with SSL, so I 
  32.                       downloaded the kermit source and compiled it 
  33.                       using gcc and make option aix43gcc+openssl
  34.  
  35.     WS_FTP Server 7.6 running on Windows NT
  36.  
  37.  
  38. I'm able to get Kermit and WS_FTP Server talking with SSL, but not
  39. using certificates.  As soon as I tell WS_FTP to only accept
  40. connections with Certificates, everything falls apart.  I have gotten
  41. WS_FTP Server and a Windows 98 WS_FTP Pro client working with
  42. certificates, but continue having problems with AIX.
  43.  
  44. On the WS_FTP Server, I created a certificate and self-signed it. 
  45. This worked between Server and Win98 client.  On my AIX box I used the
  46. following to create a certificate request.
  47.  
  48.     openssl genrsa -des3 -rand ../random.file -out aixbox.key 2048
  49.     openssl req -new -config /usr/local/ssl/benplan.cnf -key aixbox.key
  50. -out aixbox.csr
  51.  
  52. I then took the "aixbox.csr" and had my WS_FTP Server sign the
  53. certificate request.  The signed certificate was named
  54. aixbox.signed.crt and placed on my AIX box.
  55.  
  56. Below is my Kermit script.  If I remove the SET AUTH SSL VERIFY-FILE
  57. statement and turn off certificate checking on the WS_FTP Server, I
  58. can get a connection working.  My goal is to be able to send a
  59. certificate?
  60.  
  61. #!/usr/local/bin/krbmit +
  62. set transfer display brief
  63. SET AUTH TLS VERBOSE ON
  64. SET AUTH TLS DEBUG ON
  65. SET AUTH SSL VERBOSE ON
  66. SET AUTH SSL DEBUG ON
  67. SET AUTH SSL VERIFY-FILE sslkeys/aixbox.signed.crt
  68.  
  69. SET FTP AUTOAUTHENTICATION ON
  70. SET FTP AUTHTYPE SSL TLS
  71. SET FTP AUTOLOGIN OFF
  72. SET FTP AUTOENCRYPTION ON
  73. SET FTP COMMAND-PROTECTION-LEVEL PRIVATE
  74. SET FTP DATA-PROTECTION-LEVEL PRIVATE
  75. SET FTP VERBOSE ON
  76. SET FTP DEBUG ON
  77.  
  78. ftp open U216JYFZB040.xxxxxxxx.com 21 /user:kuser /password:/passwd
  79. if fail exit 1 Connection failed:  \v(ftp_message)
  80.  
  81. if not \v(ftp_loggedin) exit 1 Login failed
  82.  
  83. ftp get /binary testfile.txt
  84. if fail exit 1 ftp GET testfile.txt: \v(ftp_message)
  85.  
  86. ftp bye
  87. exit
  88.  
  89.  
  90. -----------------------------------------------------------------
  91. Below is the output from running the script
  92. -----------------------------------------------------------------
  93.  
  94. ?Cannot set protection level to PRIVATE
  95. ?Cannot set protection level to PRIVATE
  96. Connected to U216JYFZB040.xxxxxxxx.com.
  97. 220 U216JYFZB040.xxxxxxxxx.com X2 WS_FTP Server 3.1.3 (1300416223)
  98. ---> AUTH SSL
  99. 234 SSL enabled and waiting for negotiation
  100. SSL accepted as authentication type
  101. SSL DEBUG ACTIVE
  102. =>START SSL/TLS connect on COMMAND
  103. SSL_handshake:UNKWN  before/connect initialization
  104. SSL_connect:UNKWN  before/connect initialization
  105. SSL_connect:3WCH_A SSLv3 write client hello A
  106. SSL_connect:3RSH_A SSLv3 read server hello A
  107. ssl:client_verify_callback:depth=0 ok=0 err=18-self signed certificate
  108. Certificate[0] subject=/C=US/ST=Texas/O=The Company/L=San
  109. Antonio/OU=MIS/Em
  110. ail=haines@xxxxxxxx.com/CN=U216JYFZB040.xxxxxxxx.com
  111. Certificate[0] issuer =/C=US/ST=Texas/O=The Company/L=San
  112. Antonio/OU=MIS/Em
  113. ail=haines@xxxxxxxxx.com/CN=U216JYFZB040.xxxxxxxx.com
  114. Warning: Server has a self-signed certificate
  115. [0] subject=/C=US/ST=Texas/O=The Company/L=San
  116. Antonio/OU=MIS/Email=haines
  117. @xxxxxxxx.com/CN=U216JYFZB040.xxxxxxxx.com[0]
  118. issuer=/C=US/ST=Texas/O=The Company
  119. /L=San Antonio/OU=MIS/Email=haines@xxxxxxxx.com/CN=U216JYFZB040.xxxxxxxx.com
  120.  
  121. Continue? (Y/N) y
  122. ssl:client_verify_callback => ok: 1
  123. ssl:client_verify_callback:depth=0 ok=1 err=18-self signed certificate
  124. ssl:client_verify_callback => ok: 1
  125. SSL_connect:3RSC_A SSLv3 read server certificate A
  126. SSL_connect:3RSKEA SSLv3 read server key exchange A
  127. SSL_connect:3RCR_A SSLv3 read server certificate request A
  128. SSL_connect:3RSD_A SSLv3 read server done A
  129. SSL_write_alert
  130. SSL_connect:3WCC_A SSLv3 write client certificate A
  131. SSL_connect:3WCKEA SSLv3 write client key exchange A
  132. SSL_connect:3WCCSA SSLv3 write change cipher spec A
  133. SSL_connect:3WFINA SSLv3 write finished A
  134. SSL_connect:3FLUSH SSLv3 flush data
  135. SSL_read_alert
  136. SSL_connect:failed in 3RFINA SSLv3 read finished A
  137. ftp: SSL/TLS connect COMMAND error: error:14094410:SSL
  138. routines:SSL3_READ_BYTES:
  139. sslv3 alert handshake failure
  140. =>DONE SSL/TLS connect on COMMAND
  141. SSL authentication failed
  142. Connected to U216JYFZB040.xxxxxxxx.com.
  143. 220 U216JYFZB040.xxxxxxxxx.com X2 WS_FTP Server 3.1.3 (1300419582)
  144. ---> AUTH TLS
  145. 234 SSL enabled and waiting for negotiation
  146. TLS accepted as authentication type
  147. SSL DEBUG ACTIVE
  148. =>START SSL/TLS connect on COMMAND
  149. SSL_handshake:UNKWN  before/connect initialization
  150. SSL_connect:UNKWN  before/connect initialization
  151. SSL_connect:3WCH_A SSLv3 write client hello A
  152. SSL_connect:3RSH_A SSLv3 read server hello A
  153. ssl:client_verify_callback:depth=0 ok=0 err=18-self signed certificate
  154. Certificate[0] subject=/C=US/ST=Texas/O=The Company/L=San
  155. Antonio/OU=MIS/Em
  156. ail=haines@xxxxxxxx.com/CN=U216JYFZB040.xxxxxxxx.com
  157. Certificate[0] issuer =/C=US/ST=Texas/O=The Company/L=San
  158. Antonio/OU=MIS/Em
  159. ail=haines@xxxxxxxxx.com/CN=U216JYFZB040.xxxxxxxxx.com
  160. Warning: Server has a self-signed certificate
  161. [0] subject=/C=US/ST=Texas/O=The Company/L=San
  162. Antonio/OU=MIS/Email=haines
  163. @xxxxxxxx.com/CN=U216JYFZB040.xxxxxxxx.com[0]
  164. issuer=/C=US/ST=Texas/O=The Company
  165. /L=San Antonio/OU=MIS/Email=jhaines@xxxxxxxxx.com/CN=U216JYFZB040.xxxxxxxx.com
  166.  
  167. Continue? (Y/N) y
  168. ssl:client_verify_callback => ok: 1
  169. ssl:client_verify_callback:depth=0 ok=1 err=18-self signed certificate
  170. ssl:client_verify_callback => ok: 1
  171. SSL_connect:3RSC_A SSLv3 read server certificate A
  172. SSL_connect:3RSKEA SSLv3 read server key exchange A
  173. SSL_connect:3RCR_A SSLv3 read server certificate request A
  174. SSL_connect:3RSD_A SSLv3 read server done A
  175. SSL_write_alert
  176. SSL_connect:3WCC_A SSLv3 write client certificate A
  177. SSL_connect:3WCKEA SSLv3 write client key exchange A
  178. SSL_connect:3WCCSA SSLv3 write change cipher spec A
  179. SSL_connect:3WFINA SSLv3 write finished A
  180. SSL_connect:3FLUSH SSLv3 flush data
  181. SSL_read_alert
  182. SSL_connect:failed in 3RFINA SSLv3 read finished A
  183. ftp: SSL/TLS connect COMMAND error: error:14094410:SSL
  184. routines:SSL3_READ_BYTES:
  185. sslv3 alert handshake failure
  186. =>DONE SSL/TLS connect on COMMAND
  187. TLS authentication failed
  188. Connected to U216JYFZB040.xxxxxxxx.com.
  189. 220 U216JYFZB040.xxxxxxxx.com X2 WS_FTP Server 3.1.3 (1300421988)
  190. Login failed
  191. ---> QUIT
  192. 221 Good-Bye
  193.  
  194.  
  195. John Haines
  196. Systems Engineer
  197. Benefit Planners
  198.  
  199. (210) 487-7232 phone
  200.