PedroPoulpos
2013-03-06 14:58:15 UTC
Hello,
I've got a difference between the lftp behaviour and the openssl's one :
When trying to access distant server i get :
---- using password from ~/.netrc
---- Resolving host address...
---- 1 address found: xxx.xxx.xxx.xxx
---- Connecting to distant.host (xxx.xxx.xxx.xxx) port 21
<--- 220 "..."
---> FEAT
<--- 211-Features:
<--- AUTH SSL
<--- AUTH TLS
<--- EPRT
<--- EPSV
<--- MDTM
<--- PASV
<--- PBSZ
<--- PROT
<--- REST STREAM
<--- SIZE
<--- TVFS
<--- UTF8
<--- 211 End
---> AUTH TLS
<--- 234 Proceed with negotiation.
---> OPTS UTF8 ON
Certificate depth: 0; subject: *** censored ***
ERROR: Certificate verification: unable to get local issuer certificate
**** SSL_connect: unable to get local issuer certificate
---- Closing control socket
cd: Fatal error: SSL_connect: unable to get local issuer certificate
With configuration :
lftp :~> set -a | grep ssl
set ftp:ssl-allow yes
set ftp:ssl-allow-anonymous no
set ftp:ssl-auth TLS
set ftp:ssl-copy-sid yes
set ftp:ssl-data-use-keys yes
set ftp:ssl-force true
set ftp:ssl-protect-data true
set ftp:ssl-protect-fxp no
set ftp:ssl-protect-list yes
set ftp:ssl-shutdown-timeout 5
set ftp:ssl-use-ccc no
set ssl:ca-file ""
set ssl:ca-path /appli/lftp/certificate/ca/
set ssl:cert-file /appli/lftp/certificate/client.pem
set ssl:check-hostname no
set ssl:crl-file ""
set ssl:crl-path ""
set ssl:key-file /appli/lftp/certificate/privateKey.pem
set ssl:verify-certificate yes
The corresponding command with openssl works :
openssl s_client -connect xxx.xxx.xxx.xxx:21 -starttls ftp -CApath
/appli/lftp/certificate/ca/
The lftp library used :
ldd /usr/local/bin/lftp
...
libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0x00007fb87ba7a000)
...
And finally the version :
lftp -version :
LFTP | Version 4.3.8 | Copyright (c) 1996-2012 Alexander V. Lukyanov
Libraries used: Readline 6.0, OpenSSL FIPS Object Module v1.2
Can you help me, i just can't manage to make it work.
Thx.
I've got a difference between the lftp behaviour and the openssl's one :
When trying to access distant server i get :
---- using password from ~/.netrc
---- Resolving host address...
---- 1 address found: xxx.xxx.xxx.xxx
---- Connecting to distant.host (xxx.xxx.xxx.xxx) port 21
<--- 220 "..."
---> FEAT
<--- 211-Features:
<--- AUTH SSL
<--- AUTH TLS
<--- EPRT
<--- EPSV
<--- MDTM
<--- PASV
<--- PBSZ
<--- PROT
<--- REST STREAM
<--- SIZE
<--- TVFS
<--- UTF8
<--- 211 End
---> AUTH TLS
<--- 234 Proceed with negotiation.
---> OPTS UTF8 ON
Certificate depth: 0; subject: *** censored ***
ERROR: Certificate verification: unable to get local issuer certificate
**** SSL_connect: unable to get local issuer certificate
---- Closing control socket
cd: Fatal error: SSL_connect: unable to get local issuer certificate
With configuration :
lftp :~> set -a | grep ssl
set ftp:ssl-allow yes
set ftp:ssl-allow-anonymous no
set ftp:ssl-auth TLS
set ftp:ssl-copy-sid yes
set ftp:ssl-data-use-keys yes
set ftp:ssl-force true
set ftp:ssl-protect-data true
set ftp:ssl-protect-fxp no
set ftp:ssl-protect-list yes
set ftp:ssl-shutdown-timeout 5
set ftp:ssl-use-ccc no
set ssl:ca-file ""
set ssl:ca-path /appli/lftp/certificate/ca/
set ssl:cert-file /appli/lftp/certificate/client.pem
set ssl:check-hostname no
set ssl:crl-file ""
set ssl:crl-path ""
set ssl:key-file /appli/lftp/certificate/privateKey.pem
set ssl:verify-certificate yes
The corresponding command with openssl works :
openssl s_client -connect xxx.xxx.xxx.xxx:21 -starttls ftp -CApath
/appli/lftp/certificate/ca/
The lftp library used :
ldd /usr/local/bin/lftp
...
libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0x00007fb87ba7a000)
...
And finally the version :
lftp -version :
LFTP | Version 4.3.8 | Copyright (c) 1996-2012 Alexander V. Lukyanov
Libraries used: Readline 6.0, OpenSSL FIPS Object Module v1.2
Can you help me, i just can't manage to make it work.
Thx.