Discussion:
TLS client certificate
bruno
2006-12-07 15:59:04 UTC
Permalink
hello,

Is it possible to use TLS client certificate authentification with lftp ?

regards

Bruno
Alexander V. Lukyanov
2006-12-08 14:28:07 UTC
Permalink
Post by bruno
Is it possible to use TLS client certificate authentification with lftp ?
Yes, see ssl:key-file and ssl:cert-file settings.
--
Alexander.
bruno
2006-12-08 14:53:12 UTC
Permalink
Hello,

I try with ssl:key-file and ssl:cert-file and it fails.

set ssl:cert-file lftp.crt
set ssl:key-file lftp.key

lftp.crt & key are in the current directory with lftp binarie.

Here is my test and the logs

I set the ssl:key-file and ssl:cert-file, I open my connection, enter the
username and the password , I type "ls" and after lftp answer :Enter PEM pass
phrase:ation...] So I enter my passphrase and it fails with the following log
: ls: Fatal error: SSL connect: sslv3 alert handshake failure.

On the server side (proftpd), here is my log :

Dec 08 15:44:30 mod_tls/2.1.1[15523]: using default OpenSSL verification
locations (see $SSL_CERT_DIR environment variable)
Dec 08 15:44:30 mod_tls/2.1.1[15523]: SSL/TLS required but absent on control
channel, denying FEAT command
Dec 08 15:44:30 mod_tls/2.1.1[15523]: TLS/TLS-C requested, starting TLS
handshake
Dec 08 15:44:33 mod_tls/2.1.1[15523]: unable to accept TLS connection:
(1) error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
return a certificate
Dec 08 15:44:33 mod_tls/2.1.1[15523]: TLS/TLS-C negotiation failed on control
channel


It works with the same ftp server and cute ftp under windows so I think that
my ftp server configuration is correct.

any idea ??


------ Original Message ------
Received: Fri, 08 Dec 2006 03:28:30 PM CET
From: "Alexander V. Lukyanov" <***@netis.ru>
To: bruno <***@usa.net>Cc: ***@uniyar.ac.ru
Subject: Re: TLS client certificate
Post by Alexander V. Lukyanov
Post by bruno
Is it possible to use TLS client certificate authentification with lftp ?
Yes, see ssl:key-file and ssl:cert-file settings.
--
Alexander.
bruno
2006-12-08 15:10:08 UTC
Permalink
Hello,

I try with ssl:key-file and ssl:cert-file and it fails.

set ssl:cert-file lftp.crt
set ssl:key-file lftp.key

lftp.crt & key are in the current directory with lftp binarie.

Here is my test and the logs

I set the ssl:key-file and ssl:cert-file, I open my connection, enter the
username and the password , I type "ls" and after lftp answer :Enter PEM pass
phrase:ation...] So I enter my passphrase and it fails with the following log
: ls: Fatal error: SSL connect: sslv3 alert handshake failure.

On the server side (proftpd), here is my log :

Dec 08 15:44:30 mod_tls/2.1.1[15523]: using default OpenSSL verification
locations (see $SSL_CERT_DIR environment variable)
Dec 08 15:44:30 mod_tls/2.1.1[15523]: SSL/TLS required but absent on control
channel, denying FEAT command
Dec 08 15:44:30 mod_tls/2.1.1[15523]: TLS/TLS-C requested, starting TLS
handshake
Dec 08 15:44:33 mod_tls/2.1.1[15523]: unable to accept TLS connection:
(1) error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
return a certificate
Dec 08 15:44:33 mod_tls/2.1.1[15523]: TLS/TLS-C negotiation failed on control
channel


It works with the same ftp server and cute ftp under windows so I think that
my ftp server configuration is correct.

any idea ??


------ Original Message ------
Received: Fri, 08 Dec 2006 03:28:30 PM CET
From: "Alexander V. Lukyanov" <***@netis.ru>
To: bruno <***@usa.net>Cc: ***@uniyar.ac.ru
Subject: Re: TLS client certificate
Post by Alexander V. Lukyanov
Post by bruno
Is it possible to use TLS client certificate authentification with lftp ?
Yes, see ssl:key-file and ssl:cert-file settings.
--
Alexander.
Loading...