You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by Andreas Asmuss <an...@gmail.com> on 2010/07/28 11:18:59 UTC
FTPS execProt P failing.
Hi
I'm trying to connect to a FileZilla server with FTPS (Camel 2.4). This
works fine as long as I don't try to encrypt the data channel with PROT P.
When I try to do this either serverside or clientside or both the following
happens:
<from
uri="ftps:localhost:1980/inbox?username=camel&password=camel123&consumer.initialDelay=5000&disableSecureDataChannelDefaults=false&securityProtocol=SSL&isImplicit=false"
/>
2010-07-28 11:07:21,682 DEBUG [Camel Thread 0 - ftps://localhost:1980/inbox]
[org.apache.camel.component.file.remote.FtpConsumer]: Not connected/logged
in, connecting to: ftps://camel@localhost:1980
2010-07-28 11:07:22,498 DEBUG [Camel Thread 0 - ftps://localhost:1980/inbox]
[org.apache.camel.component.file.remote.FtpsOperations]: FTPClient
initializing with execProt=P
2010-07-28 11:07:22,499 INFO [Camel Thread 0 - ftps://localhost:1980/inbox]
[org.apache.camel.component.file.remote.FtpConsumer]: Connected and logged
in to: ftps://camel@localhost:1980
2010-07-28 11:07:22,512 WARN [Camel Thread 0 - ftps://localhost:1980/inbox]
[org.apache.camel.component.file.remote.RemoteFilePollingConsumerPollStrategy]:
Trying to recover by disconnecting from remote server forcing a re-connect
at next poll: ftps://camel@localhost:1980
2010-07-28 11:07:22,512 DEBUG [Camel Thread 0 - ftps://localhost:1980/inbox]
[org.apache.camel.component.file.remote.FtpConsumer]: Disconnecting from:
ftps://camel@localhost:1980
2010-07-28 11:07:22,514 WARN [Camel Thread 0 - ftps://localhost:1980/inbox]
[org.apache.camel.component.file.remote.RemoteFilePollingConsumerPollStrategy]:
Consumer
Consumer[ftps://localhost:1980/inbox?consumer.initialDelay=5000&disableSecureDataChannelDefaults=true&execProt=P&isImplicit=false&password=camel123&securityProtocol=SSL&username=camel]
could not poll endpoint:
ftps://localhost:1980/inbox?consumer.initialDelay=5000&disableSecureDataChannelDefaults=true&execProt=P&isImplicit=false&password=camel123&securityProtocol=SSL&username=camel
caused by: File operation failed: 150 Opening data channel for directory
list.
No available certificate or key corresponds to the SSL cipher suites which
are enabled.. Code: 150
org.apache.camel.component.file.GenericFileOperationFailedException: File
operation failed: 150 Opening data channel for directory list.
No available certificate or key corresponds to the SSL cipher suites which
are enabled.. Code: 150
at
org.apache.camel.component.file.remote.FtpOperations.listFiles(FtpOperations.java:468)
What am I missing?
On a related note I think the documentation needs an update:
http://camel.apache.org/ftp2.html - isn't the "useSecureDataChannel" the old
version of "disableSecureDataChannelDefaults"?
FileZilla log:
(000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> 230 Logged on
(000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> TYPE A
(000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> 200 Type set to A
(000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> PBSZ 0
(000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> 200 PBSZ=0
(000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> PROT P
(000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> 200 Protection level set
to P
(000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> SYST
(000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> 215 UNIX emulated by
FileZilla
(000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> PORT 127,0,0,1,210,55
(000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> 200 Port command
successful
(000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> LIST inbox
(000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> 150 Opening data channel
for directory list.
(000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> 426 Connection closed;
transfer aborted.
(000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> QUIT
(000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> 221 Goodbye
--
View this message in context: http://camel.465427.n5.nabble.com/FTPS-execProt-P-failing-tp2256666p2256666.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: FTPS execProt P failing.
Posted by Bengt Rodehav <be...@rodehav.com>.
Glad everything works and yes the data channel will be encrypted when using
passive mode but it's the server who provides the certificate instead of the
client.
/Bengt
2010/8/16 Andreas Asmuss <an...@gmail.com>
>
> Hi Bengt,
>
> Thanks for the response. I have overcome my problems with setting up an
> FTPS
> server and making Camel communicate with it. Both with a server and client
> certificate.
>
> I'm running passive mode with prot p which I believe also results in the
> datachannel being encrypted.
> --
> View this message in context:
> http://camel.465427.n5.nabble.com/FTPS-execProt-P-failing-tp2256933p2636718.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>
Re: FTPS execProt P failing.
Posted by Andreas Asmuss <an...@gmail.com>.
Hi Bengt,
Thanks for the response. I have overcome my problems with setting up an FTPS
server and making Camel communicate with it. Both with a server and client
certificate.
I'm running passive mode with prot p which I believe also results in the
datachannel being encrypted.
--
View this message in context: http://camel.465427.n5.nabble.com/FTPS-execProt-P-failing-tp2256933p2636718.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: FTPS execProt P failing.
Posted by Bengt Rodehav <be...@rodehav.com>.
Andreas,
When you use FTPS in active mode (whether it is explicit or implicit), you
must provide a certificate to be used for the encrypted data transfer. If
you instead use passive mode this is not required. Note that from version
2.4 of Camel, secure data transmission is supported (using PROT P). Before
that, data transmission was not encrypted at all and did of course not
require any certificate.
To create a test certificate you can do as follows:
keytool -genkeypair -keystore store.jks -storepass password -keypass
password -dname "CN=Test Application, OU=Test Department, O=Test Company,
L=Stockholm, ST=Sweden, C=SE"
This will create a java keystore in the file store.jks. The store password
and the key password will be "password". I also added an example of a
distinguished name but maybe that can be skipped. The keystore will contain
a public key and a private key that can be used by ftps.
For this to work you need to add something like the following to your
endpoint URI:
&ftpClient.keyStore.file=store.jks&ftpClient.keyStore.password=password&ftpClient.keyStore.keyPassword=password
/Bengt
P.S.
I came back from two weeks of snorkling and scuba diving in the Red Sea last
night which is why I have been absent.
D.S.
2010/7/30 Andreas Asmuss <an...@gmail.com>
>
> Hi,
>
> I've overcome this problem now though and stepped into a myriad of new ones
> :)
>
> At the moment I can't make FTPSClient/Camel connect to a server that works
> perfectly fine with any other client with FTPS enabled (server
> authentication only). Any idea if FTPSClient is using SSLv2 or v3? Can't
> find any info about it.
>
> Will try to send Bengt a message and see if he's there.
> --
> View this message in context:
> http://camel.465427.n5.nabble.com/FTPS-execProt-P-failing-tp2256933p2259460.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>
Re: FTPS execProt P failing.
Posted by Andreas Asmuss <an...@gmail.com>.
Hi,
I've overcome this problem now though and stepped into a myriad of new ones
:)
At the moment I can't make FTPSClient/Camel connect to a server that works
perfectly fine with any other client with FTPS enabled (server
authentication only). Any idea if FTPSClient is using SSLv2 or v3? Can't
find any info about it.
Will try to send Bengt a message and see if he's there.
--
View this message in context: http://camel.465427.n5.nabble.com/FTPS-execProt-P-failing-tp2256933p2259460.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: FTPS execProt P failing.
Posted by Claus Ibsen <cl...@gmail.com>.
Hi
There was another Camel end user, Bengt who helped with getting the
FTPS stuff into Camel 2.4.
He may be on vacation or something, but try to get his attention.
On Wed, Jul 28, 2010 at 11:18 AM, Andreas Asmuss
<an...@gmail.com> wrote:
>
> Hi
>
> I'm trying to connect to a FileZilla server with FTPS (Camel 2.4). This
> works fine as long as I don't try to encrypt the data channel with PROT P.
> When I try to do this either serverside or clientside or both the following
> happens:
>
> <from
> uri="ftps:localhost:1980/inbox?username=camel&password=camel123&consumer.initialDelay=5000&disableSecureDataChannelDefaults=false&securityProtocol=SSL&isImplicit=false"
> />
>
> 2010-07-28 11:07:21,682 DEBUG [Camel Thread 0 - ftps://localhost:1980/inbox]
> [org.apache.camel.component.file.remote.FtpConsumer]: Not connected/logged
> in, connecting to: ftps://camel@localhost:1980
> 2010-07-28 11:07:22,498 DEBUG [Camel Thread 0 - ftps://localhost:1980/inbox]
> [org.apache.camel.component.file.remote.FtpsOperations]: FTPClient
> initializing with execProt=P
> 2010-07-28 11:07:22,499 INFO [Camel Thread 0 - ftps://localhost:1980/inbox]
> [org.apache.camel.component.file.remote.FtpConsumer]: Connected and logged
> in to: ftps://camel@localhost:1980
> 2010-07-28 11:07:22,512 WARN [Camel Thread 0 - ftps://localhost:1980/inbox]
> [org.apache.camel.component.file.remote.RemoteFilePollingConsumerPollStrategy]:
> Trying to recover by disconnecting from remote server forcing a re-connect
> at next poll: ftps://camel@localhost:1980
> 2010-07-28 11:07:22,512 DEBUG [Camel Thread 0 - ftps://localhost:1980/inbox]
> [org.apache.camel.component.file.remote.FtpConsumer]: Disconnecting from:
> ftps://camel@localhost:1980
> 2010-07-28 11:07:22,514 WARN [Camel Thread 0 - ftps://localhost:1980/inbox]
> [org.apache.camel.component.file.remote.RemoteFilePollingConsumerPollStrategy]:
> Consumer
> Consumer[ftps://localhost:1980/inbox?consumer.initialDelay=5000&disableSecureDataChannelDefaults=true&execProt=P&isImplicit=false&password=camel123&securityProtocol=SSL&username=camel]
> could not poll endpoint:
> ftps://localhost:1980/inbox?consumer.initialDelay=5000&disableSecureDataChannelDefaults=true&execProt=P&isImplicit=false&password=camel123&securityProtocol=SSL&username=camel
> caused by: File operation failed: 150 Opening data channel for directory
> list.
> No available certificate or key corresponds to the SSL cipher suites which
> are enabled.. Code: 150
> org.apache.camel.component.file.GenericFileOperationFailedException: File
> operation failed: 150 Opening data channel for directory list.
> No available certificate or key corresponds to the SSL cipher suites which
> are enabled.. Code: 150
> at
> org.apache.camel.component.file.remote.FtpOperations.listFiles(FtpOperations.java:468)
>
> What am I missing?
>
> On a related note I think the documentation needs an update:
> http://camel.apache.org/ftp2.html - isn't the "useSecureDataChannel" the old
> version of "disableSecureDataChannelDefaults"?
>
> FileZilla log:
> (000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> 230 Logged on
> (000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> TYPE A
> (000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> 200 Type set to A
> (000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> PBSZ 0
> (000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> 200 PBSZ=0
> (000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> PROT P
> (000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> 200 Protection level set
> to P
> (000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> SYST
> (000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> 215 UNIX emulated by
> FileZilla
> (000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> PORT 127,0,0,1,210,55
> (000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> 200 Port command
> successful
> (000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> LIST inbox
> (000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> 150 Opening data channel
> for directory list.
> (000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> 426 Connection closed;
> transfer aborted.
> (000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> QUIT
> (000088) 28-07-2010 11:17:13 - camel (127.0.0.1)> 221 Goodbye
> --
> View this message in context: http://camel.465427.n5.nabble.com/FTPS-execProt-P-failing-tp2256666p2256666.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>
--
Claus Ibsen
Apache Camel Committer
Author of Camel in Action: http://www.manning.com/ibsen/
Open Source Integration: http://fusesource.com
Blog: http://davsclaus.blogspot.com/
Twitter: http://twitter.com/davsclaus