[alsa-devel] ftp.alsa-project.org connection problems
Hi
Iam not sure this is the correct place to report this to but i didnt see it being reported anywhere yet on the ML archive or google
since a few days wget from ftp://ftp.alsa-project.org does not work anymore This was noticed as it broke the ffmpeg oss-fuzz build: https://oss-fuzz-build-logs.storage.googleapis.com/log-a252663b-b71c-49f3-88...
and it is locally and on another server reproducable so it seems not a issue "on my side" intererstingly it works without pasv mode
wget ftp://ftp.alsa-project.org/pub/lib/alsa-lib-1.1.0.tar.bz2 --2019-02-25 18:30:15-- ftp://ftp.alsa-project.org/pub/lib/alsa-lib-1.1.0.tar.bz2 => ‘alsa-lib-1.1.0.tar.bz2’ Resolving ftp.alsa-project.org (ftp.alsa-project.org)... 207.180.221.201 Connecting to ftp.alsa-project.org (ftp.alsa-project.org)|207.180.221.201|:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD (1) /pub/lib ... done. ==> SIZE alsa-lib-1.1.0.tar.bz2 ... 929874 ==> PASV ... couldn't connect to 207.180.221.201 port 35333: No route to host
wget --no-passive-ftp ftp://ftp.alsa-project.org/pub/lib/alsa-lib-1.1.0.tar.bz2 --2019-02-25 18:30:22-- ftp://ftp.alsa-project.org/pub/lib/alsa-lib-1.1.0.tar.bz2 => ‘alsa-lib-1.1.0.tar.bz2’ Resolving ftp.alsa-project.org (ftp.alsa-project.org)... 207.180.221.201 Connecting to ftp.alsa-project.org (ftp.alsa-project.org)|207.180.221.201|:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD (1) /pub/lib ... done. ==> SIZE alsa-lib-1.1.0.tar.bz2 ... 929874 ==> PORT ... done. ==> RETR alsa-lib-1.1.0.tar.bz2 ... done. Length: 929874 (908K) (unauthoritative)
100%[===========================================================================================================================================================================================================================================================================>] 929,874 2.43MB/s in 0.4s
2019-02-25 18:30:22 (2.43 MB/s) - ‘alsa-lib-1.1.0.tar.bz2’ saved [929874]
Dne 25. 02. 19 v 19:04 Michael Niedermayer napsal(a):
Hi
Iam not sure this is the correct place to report this to but i didnt see it being reported anywhere yet on the ML archive or google
...
==> PASV ... couldn't connect to 207.180.221.201 port 35333: No route to host
Hi,
it seems that the ftp conntrack module was not loaded correctly after reboot, so the firewall blocks the passive connections. Could you give a try again?
Jaroslav
On Mon, Feb 25, 2019 at 08:52:33PM +0100, Jaroslav Kysela wrote:
Dne 25. 02. 19 v 19:04 Michael Niedermayer napsal(a):
Hi
Iam not sure this is the correct place to report this to but i didnt see it being reported anywhere yet on the ML archive or google
...
==> PASV ... couldn't connect to 207.180.221.201 port 35333: No route to host
Hi,
it seems that the ftp conntrack module was not loaded correctly after reboot, so the firewall blocks the passive connections. Could you give a try again?
works fine locally
Thanks!
[...]
On Mon, Feb 25, 2019 at 09:43:47PM +0100, Michael Niedermayer wrote:
On Mon, Feb 25, 2019 at 08:52:33PM +0100, Jaroslav Kysela wrote:
Dne 25. 02. 19 v 19:04 Michael Niedermayer napsal(a):
Hi
Iam not sure this is the correct place to report this to but i didnt see it being reported anywhere yet on the ML archive or google
...
==> PASV ... couldn't connect to 207.180.221.201 port 35333: No route to host
Hi,
it seems that the ftp conntrack module was not loaded correctly after reboot, so the firewall blocks the passive connections. Could you give a try again?
works fine locally
Thanks!
Another related issue we tried to switch to https and that fails too with wget but works with browsers It appears this is due to a incomplete certificate chain
https://www.ssllabs.com/ssltest/analyze.html?d=www.alsa-project.org&hide... "This server's certificate chain is incomplete. Grade capped to B."
IIRC we had a similar issue on one of our servers too, required certificates to be concatenated together, so might be thats the same, or not ...
wget https://www.alsa-project.org/files/pub/lib/alsa-lib-1.1.0.tar.bz2 --2019-02-28 12:53:25-- https://www.alsa-project.org/files/pub/lib/alsa-lib-1.1.0.tar.bz2 Resolving www.alsa-project.org (www.alsa-project.org)... 207.180.221.201 Connecting to www.alsa-project.org (www.alsa-project.org)|207.180.221.201|:443... connected. ERROR: cannot verify www.alsa-project.org's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3’: Unable to locally verify the issuer's authority.
[...]
Dne 28. 02. 19 v 12:58 Michael Niedermayer napsal(a):
On Mon, Feb 25, 2019 at 09:43:47PM +0100, Michael Niedermayer wrote:
On Mon, Feb 25, 2019 at 08:52:33PM +0100, Jaroslav Kysela wrote:
Dne 25. 02. 19 v 19:04 Michael Niedermayer napsal(a):
Hi
Iam not sure this is the correct place to report this to but i didnt see it being reported anywhere yet on the ML archive or google
...
==> PASV ... couldn't connect to 207.180.221.201 port 35333: No route to host
Hi,
it seems that the ftp conntrack module was not loaded correctly after reboot, so the firewall blocks the passive connections. Could you give a try again?
works fine locally
Thanks!
Another related issue we tried to switch to https and that fails too with wget but works with browsers It appears this is due to a incomplete certificate chain
https://www.ssllabs.com/ssltest/analyze.html?d=www.alsa-project.org&hide... "This server's certificate chain is incomplete. Grade capped to B."
Yep, you're right. The Let's Encrypt X3 CA certificate was missing in the chain. Fixed now. We are in Grade A now.
Jaroslav
participants (2)
-
Jaroslav Kysela -
Michael Niedermayer