Re: [lftp] RSS/ATOM feed
On Tue, Oct 28, 2014 at 11:08:30AM +0100, Szépe Viktor wrote: What can we do now? I cannot write a bug report because I do not know how TLS works and I can't speak C. Submit a Debian bug report, specify exact gnutls package version, provide samples of the servers having problems with it. I don't think it is needed to know C to submit a bug report. Are you able to read gnutls_certificate_get_peers's source? I can't reproduce this problem, so it's hard for me to debug it. -- Alexander. Idézem/Quoting Alexander V. Lukyanov l...@netis.ru: On Mon, Oct 27, 2014 at 04:28:11PM +0100, Szépe Viktor wrote: Thank you for the feed! I still have Certificate verification: Not trusted: no issuer was found with GNUTLS. With your Fedora it is OK. With gnutls-cli it is also OK on my Debian system. The problem comes with lftp on my Debian system. On Fedora 'Issued by' is always == 'Checking against'. On Debian there is a mis-comparition. I think it may be a bug in gnutls' function gnutls_certificate_get_peers. It returns the certificate chain, probably it has a missing link or wrong order. Is it a gnutls issue or an lftp? (gnutls-cli never fails) Probably gnutls-cli uses another certificate verification method. -- Alexander. Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület ___ lftp mailing list lftp@uniyar.ac.ru http://univ.uniyar.ac.ru/mailman/listinfo/lftp
Re: [lftp] RSS/ATOM feed
What can we do now? I cannot write a bug report because I do not know how TLS works and I can't speak C. Are you able to read gnutls_certificate_get_peers's source? Idézem/Quoting Alexander V. Lukyanov l...@netis.ru: On Mon, Oct 27, 2014 at 04:28:11PM +0100, Szépe Viktor wrote: Thank you for the feed! I still have Certificate verification: Not trusted: no issuer was found with GNUTLS. With your Fedora it is OK. With gnutls-cli it is also OK on my Debian system. The problem comes with lftp on my Debian system. On Fedora 'Issued by' is always == 'Checking against'. On Debian there is a mis-comparition. I think it may be a bug in gnutls' function gnutls_certificate_get_peers. It returns the certificate chain, probably it has a missing link or wrong order. Is it a gnutls issue or an lftp? (gnutls-cli never fails) Probably gnutls-cli uses another certificate verification method. -- Alexander. Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület ___ lftp mailing list lftp@uniyar.ac.ru http://univ.uniyar.ac.ru/mailman/listinfo/lftp
Re: [lftp] RSS/ATOM feed
On Mon, Oct 27, 2014 at 03:15:23PM +0100, Szépe Viktor wrote: Could you start a release notification feed for http://lftp.yar.ru/events.html ? Please try http://lftp.yar.ru/events.xml Feel free to suggest improvements. -- Alexander. ___ lftp mailing list lftp@uniyar.ac.ru http://univ.uniyar.ac.ru/mailman/listinfo/lftp
Re: [lftp] RSS/ATOM feed
Thank you for the feed! I still have Certificate verification: Not trusted: no issuer was found with GNUTLS. With your Fedora it is OK. With gnutls-cli it is also OK on my Debian system. The problem comes with lftp on my Debian system. On Fedora 'Issued by' is always == 'Checking against'. On Debian there is a mis-comparition. The second cert's 'Issued by' == the first cert's 'Checking against'. But not on all servers! In case of my server (szepe.net) with proftpd 1.3.3 (properly set up) certs are chekced against their issuers. On many other shared hosing (cPanel) configs ( ecbiz153.inmotionhosting.com , server5.megacp.com , eu1.solid-hosting.net ) is fails. Is it a gnutls issue or an lftp? (gnutls-cli never fails) Fedora 19 = Certificate: OU=Domain Control Validated,OU=PositiveSSL,CN=eu1.solid-hosting.net Issued by:C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=PositiveSSL CA 2 Checking against: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=PositiveSSL CA 2 Trusted Certificate: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=PositiveSSL CA 2 Issued by:C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root Checking against: C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root Trusted Certificate: C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root Issued by: C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root Trusted Debian == Certificate: OU=Domain Control Validated,OU=PositiveSSL,CN=eu1.solid-hosting.net Issued by:C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=PositiveSSL CA 2 Checking against: C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root ERROR: Certificate verification: Not trusted: no issuer was found Certificate: C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root Issued by:C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root Checking against: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=PositiveSSL CA 2 ERROR: Certificate verification: Not trusted: no issuer was found Certificate: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=PositiveSSL CA 2 Issued by: C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root Trusted Certificate verification: Not trusted: no issuer was found Szépe Viktor -- +36-20-4242498 s...@szepe.net skype: szepe.viktor Budapest, XX. kerület ___ lftp mailing list lftp@uniyar.ac.ru http://univ.uniyar.ac.ru/mailman/listinfo/lftp
