SSL and TLS support in XBMC's FTP client (libcurl / curl) for FTPS

jmarshall Wrote:It should work out of the box I think - try using ftps:// style URLs. I recall that there's some information on the forums already about this that a search may turn up?

Cheers,
Jonathan

Dear Jonathan, I indeed already found this thread. However it is only referring to secure-FTP over SSL or TLS (at port 21 or 910), not *Nix FTP over SSH (FTP tunneled over an SSH connection @ port 22). I first tried to get XBMC to work with the VsFTP with SSL/TLS-support (which should work with the ftps://) on the server site, but somehow I'm unable to get this to work properly (although I've been a Linux administrator and developer for many years now). This is the reason I wanted to give FTP over SSH a try, but it looks like this is currently not available on XBMC....?

I still can't get this to work. Any Help is awesome. My log is below.
I have the FTP address in my sources.xml as
I have also tried
in flashfxp i have secure file listing and secure file transfer checked...

any ideas?

When I connect in FlashFXP, I have to accept a certificate from the server.
in flashfxp i have secure file listing and secure file transfer checked...

any ideas?

hattmall Wrote:I still can't get this to work. Any Help is awesome. My log is below.
I have the FTP address in my sources.xml as

Code:

ftps://un:pw@private.myftp.org:21107?auth=ssl

I have also tried

Code:

ftps://un:pw@private.myftp.org:21107/?auth=ssl

in flashfxp i have secure file listing and secure file transfer checked...

any ideas?

When I connect in FlashFXP, I have to accept a certificate from the server.
in flashfxp i have secure file listing and secure file transfer checked...

any ideas?

Code:

08:45:59 M: 43474944   DEBUG: CApplication::OnKey: 256 pressed, action is 7
08:45:59 M: 44269568   DEBUG: Clearing cached fileitems [ftps://un:pw@private.myftp.org:21107/]
08:45:59 M: 44515328   DEBUG: CGUIMediaWindow::GetDirectory (ftps://un:pw@private.myftp.org:21107/)
08:45:59 M: 44515328   DEBUG:   ParentPath = []
08:45:59 M: 44032000   DEBUG: Unable to resolve kernel32.dll PeekNamedPipe
08:45:59 M: 44032000   DEBUG: Dll MSVCP71.dll was not found in path
08:45:59 M: 44032000   DEBUG: Unable to load referenced dll MSVCP71.dll - Dll: Q:\system\libcurl.dll
08:45:59 M: 44032000   DEBUG: Unable to resolve MSVCP71.dll ?_Nomemory@std@@YAXXZ
08:45:59 M: 44032000   DEBUG: kernel32.dll fake function DisableThreadLibraryCalls called
08:45:59 M: 44032000   DEBUG: FileCurl::Open(D00A0CF0) ftps://un:pw@private.myftp.org:21107/
08:45:59 M: 43995136    INFO: XCURL::DllLibCurlGlobal::easy_aquire - Created session to ftps://private.myftp.org
08:45:59 M: 43892736   DEBUG: Curl:: Debug About to connect() to private.myftp.org port 21107 (#0)
08:45:59 M: 43892736   DEBUG: Curl:: Debug   Trying xx.xx.xx.xx...
08:45:59 M: 43892736   DEBUG: Curl:: Debug Connected to private.myftp.org (69.65.40.39) port 21107 (#0)
08:45:59 M: 43892736   DEBUG: Curl:: Debug libcurl is now using a weak random seed!
08:45:59 M: 43892736   DEBUG: advapi32.dll fake function dllCryptAcquireContext() called
08:45:59 M: 43892736 WARNING: dllrecv - called with MSG_PEEK set, attempting workaround
08:45:59 M: 43892736 WARNING: dllrecv - called with MSG_PEEK set, attempting workaround
08:45:59 M: 43892736 WARNING: dllrecv - called with MSG_PEEK set, attempting workaround
08:46:01 M: 43880448    INFO: Loading skin file: DialogBusy.xml
08:46:01 M: 43880448   DEBUG: Load DialogBusy.xml: 24.67ms
08:46:01 M: 43880448   DEBUG: Alloc resources: 25.09ms (25.08 ms skin load, 0.00 ms preload)
08:46:09 M: 43741184   DEBUG: Curl:: Debug SSL connection timeout
08:46:09 M: 43741184   DEBUG: Curl:: Debug Expire cleared
08:46:09 M: 43741184   DEBUG: Curl:: Debug Closing connection #0
08:46:09 M: 43741184   DEBUG: advapi32.dll fake function dllCryptReleaseContext() called
08:46:09 M: 43741184   ERROR: CFileCurl::CReadState::Open, didn't get any data from stream.
08:46:09 M: 43741184   DEBUG: FileCurl::Close(D00A0CF0) ftps://un:pw@private.myftp.org:21107/
08:46:09 M: 43843584   ERROR: CGUIMediaWindow::GetDirectory(ftps://un:pw@private.myftp.org:21107/) failed
08:46:09 M: 43843584   DEBUG: CGUIMediaWindow::GetDirectory ()
08:46:09 M: 43843584   DEBUG:   ParentPath = []
08:46:09 M: 43319296    INFO: Loading skin file: DialogOK.xml
08:46:09 M: 43319296   DEBUG: Load DialogOK.xml: 18.34ms
08:46:09 M: 43827200   DEBUG: Alloc resources: 5.27ms (0.00 ms skin load, 0.17 ms preload)
08:46:10 M: 43401216   DEBUG: CApplication::OnKey: 256 pressed, action is 7
08:46:14 M: 43765760    INFO: XCURL::DllLibCurlGlobal::CheckIdle - Closing session to ftps ://private.myftp.org (easy=00BC4B90, multi=00C4C2B0)
08:46:14 M: 43802624   DEBUG: CApplication::OnKey: 274 pressed, action is 122
08:46:14 M: 43802624   DEBUG: Activating window ID: 10114
08:46:14 M: 43802624   DEBUG: Checking if window ID 10114 is locked.
08:46:14 M: 43802624    INFO: Loading skin file: PlayerControls.xml
08:46:14 M: 43802624   DEBUG: Load PlayerControls.xml: 16.45ms
08:46:14 M: 43745280   DEBUG: Alloc resources: 22.80ms (16.96 ms skin load, 0.67 ms preload)
08:46:14 M: 43745280   DEBUG: CApplication::OnKey: 278 pressed, action is 111
08:46:14 M: 43745280   DEBUG: CApplication::OnKey: 275 pressed, action is 51

I've been debugging this issue too, but I also failed to get it to work. It currently seems to use port 990 by default, which is implicit ftps (the connection is secured right from the start). But what we need is explicit ftps which uses port 21 by default, starts as an ordinary FTP connection but is later on turned into a secured connection on the client's request. I still haven't figured out how I can tell XBMC to do the latter. Unfortunately implicit FTP is obsolete AFAIK and most newer FTP servers only support explicit ftps.

I don't know whether there is already a bug report in trac, but if there isn't, I'd suggest to do so, because there is certainly something wrong here.

XBMC is using: CURLOPT_FTP_SSL. I think curl was updated to a recent version? And therefore should use: CURLOPT_USE_SSL

"Pass a long using one of the values from below, to make libcurl use your desired level of SSL for the ftp transfer. (Added in 7.11.0)
(This option was known as CURLOPT_FTP_SSL up to 7.16.4, and the constants were known as CURLFTPSSL_*)"


Dunno if this is the problem. I'm trying to figure out how to add FTPS in my own application, where I get garbage upload and timing out

ultrabrutal Wrote:XBMC is using: CURLOPT_FTP_SSL. I think curl was updated to a recent version? And therefore should use: CURLOPT_USE_SSL

"Pass a long using one of the values from below, to make libcurl use your desired level of SSL for the ftp transfer. (Added in 7.11.0)
(This option was known as CURLOPT_FTP_SSL up to 7.16.4, and the constants were known as CURLFTPSSL_*)"


Dunno if this is the problem. I'm trying to figure out how to add FTPS in my own application, where I get garbage upload and timing out

I tried your suggestion, but still I can't get it to work. I tried it (again) with SSL and TLS. The server side is complaining like this:
I think there is simply something missing (somekind of SSL/TLS lib?) to get this to work....

XBMC's libcurl uses yassl which has some lack in certificate support. Dunno if this is the reason but we might have to update to libcurl with OpenSSL in future.
You can also try compiling the newest libcurl (also with yassl) located in the linuxbranch -> linuxport\XBMC\xbmc\lib\libcurl\libcurl_win32
The dll is not yet part of the official distribution.

anyone made this work yet? i get the same error as hattmall when i try

Nope, it's not working yet...

cant se why theres no bigger interest in this, why would anyone like to run unsecure? or is it that its so difficult to add?

cheeerzzz

anything new here?
I can download videos from my FTPS server with curl using is there a way to make xbmc send these parameters to libcurl?