On Tue, Jun 28, 2005 at 10:47:09AM -0500, Randal Anders wrote: > ## Set FTP to negotiate SSL connection > set ftp:ssl-allow yes > set ssl:ca-file /usr/local/ssl/certs/Equifax.pem > set ssl:verify-certificate true > set ftp:ssl-protect-data yes > set cmd:default-protocol ftps > set ftp:passive-mode false
> ---- Connecting to testcase.software.ibm.com (9.17.201.43) port 990 > **** Socket error (A remote host refused an attempted connect operation.) > - reconnecting First thing - this server does not do ftps protocol (which has tls activated by default and uses the port 990 by default). Most probably the TLS should be activated inside ftp protocol. See below. > If I use the ftp protocol by commenting out set cmd:default-protocol ftps > everything works OK. This leads me to believe that something is wrong > with how I'm configuring the client to use the certificate that I have. This is correct mode of operations. > ---- 1 address found > ---- Connecting to testcase.software.ibm.com (9.17.201.43) port 21 > <--- 220-IBM's internal systems must only be used for conducting IBM's > <--- 220-business or for purposes authorized by IBM management. > <--- 220- > <--- 220-Use is subject to audit at any time by IBM management. > <--- 220- > <--- 220-This server contains IBM Confidential information. Please read > <--- 220-/README.confidential for more information. > <--- 220- > <--- 220 testcase-blue secure FTP server ready. > ---> FEAT > <--- 211-Extensions supported > <--- CHMOD > <--- IDLE > <--- UMASK > <--- HELP > <--- AUTH This seems to be the reason why lftp does not try to negotiate secure connection - AUTH lacks arguments in FEAT reply. Probably this should be fixed on lftp side. As a workaround try: set use-feat off -- Alexander.
