LIST: cURL error 425 when using FTPS

[jmesters]

I'm having an error 425 when using cURL (curl 7.55.1 (Windows) libcurl/7.55.1 WinSSL) in the FTPS mode.
This issue only appears with cURL and in FTPS.
I have no trouble using FileZilla in FTPS or cURL in FTP for example.

Therefore I'm not sure if the problem comes from cURL or this library.

Here is the verbose connection log:

❯ curl --ftp-ssl --user "user:password" ftp://ftp.xxx.com -v

• Rebuilt URL to: ftp://ftp.xxx.com/
• Trying xxx...
• TCP_NODELAY set
• Connected to ftp.xxx.com (xxx) port 21 (#0)
  < 220-Welcome to FTP server
  < 220 Ready

AUTH SSL
< 504 Command parameter not supported
AUTH TLS
< 234 Honored

• schannel: SSL/TLS connection with ftp.xxx.com port 21 (step 1/3)
• schannel: checking server certificate revocation
• schannel: sending initial handshake data: sending 191 bytes...
• schannel: sent initial handshake data: sent 191 bytes
• schannel: SSL/TLS connection with ftp.xxx.com port 21 (step 2/3)
• schannel: failed to receive handshake, need more data
• schannel: SSL/TLS connection with ftp.xxx.com port 21 (step 2/3)
• schannel: encrypted data got 2954
• schannel: encrypted data buffer: offset 2954 length 4096
• schannel: sending next handshake data: sending 93 bytes...
• schannel: SSL/TLS connection with ftp.xxx.com port 21 (step 2/3)
• schannel: encrypted data got 226
• schannel: encrypted data buffer: offset 226 length 4096
• schannel: SSL/TLS handshake complete
• schannel: SSL/TLS connection with ftp.xxx.com port 21 (step 3/3)
• schannel: stored credential handle in session cache

USER xxx

• schannel: client wants to read 102400 bytes
• schannel: encdata_buffer resized 103424
• schannel: encrypted data buffer: offset 0 length 103424
• schannel: encrypted data got 67
• schannel: encrypted data buffer: offset 67 length 103424
• schannel: decrypted data length: 38
• schannel: decrypted data added: 38
• schannel: decrypted data cached: offset 38 length 102400
• schannel: encrypted data buffer: offset 0 length 103424
• schannel: decrypted data buffer: offset 38 length 102400
• schannel: schannel_recv cleanup
• schannel: decrypted data returned 38
• schannel: decrypted data buffer: offset 0 length 102400
  < 331 Username okay, awaiting password

PASS xxx

• schannel: client wants to read 102400 bytes
• schannel: encrypted data buffer: offset 0 length 103424
• schannel: encrypted data got 58
• schannel: encrypted data buffer: offset 58 length 103424
• schannel: decrypted data length: 29
• schannel: decrypted data added: 29
• schannel: decrypted data cached: offset 29 length 102400
• schannel: encrypted data buffer: offset 0 length 103424
• schannel: decrypted data buffer: offset 29 length 102400
• schannel: schannel_recv cleanup
• schannel: decrypted data returned 29
• schannel: decrypted data buffer: offset 0 length 102400
  < 230 User logged in, proceed

PBSZ 0

• schannel: client wants to read 102400 bytes
• schannel: encrypted data buffer: offset 0 length 103424
• schannel: encrypted data got 37
• schannel: encrypted data buffer: offset 37 length 103424
• schannel: decrypted data length: 8
• schannel: decrypted data added: 8
• schannel: decrypted data cached: offset 8 length 102400
• schannel: encrypted data buffer: offset 0 length 103424
• schannel: decrypted data buffer: offset 8 length 102400
• schannel: schannel_recv cleanup
• schannel: decrypted data returned 8
• schannel: decrypted data buffer: offset 0 length 102400
  < 200 OK

PROT P

• schannel: client wants to read 102400 bytes
• schannel: encrypted data buffer: offset 0 length 103424
• schannel: encrypted data got 37
• schannel: encrypted data buffer: offset 37 length 103424
• schannel: decrypted data length: 8
• schannel: decrypted data added: 8
• schannel: decrypted data cached: offset 8 length 102400
• schannel: encrypted data buffer: offset 0 length 103424
• schannel: decrypted data buffer: offset 8 length 102400
• schannel: schannel_recv cleanup
• schannel: decrypted data returned 8
• schannel: decrypted data buffer: offset 0 length 102400
  < 200 OK

PWD

• schannel: client wants to read 102400 bytes
• schannel: encrypted data buffer: offset 0 length 103424
• schannel: encrypted data got 38
• schannel: encrypted data buffer: offset 38 length 103424
• schannel: decrypted data length: 9
• schannel: decrypted data added: 9
• schannel: decrypted data cached: offset 9 length 102400
• schannel: encrypted data buffer: offset 0 length 103424
• schannel: decrypted data buffer: offset 9 length 102400
• schannel: schannel_recv cleanup
• schannel: decrypted data returned 9
• schannel: decrypted data buffer: offset 0 length 102400
  < 257 "/"
• Entry path is '/'

EPSV

• Connect data stream passively
• ftp_perform ends with SECONDARY: 0
• schannel: client wants to read 102400 bytes
• schannel: encrypted data buffer: offset 0 length 103424
• schannel: encrypted data got 54
• schannel: encrypted data buffer: offset 54 length 103424
• schannel: decrypted data length: 25
• schannel: decrypted data added: 25
• schannel: decrypted data cached: offset 25 length 102400
• schannel: encrypted data buffer: offset 0 length 103424
• schannel: decrypted data buffer: offset 25 length 102400
• schannel: schannel_recv cleanup
• schannel: decrypted data returned 25
• schannel: decrypted data buffer: offset 0 length 102400
  < 229 EPSV OK (|||30001|)
• Trying xxx...
• TCP_NODELAY set
• Connecting to xxx (xxx) port 30001
• Connected to ftp.xxx.com (xxx) port 21 (#0)

TYPE A

• schannel: client wants to read 102400 bytes
• schannel: encrypted data buffer: offset 0 length 103424
• schannel: encrypted data got 67
• schannel: encrypted data buffer: offset 67 length 103424
• schannel: decrypted data length: 38
• schannel: decrypted data added: 38
• schannel: decrypted data cached: offset 38 length 102400
• schannel: encrypted data buffer: offset 0 length 103424
• schannel: decrypted data buffer: offset 38 length 102400
• schannel: schannel_recv cleanup
• schannel: decrypted data returned 38
• schannel: decrypted data buffer: offset 0 length 102400
  < 200 Switch to "ascii" transfer mode.

LIST

• schannel: client wants to read 102400 bytes
• schannel: encrypted data buffer: offset 0 length 103424
• schannel: encrypted data got 60
• schannel: encrypted data buffer: offset 60 length 103424
• schannel: decrypted data length: 31
• schannel: decrypted data added: 31
• schannel: decrypted data cached: offset 31 length 102400
• schannel: encrypted data buffer: offset 0 length 103424
• schannel: decrypted data buffer: offset 31 length 102400
• schannel: schannel_recv cleanup
• schannel: decrypted data returned 31
• schannel: decrypted data buffer: offset 0 length 102400
  < 425 No connection established
• RETR response: 425
• Remembering we are in dir ""
• Connection #0 to host ftp.xxx.com left intact
  curl: (19) RETR response: 425

On the server side:

{"name":"logger","hostname":"374f5f6cb81c","pid":19,"id":"f03791c8-7ca2-44f1-8e64-67ceaf53245b","ip":"redacted","directive":"LIST","level":50,"err":{"message":"operation timed out","name":"TimeoutError","stack":"TimeoutError: operation timed out\n at afterTimeout (/home/node/app/node_modules/bluebird/js/release/timers.js:46:19)\n at Timeout.timeoutTimeout [as _onTimeout] (/home/node/app/node_modules/bluebird/js/release/timers.js:76:13)\n at listOnTimeout (node:internal/timers:556:17)\n at processTimers (node:internal/timers:499:7)"},"msg":"operation timed out","time":"2020-12-18T14:02:14.385Z","v":0}

[tiwazs]

having the same problem when I try to connect using ftps from android, did you manage to solve it?

[jmesters]

having the same problem when I try to connect using ftps from android, did you manage to solve it?

Unfortunately not. In the end I used wget instead.

[matt-forster]

This may be related to #252 - and the fact that Node does not support correct session resumption using TLS.

[matt-forster]

I'm going to close this in favour of that issue for now - please make your voice heard if you think this is the wrong decision.