[lftp] certificated validation

Tue, 10 Jun 2014 17:03:07 -0700 

Could you help me how to solve to "Not trusted: no issuer was found" error?
Maybe lftp cannot parse ca-certificates.crt? (Debian wheezy)
4.5.1 does the same.
Also with fresh ca bundle https://github.com/bagder/ca-bundle/blob/master/ca-bundle.crt 

You can try running  lftp eu1.solid-hosting.net  yourself without a password.

Thank you!


openssl says it is OK


# openssl s_client -connect eu1.solid-hosting.net:21 -starttls ftp  
-CAfile /etc/ssl/certs/ca-certificates.crt

CONNECTED(00000003)

depth=2 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network,  
CN = AddTrust External CA Root

verify return:1

depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA  
Limited, CN = PositiveSSL CA 2

verify return:1

depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN =  
eu1.solid-hosting.net

verify return:1
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=eu1.solid-hosting.net

   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA  
Limited/CN=PositiveSSL CA 2
 1 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust  
External CA Root
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust  
External CA Root
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA  
Limited/CN=PositiveSSL CA 2
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust  
External CA Root

---



# lftp eu1.solid-hosting.net

lftp shsz...@eu1.solid-hosting.net:~> set ssl:ca-file  
/etc/ssl/certs/ca-certificates.crt


lftp shsz...@eu1.solid-hosting.net:~> debug

lftp shsz...@eu1.solid-hosting.net:~> ls /
---- Connecting to eu1.solid-hosting.net (94.23.121.230) port 21
<--- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
<--- 220-You are user number 1 of 100 allowed.
<--- 220-Local time is now 00:24. Server port: 21.
<--- 220-This is a private system - No anonymous login
<--- 220-IPv6 connections are also welcome on this server.
<--- 220 You will be disconnected after 3 minutes of inactivity.
---> FEAT
<--- 211-Extensions supported:
<---  EPRT
<---  IDLE
<---  MDTM
<---  SIZE
<---  MFMT
<---  REST STREAM
<---  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
<---  MLSD
<---  AUTH TLS
<---  PBSZ
<---  PROT
<---  TVFS
<---  ESTA
<---  PASV
<---  EPSV
<---  SPSV
<---  ESTP
<--- 211 End.
---> AUTH TLS
<--- 234 AUTH TLS OK.
---> OPTS MLST type;size;modify;UNIX.mode;UNIX.uid;UNIX.gid;

Certificate: OU=Domain Control  
Validated,OU=PositiveSSL,CN=eu1.solid-hosting.net
 Issued by:        C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA  
Limited,CN=PositiveSSL CA 2
 Checking against: C=SE,O=AddTrust AB,OU=AddTrust External TTP  
Network,CN=AddTrust External CA Root

ERROR: Certificate verification: Not trusted: no issuer was found


Certificate: C=SE,O=AddTrust AB,OU=AddTrust External TTP  
Network,CN=AddTrust External CA Root
 Issued by:        C=SE,O=AddTrust AB,OU=AddTrust External TTP  
Network,CN=AddTrust External CA Root
 Checking against: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA  
Limited,CN=PositiveSSL CA 2

ERROR: Certificate verification: Not trusted: no issuer was found


Certificate: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA  
Limited,CN=PositiveSSL CA 2
 Issued by: C=SE,O=AddTrust AB,OU=AddTrust External TTP  
Network,CN=AddTrust External CA Root

  Trusted
**** Certificate verification: Not trusted: no issuer was found
---- Closing control socket
ls: Fatal error: Certificate verification: Not trusted: no issuer was found

Szépe Viktor
--
+36-20-4242498  s...@szepe.net  skype: szepe.viktor
Budapest, XX. kerület





_______________________________________________
lftp mailing list
lftp@uniyar.ac.ru
http://univ.uniyar.ac.ru/mailman/listinfo/lftp






















					Reply via email to