[BlueOnyx:16320] Re: FTP unavailability explained
Michael Stauber
mstauber at blueonyx.it
Thu Oct 30 12:57:30 -05 2014
Hi Chris,
Thanks, Chris. That's helpful.
I'm currently building & testing RPMs for the FTP issue. While that's
cooking, I have a moment to explain our predicament here:
Before I had published the updated ProFTPd RPMs, I had tested if FTPS
was working and it did. I didn't check regular FTP, because ...
seriously: Why would that ever break?
Bad mistake.
This morning it quickly turned out to be the problem that was the most
difficult to fix, so I decided to fix all other issues that the updates
caused first of all.
My first impulse was to do a Rollback and to re-publish ProFTPd-1.3.4d.
Due to the version number being lower what people had by now, I would
either have needed to "cheat" with the version number, or throw in an
Epoch number, so that YUM would install 1.3.4d over the 1.3.5.
That would have fixed FTP, but would have left us with the SSLv3
protocol enabled on FTP.
Building ProFTPd-1.3.4e (the latest of the 1.3.4 branch) also turned out
to be a dead end: It only supports SSLv3 and TLSv1.0. But not TLSv1.1 or
TLSv1.2. Worse: If SSLv3 is disabled in it, then even TLSv1.0 won't work
anymore. That's a total train wreck that is only really fixed in
ProFTPd-1.3.5.
So a Rollback was not an option.
How to fix ProFTPd-1.3.5 to allow both FTP and FTPS? According to the
Proftpd documentation there is NO indication that the old config
wouldn't work the same way as before. And there we had both FTP and FTPS
working with the same config file.
There are only very few ProFTPD-1.3.5 SRPMs available out there and this
morning I looked at all. Even the one from DirectAdmin. Long story
short: At this time I see no way to run ProFTPd-1.3.5 with one config
file for both FTP and FTPS.
So this left us with the suggestion from Dirk Estenfeld: Create separate
configs. One proftpd.conf for pure FTP and one proftpds.conf for FTPS.
This required extensive changes in base-ftp.mod, which were just
finished and tested. And it requires yet another rebuild of the ProFTPd
RPM, which is currently cooking.
If all goes well, then updates should be available within the hour.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list