Discussion:
TLS issue again
Szépe Viktor
2014-07-06 22:39:37 UTC
Permalink
Good morning!

Here is the new release:
LFTP | Version 4.5.3 | Copyright (c) 1996-2014 Alexander V. Lukyanov
Libraries used: Readline 6.2, Expat 2.1.0, GnuTLS 3.2.15, zlib 1.2.7
-->
When connecting to eu1.solid-hosting.net with SSL, it fails.

Certificate: OU=Domain Control
Validated,OU=PositiveSSL,CN=eu1.solid-hosting.net
Issued by: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA
Limited,CN=PositiveSSL CA 2
Checking against: C=SE,O=AddTrust AB,OU=AddTrust External TTP
Network,CN=AddTrust External CA Root
ERROR: Certificate verification: Not trusted: no issuer was found
Certificate: C=SE,O=AddTrust AB,OU=AddTrust External TTP
Network,CN=AddTrust External CA Root
Issued by: C=SE,O=AddTrust AB,OU=AddTrust External TTP
Network,CN=AddTrust External CA Root
Checking against: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA
Limited,CN=PositiveSSL CA 2
ERROR: Certificate verification: Not trusted: no issuer was found
Certificate: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA
Limited,CN=PositiveSSL CA 2
Issued by: C=SE,O=AddTrust AB,OU=AddTrust External TTP
Network,CN=AddTrust External CA Root
Trusted
**** Certificate verification: Not trusted: no issuer was found

-->
When compiled with OpenSSL it is OK.
Certificate verification: subjectAltName: ‘eu1.solid-hosting.net’ matched

-->
Also GnuTLS-cli tool says it is OK.
gnutls-cli --verbose --crlf --x509cafile
/etc/ssl/certs/ca-certificates.crt --starttls --port 21
eu1.solid-hosting.net

- Status: The certificate is trusted.
- Description: (TLS1.2)-(RSA)-(AES-128-GCM)
- Session ID:
C6:91:43:5C:CD:99:43:33:BD:54:BE:85:CF:6B:B6:8D:94:29:8B:1C:67:2E:31:14:C8:ED:BA:BA:CC:B6:BA:B3
- Version: TLS1.2
- Key Exchange: RSA
- Cipher: AES-128-GCM
- MAC: AEAD
- Compression: NULL
- Channel binding 'tls-unique': db5113e45fd57ad0ac846d47


Could you explaint why lftp+gnutls3 fails.
Thank you!

Szépe Viktor
--
+36-20-4242498 ***@szepe.net skype: szepe.viktor
Budapest, XX. kerület
Loading...