I'm trying to connect to a FTP server that supports explicit FTPS using TLS, but I can't get certificate verification working. Most of the online help I find advises disabling certificate verification with "ssl:verify-certificate no", and I assume this is not good advice.
My current understanding of the process is that lftp downloads the server's certificate when it negotiates TLS, then follows the certificate chain up to the certificate of a root CA, and trusts that root CA because it is in my list of trusted third parties, that I indicate to lftp using "ssl:ca-file /etc/ssl/certs/ca-certificates.crt" (the root CA certificates bundle file). This is, as far as I know, what web browsers do when they connect to HTTPS hosts (isn't it?). This doesn't appear to work so I guess I don't understand right. The debug output is: $ lftp -d -p 21 -u USER,PASS SERVER.seedbox.fr lftp u...@server.seedbox.fr:~> set ssl:ca-file /etc/ssl/certs/ca-certificates.crt lftp u...@server.seedbox.fr:~> ls ---- Connecting to SERVER.seedbox.fr (IPADDRESS) port 21 <--- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- <--- [other 220 info] ---> FEAT <--- [feat reply] ---> AUTH TLS <--- 234 AUTH TLS OK. ---> OPTS UTF8 ON Certificate: C=FR,postalCode=77310,ST=Seine-et-Marne,L=PRINGY,street=IMPASSE DU BREAU,O=SDBX FRANCE,OU=0002 529997199,CN=*.seedbox.fr Issued by: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO RSA Organization Validation Secure Server CA ERROR: Certificate verification: Not trusted **** Certificate verification: Not trusted ---- Closing control socket ls: Fatal error: Certificate verification: Not trusted However, if I download the server's certificate beforehand, using a web browser or the OpenSSL CLI (openssl s_client -connect SERVER.seedbox.fr:21 -starttls ftp), and then points lftp to this certificate using "ssl ca-file /path/to/manually/downloaded/server/certificate.crt", the certificate verification succeeds. Why? What is verified in this case, precisely? That the certificate lftp downloads from the server during TLS negotiation is the same as one that was previously downloaded? How does that authenticates the server? And does this mean that the user has to maintain a certificate database of the servers they connect to? I thought the point of certificate hierarchies was that the user would only have to maintain a short list of trusted third party certificates (the root CA certificates). Thanks in advance for your help Naël _______________________________________________ lftp mailing list lftp@uniyar.ac.ru http://univ.uniyar.ac.ru/mailman/listinfo/lftp