Re: [Proftpd-user] proftpd hanging

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

> However, the error log is more or less a side problem. My main problem
> is that there are no SSL/TLS connections possible any more with
> mod_tls.
> 
> The new release 1.3.3a has been published today and the release notes
> promise a fix of SSL_shutdown() errors. If your assumption is right,
> my mod_tls related problems could be fixed as well. Immediately, I
> build ProFTPD 1.3.3a against OpenSSL 0.9.8n. My test results are
> a bit suprising:
> 
> - The SSL_shutdown() errors do still appear in the log files. The
>   "TLSOptions EnableDiags" just gives some more information.

Could you provide that additional EnableDiags information?  Since I'm not 
able to reproduce the behavior locally, I'm totally dependent on people 
experiencing the issue for data.

The patch for Bug#3419 would still produce the same TLSLog entries; the   
functional change is that for SSL_shutdown() return value, mod_tls no
longer considers it a fatal error and closes the session.  Instead,
mod_tls just logs the case, and moves on with its business.

> - mod_tls connections are possible again, ProFTPD is not hanging 
>   anymore.

That's certainly good news.

> I am happy to have back a working mod_tls enabled ProFTPD of
> the latest release. Nevertheless, I would like to know, if I should
> give an OpenSSL update a try. Latest sub 1.0.x version is 0.9.8o,
> version 1.0.x still needs some time to become more stable.

I just built OpenSSL-0.9.8o on my Ubuntu 9.04 laptop, and ran the mod_tls 
regression tests I have against it, without issue.  Caveat emptor: the 
regression tests rely on Perl's Net::FTPSSL, with which I can't reproduce 
all of the various FTPS client behaviors.  But it's enough for me to say 
"sure, give OpenSSL-0.9.8o a try in your environment to see what happens".
The changes described between OpenSSL-0.9.8o and OpenSSL-0.9.8l, for 
example, don't immediately strike me as likely to cause problems for 
mod_tls.

> By the way: ProFTPD 1.3.2e produces the same SSL_shutdown() log
> errors as 1.3.3 and 1.3.3a do. My tests reveal the following mod_tls
> versions:

Using which FTPS client, exactly?  Not all FTPS clients use the same SSL 
libraries, and the ways in which the clients disconnect/close data 
connections vary quite widely...

Cheers,
TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   Those have most power to hurt us, that we love.

   	-Francis Beaumont

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~