[Xymon] ftps tests

Galen Johnson Galen.Johnson at sas.com
Fri Dec 18 19:19:43 CET 2015


Well, I was able to get it to connect using


openssl s_client -starttls ftp -crlf -connect remote.host:21


This dumps the cert as expected...


It should work the same as ftp/ftpd only using implicit ftps.  That said, I would have thought ftps would have worked but I expect under the covers xymonnet is just doing something different.  I doubt adding the following stanza would help:


[ftpstls]
   send "quit\r\n"
   expect "220"
   options ssl,banner
   port 21


Any thoughts on how we might be able to integrate this?


=G=


________________________________
From: Xymon <xymon-bounces at xymon.com> on behalf of Galen Johnson <Galen.Johnson at sas.com>
Sent: Friday, December 18, 2015 1:03 PM
To: Jeremy Laidman; Japheth Cleaver; xymon at xymon.com
Subject: Re: [Xymon] ftps tests


Actually, it may not be as bad as all that.  openssl already supports this.  Not 100% sure but I thought Xymon leveraged that for the ssl connections.  I'm looking at https://www.madboa.com/geek/openssl/.  The syntax is not exactly correct there but I'm currently trying to amend it.  Looking at https://www.openssl.org/docs/manmaster/apps/s_client.html, the openssl s_client supports starttls for ftp (Currently, the only supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp", "xmpp-server", and "irc.")


=G=


________________________________
From: Jeremy Laidman <jlaidman at rebel-it.com.au>
Sent: Thursday, December 17, 2015 10:16 PM
To: Galen Johnson; Japheth Cleaver; xymon at xymon.com
Subject: Re: [Xymon] ftps tests

On Fri, Dec 18, 2015 at 9:06 AM Galen Johnson <Galen.Johnson at sas.com<mailto:Galen.Johnson at sas.com>> wrote:

oh...well I guess that would explain it :-).  It seems like it would be a useful function since starttls is a common implementation for various services (like ldaps...I would hope it handles that).

I agree that this would be useful.  However it's probably not trivial to implement.  Each protocol (FTP, LDAP, SMTP, etc) has its own dialogue to go through before the STARTTLS command can be issued, as well as negotiations to determine whether STARTTLS is supported, and how to handle in the negative.  These protocols don't even use the same command (POP uses "STLS", for example).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20151218/3547919c/attachment.html>


More information about the Xymon mailing list