[alsa-devel] ftp.alsa-project.org connection problems
Hi Iam not sure this is the correct place to report this to but i didnt see it being reported anywhere yet on the ML archive or google since a few days wget from ftp://ftp.alsa-project.org does not work anymore This was noticed as it broke the ffmpeg oss-fuzz build: https://oss-fuzz-build-logs.storage.googleapis.com/log-a252663b-b71c-49f3-88... and it is locally and on another server reproducable so it seems not a issue "on my side" intererstingly it works without pasv mode wget ftp://ftp.alsa-project.org/pub/lib/alsa-lib-1.1.0.tar.bz2 --2019-02-25 18:30:15-- ftp://ftp.alsa-project.org/pub/lib/alsa-lib-1.1.0.tar.bz2 => ‘alsa-lib-1.1.0.tar.bz2’ Resolving ftp.alsa-project.org (ftp.alsa-project.org)... 207.180.221.201 Connecting to ftp.alsa-project.org (ftp.alsa-project.org)|207.180.221.201|:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD (1) /pub/lib ... done. ==> SIZE alsa-lib-1.1.0.tar.bz2 ... 929874 ==> PASV ... couldn't connect to 207.180.221.201 port 35333: No route to host wget --no-passive-ftp ftp://ftp.alsa-project.org/pub/lib/alsa-lib-1.1.0.tar.bz2 --2019-02-25 18:30:22-- ftp://ftp.alsa-project.org/pub/lib/alsa-lib-1.1.0.tar.bz2 => ‘alsa-lib-1.1.0.tar.bz2’ Resolving ftp.alsa-project.org (ftp.alsa-project.org)... 207.180.221.201 Connecting to ftp.alsa-project.org (ftp.alsa-project.org)|207.180.221.201|:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD (1) /pub/lib ... done. ==> SIZE alsa-lib-1.1.0.tar.bz2 ... 929874 ==> PORT ... done. ==> RETR alsa-lib-1.1.0.tar.bz2 ... done. Length: 929874 (908K) (unauthoritative) 100%[===========================================================================================================================================================================================================================================================================>] 929,874 2.43MB/s in 0.4s 2019-02-25 18:30:22 (2.43 MB/s) - ‘alsa-lib-1.1.0.tar.bz2’ saved [929874] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB I know you won't believe me, but the highest form of Human Excellence is to question oneself and others. -- Socrates
Dne 25. 02. 19 v 19:04 Michael Niedermayer napsal(a):
Hi
Iam not sure this is the correct place to report this to but i didnt see it being reported anywhere yet on the ML archive or google
...
==> PASV ... couldn't connect to 207.180.221.201 port 35333: No route to host Hi,
it seems that the ftp conntrack module was not loaded correctly after reboot, so the firewall blocks the passive connections. Could you give a try again? Jaroslav -- Jaroslav Kysela <perex@perex.cz> Linux Sound Maintainer; ALSA Project; Red Hat, Inc.
On Mon, Feb 25, 2019 at 08:52:33PM +0100, Jaroslav Kysela wrote:
Dne 25. 02. 19 v 19:04 Michael Niedermayer napsal(a):
Hi
Iam not sure this is the correct place to report this to but i didnt see it being reported anywhere yet on the ML archive or google
...
==> PASV ... couldn't connect to 207.180.221.201 port 35333: No route to host Hi,
it seems that the ftp conntrack module was not loaded correctly after reboot, so the firewall blocks the passive connections. Could you give a try again?
works fine locally Thanks! [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB The smallest minority on earth is the individual. Those who deny individual rights cannot claim to be defenders of minorities. - Ayn Rand
On Mon, Feb 25, 2019 at 09:43:47PM +0100, Michael Niedermayer wrote:
On Mon, Feb 25, 2019 at 08:52:33PM +0100, Jaroslav Kysela wrote:
Dne 25. 02. 19 v 19:04 Michael Niedermayer napsal(a):
Hi
Iam not sure this is the correct place to report this to but i didnt see it being reported anywhere yet on the ML archive or google
...
==> PASV ... couldn't connect to 207.180.221.201 port 35333: No route to host Hi,
it seems that the ftp conntrack module was not loaded correctly after reboot, so the firewall blocks the passive connections. Could you give a try again?
works fine locally
Thanks!
Another related issue we tried to switch to https and that fails too with wget but works with browsers It appears this is due to a incomplete certificate chain https://www.ssllabs.com/ssltest/analyze.html?d=www.alsa-project.org&hideResults=on "This server's certificate chain is incomplete. Grade capped to B." IIRC we had a similar issue on one of our servers too, required certificates to be concatenated together, so might be thats the same, or not ... wget https://www.alsa-project.org/files/pub/lib/alsa-lib-1.1.0.tar.bz2 --2019-02-28 12:53:25-- https://www.alsa-project.org/files/pub/lib/alsa-lib-1.1.0.tar.bz2 Resolving www.alsa-project.org (www.alsa-project.org)... 207.180.221.201 Connecting to www.alsa-project.org (www.alsa-project.org)|207.180.221.201|:443... connected. ERROR: cannot verify www.alsa-project.org's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3’: Unable to locally verify the issuer's authority. [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB "You are 36 times more likely to die in a bathtub than at the hands of a terrorist. Also, you are 2.5 times more likely to become a president and 2 times more likely to become an astronaut, than to die in a terrorist attack." -- Thoughty2
Dne 28. 02. 19 v 12:58 Michael Niedermayer napsal(a):
On Mon, Feb 25, 2019 at 09:43:47PM +0100, Michael Niedermayer wrote:
On Mon, Feb 25, 2019 at 08:52:33PM +0100, Jaroslav Kysela wrote:
Dne 25. 02. 19 v 19:04 Michael Niedermayer napsal(a):
Hi
Iam not sure this is the correct place to report this to but i didnt see it being reported anywhere yet on the ML archive or google
...
==> PASV ... couldn't connect to 207.180.221.201 port 35333: No route to host Hi,
it seems that the ftp conntrack module was not loaded correctly after reboot, so the firewall blocks the passive connections. Could you give a try again?
works fine locally
Thanks!
Another related issue we tried to switch to https and that fails too with wget but works with browsers It appears this is due to a incomplete certificate chain
https://www.ssllabs.com/ssltest/analyze.html?d=www.alsa-project.org&hideResults=on "This server's certificate chain is incomplete. Grade capped to B."
Yep, you're right. The Let's Encrypt X3 CA certificate was missing in the chain. Fixed now. We are in Grade A now. Jaroslav -- Jaroslav Kysela <perex@perex.cz> Linux Sound Maintainer; ALSA Project; Red Hat, Inc.
participants (2)
-
Jaroslav Kysela -
Michael Niedermayer