Hi there,

I have an ftps server on z/OS. The ftps server certificate is signed by
the company's internal CA.

On the client side this is a Fedora 27 system with lftp 4.8.3

First the two case which works fine (and which I understand).

1. I have set

set ftp:ssl-force true
set ftp:ssl_auth tls

No certificate specified, no certificate installed in the Linux
system and I get:

ERROR: Certificate verification: Not trusted (66:7C....

and the connection will be closed.

2. Same as 1. but now I have copied the root certificate of the
company's internal CA into /etc/pki-ca-trust-source/anchor/ directory
and I have run 
     sudo update-ca-trust

This time the ftp server's certificate can be validated and things are

Now the case I don't understand:

I have set:
set ftp:ssl-force true
set ftp:ssl_auth tls
set ssl:verify-certificate ZOS_SELF_SIGNED

where ZOS_SELF_SIGNED is just a self signed certificate in PEM
format created on the z/OS system.

Now I get 

WARNING: Certificate verification: Not trusted (66:7C....

and I can list files on the remote site and download files from the
remote site. 

Question: Why do I get a warning only?  I had expected to get an error


lftp mailing list

Reply via email to