Re: [lftp] certificated validation

2014-06-10 Thread Alexander V. Lukyanov 
On Wed, Jun 11, 2014 at 01:55:23AM +0200, Szépe Viktor wrote:
> Could you help me how to solve to "Not trusted: no issuer was found" error?
> Maybe lftp cannot parse ca-certificates.crt? (Debian wheezy)
> 4.5.1 does the same.
> Also with fresh ca bundle
> https://github.com/bagder/ca-bundle/blob/master/ca-bundle.crt
>
> You can try running  lftp eu1.solid-hosting.net  yourself without a password.
>
> Thank you!
>
>
> openssl says it is OK

You can try to compile lftp with openssl (configure --with-openssl) and see if 
it helps.

--
   Alexander.
___
lftp mailing list
lftp@uniyar.ac.ru
http://univ.uniyar.ac.ru/mailman/listinfo/lftp

[lftp] certificated validation

2014-06-10 Thread Szépe Viktor 

Could you help me how to solve to "Not trusted: no issuer was found" error?
Maybe lftp cannot parse ca-certificates.crt? (Debian wheezy)
4.5.1 does the same.
Also with fresh ca bundle  
https://github.com/bagder/ca-bundle/blob/master/ca-bundle.crt


You can try running  lftp eu1.solid-hosting.net  yourself without a password.

Thank you!


openssl says it is OK

# openssl s_client -connect eu1.solid-hosting.net:21 -starttls ftp  
-CAfile /etc/ssl/certs/ca-certificates.crt

CONNECTED(0003)
depth=2 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network,  
CN = AddTrust External CA Root

verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA  
Limited, CN = PositiveSSL CA 2

verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN =  
eu1.solid-hosting.net

verify return:1
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=eu1.solid-hosting.net
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA  
Limited/CN=PositiveSSL CA 2
 1 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust  
External CA Root
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust  
External CA Root
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA  
Limited/CN=PositiveSSL CA 2
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust  
External CA Root

---



# lftp eu1.solid-hosting.net
lftp shsz...@eu1.solid-hosting.net:~> set ssl:ca-file  
/etc/ssl/certs/ca-certificates.crt


lftp shsz...@eu1.solid-hosting.net:~> debug

lftp shsz...@eu1.solid-hosting.net:~> ls /
 Connecting to eu1.solid-hosting.net (94.23.121.230) port 21
<--- 220-- Welcome to Pure-FTPd [privsep] [TLS] --
<--- 220-You are user number 1 of 100 allowed.
<--- 220-Local time is now 00:24. Server port: 21.
<--- 220-This is a private system - No anonymous login
<--- 220-IPv6 connections are also welcome on this server.
<--- 220 You will be disconnected after 3 minutes of inactivity.
---> FEAT
<--- 211-Extensions supported:
<---  EPRT
<---  IDLE
<---  MDTM
<---  SIZE
<---  MFMT
<---  REST STREAM
<---  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
<---  MLSD
<---  AUTH TLS
<---  PBSZ
<---  PROT
<---  TVFS
<---  ESTA
<---  PASV
<---  EPSV
<---  SPSV
<---  ESTP
<--- 211 End.
---> AUTH TLS
<--- 234 AUTH TLS OK.
---> OPTS MLST type;size;modify;UNIX.mode;UNIX.uid;UNIX.gid;
Certificate: OU=Domain Control  
Validated,OU=PositiveSSL,CN=eu1.solid-hosting.net
 Issued by:C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA  
Limited,CN=PositiveSSL CA 2
 Checking against: C=SE,O=AddTrust AB,OU=AddTrust External TTP  
Network,CN=AddTrust External CA Root

ERROR: Certificate verification: Not trusted: no issuer was found

Certificate: C=SE,O=AddTrust AB,OU=AddTrust External TTP  
Network,CN=AddTrust External CA Root
 Issued by:C=SE,O=AddTrust AB,OU=AddTrust External TTP  
Network,CN=AddTrust External CA Root
 Checking against: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA  
Limited,CN=PositiveSSL CA 2

ERROR: Certificate verification: Not trusted: no issuer was found

Certificate: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA  
Limited,CN=PositiveSSL CA 2
 Issued by: C=SE,O=AddTrust AB,OU=AddTrust External TTP  
Network,CN=AddTrust External CA Root

  Trusted
 Certificate verification: Not trusted: no issuer was found
 Closing control socket
ls: Fatal error: Certificate verification: Not trusted: no issuer was found

Szépe Viktor
--
+36-20-4242498  s...@szepe.net  skype: szepe.viktor
Budapest, XX. kerület





___
lftp mailing list
lftp@uniyar.ac.ru
http://univ.uniyar.ac.ru/mailman/listinfo/lftp

[lftp] lftp 4.5.1 Segmentation fault on CentOS 6.5

2014-06-10 Thread Heath Skarlupka 

Hello,

After compiling lftp 4.5.1 on a CentOS 6.5 x86_64 box, the lftp command 
segfaults before the lftp prompt shows up on the command line.  I 
recompiled with the debug flag and ran it in gdb with this stack trace 
output.


[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
0x00466774 in xlist::_add (node=0x76e5d8, prev=0x755bc0, 
next=0x0) at xlist.h:35

35  next->prev=node;
Missing separate debuginfos, use: debuginfo-install 
expat-2.0.1-11.el6_2.x86_64 glibc-2.12-1.132.el6_5.2.x86_64 
gnutls-2.8.5-14.el6_5.x86_64 libgcc-4.4.7-4.el6.x86_64 
libgcrypt-1.4.5-11.el6_4.x86_64 libgpg-error-1.7-4.el6.x86_64 
libtasn1-2.3-3.el6_2.1.x86_64 ncurses-libs-5.7-3.20090208.el6.x86_64 
readline-6.0-4.el6.x86_64 zlib-1.2.3-29.el6.x86_64

(gdb) info stack
#0  0x00466774 in xlist::_add (node=0x76e5d8, 
prev=0x755bc0, next=0x0) at xlist.h:35
#1  0x004666d6 in xlist::add (this=0x755bc0, 
node=0x76e5d8) at xlist.h:52
#2  0x00466563 in xlist::add (this=0x755bc0, node=...) 
at xlist.h:54

#3  0x004656ec in SMTask::SMTask (this=0x76e5d0) at SMTask.cc:53
#4  0x0047c24a in Log::Log (this=0x76e5d0) at log.h:71
#5  0x00483831 in __static_initialization_and_destruction_0 
(__initialize_p=1, __priority=65535) at log.cc:29
#6  0x00483872 in global constructors keyed to _ZN3Log6globalE() 
() at log.cc:141

#7  0x004fab86 in __do_global_ctors_aux ()
#8  0x0040676b in _init ()
#9  0x in ?? ()
(gdb) quit


If there is any other debug information that I can provide, I would be 
glad to help.  Thank you!


Heath Skarlupka
Linux Systems Administrator
Space Science Engineering Center
University of Wisconsin Madison
___
lftp mailing list
lftp@uniyar.ac.ru
http://univ.uniyar.ac.ru/mailman/listinfo/lftp

Re: [lftp] lftp Exit code when using mget

2014-06-10 Thread Alexander V. Lukyanov 
On Tue, Jun 10, 2014 at 12:38:06PM +, tilo.mue...@bertelsmann.de wrote:
> OK, thanks for the suggestion with the mirror command. I think it will work 
> this way.
> 
> Anyway, my suggestion: Maybe this could be implemented with an global lftp 
> switch which affects all protocols:
> xfer:mget-error-no-file
> 
> If set to false, it doesn’t throw an error when no file is found. And the 
> default is true (as it works today).

The next version will have this:

glob --exist * && mget *

-- 
   Alexander.
___
lftp mailing list
lftp@uniyar.ac.ru
http://univ.uniyar.ac.ru/mailman/listinfo/lftp

Re: [lftp] lftp Exit code when using mget

2014-06-10 Thread Tilo.Muetze 
OK, thanks for the suggestion with the mirror command. I think it will work 
this way.

Anyway, my suggestion: Maybe this could be implemented with an global lftp 
switch which affects all protocols:
xfer:mget-error-no-file

If set to false, it doesn’t throw an error when no file is found. And the 
default is true (as it works today).

Regards,
Tilo

From: Alexander Lukyanov [mailto:lavv...@gmail.com]
Sent: Friday, June 06, 2014 6:03 PM
To: Mütze, Tilo, NMD-C4.2
Cc: Lista LFTp
Subject: Re: [lftp] lftp Exit code when using mget

I could add an option for mget, but also it is also possible to use mirror 
command instead. Please consider if it is really possible in your case.

2014-04-15 17:33 GMT+04:00 
mailto:tilo.mue...@bertelsmann.de>>:
Hi,
how can we poll a remote server using “mget *” for files, to not fail if there 
are no files available?

“set cmd:fail-exit yes;” is always set in our environment to detect any issues 
occurring, but in this case we only want that “mget *” is ok, when no files are 
available. Any other error during “mget *” should cause lftp to end with RC != 
0. Is this possible to implement somehow?

Thanks and regards,
Tilo


___
lftp mailing list
lftp@uniyar.ac.ru
http://univ.uniyar.ac.ru/mailman/listinfo/lftp



--
   Alexander.
___
lftp mailing list
lftp@uniyar.ac.ru
http://univ.uniyar.ac.ru/mailman/listinfo/lftp

Re: [lftp] lftp and patterns

2014-06-10 Thread Alexander V. Lukyanov 
On Tue, Jun 10, 2014 at 08:41:04AM +, tilo.mue...@bertelsmann.de wrote:
> Hi Alexander,
> yep, we’ve already tried cls before. But regarding the exit code, it works 
> the same as ls.

You can use temporary files like this:

lftp> cls *.csv > listing
lftp> source -e "test -s listing && echo LFTP-COMMAND"

It's not pretty, but works...

You can also try attached patch, which adds this possibility:

glob .empty *.csv && echo "There are no *.csv files"

Suggestions on the command name are welcome (it's not released yet).

-- 
   Alexander.
diff --git a/src/commands.cc b/src/commands.cc
index e77d211..695c6cf 100644
--- a/src/commands.cc
+++ b/src/commands.cc
@@ -92,6 +92,8 @@ CMD(at);CMD(find);   CMD(command); CMD(module);
 CMD(lpwd);  CMD(glob);  CMD(chmod);   CMD(queue);
 CMD(repeat);CMD(get1);   CMD(tasks);   CMD(torrent);
 
+CMD(empty); CMD(true); CMD(false);
+
 #ifdef MODULE_CMD_MIRROR
 # define cmd_mirror 0
 #endif
@@ -489,6 +491,9 @@ const struct CmdExec::cmd_rec CmdExec::static_cmd_table[]=
 N_("Same as more, but filter each file through bzcat\n")},
 
{".tasks",  cmd_tasks,  0,0},
+   {".empty",  cmd_empty,  0,0},
+   {".true",   cmd_true,   0,0},
+   {".false",  cmd_false,  0,0},
 };
 const int 
CmdExec::static_cmd_table_length=sizeof(static_cmd_table)/sizeof(static_cmd_table[0]);
 
@@ -3348,6 +3353,22 @@ CMD(tasks)
return 0;
 }
 
+CMD(empty)
+{
+   exit_code=(args->count()>1 ? 1 : 0);
+   return 0;
+}
+CMD(true)
+{
+   exit_code=0;
+   return 0;
+}
+CMD(false)
+{
+   exit_code=1;
+   return 0;
+}
+
 CMD(eval)
 {
int opt;
___
lftp mailing list
lftp@uniyar.ac.ru
http://univ.uniyar.ac.ru/mailman/listinfo/lftp

Re: [lftp] lftp and patterns

2014-06-10 Thread Tilo.Muetze 
Hi Alexander,
yep, we’ve already tried cls before. But regarding the exit code, it works the 
same as ls.

Exit code are an indicator if something went wrong and with lftp you have a 
strong partner as you can use “||” and “&&” to combine commands and exit with a 
specific return code, e.g. if there is no data. So to us it makes much sense, 
to have a possibility in lftp to check for patterns and end ls command with an 
error code, if no files are found.

Thanks and regards,
Tilo

From: Alexander Lukyanov [mailto:lavv...@gmail.com]
Sent: Friday, June 06, 2014 6:00 PM
To: Mütze, Tilo, NMD-C4.2
Cc: Lista LFTp
Subject: Re: [lftp] lftp and patterns

Which backend protocol do you use? If ftp, then ls arguments are wholly passed 
to server side as LIST argument. If other protocols, then most probably you may 
only specify a directory to list.

There is another command - cls - which handles arguments locally and provides 
better functionality compared with plain "ls". Try it. Exit code may be not 
that you want though.

2014-04-15 17:27 GMT+04:00 
mailto:tilo.mue...@bertelsmann.de>>:
Hi,
is it somehow possible, to list files by using a pattern like:
ls *.csv
dir *.csv

And if no files are found, exit that ls or dir command with an exit code <> 0?

Regards,
Tilo


___
lftp mailing list
lftp@uniyar.ac.ru
http://univ.uniyar.ac.ru/mailman/listinfo/lftp



--
   Alexander.
___
lftp mailing list
lftp@uniyar.ac.ru
http://univ.uniyar.ac.ru/mailman/listinfo/lftp

[lftp] issue with SITE commands and retries

2014-06-10 Thread Mattias Bergvall 
Hi!
Thanks for lftp. A great piece of software.


We need an option to completely disable retries. The option net:max-retries
= 0 unfortunately means unlimited retries.

I have an issue with LFTP (Version 4.4.15) when it comes to “misbehaving”
mainframe remote sites.
The problem occurs when the FTP server/proxy  (IBM FTP CS V1R13) fails to
get exclusive permissions to the target dataset (file).
The server then issues a 125 message and terminates the connection. (Which
I think is incorrect behavior, but that's not the point).

What happens next is that lftp reconnects again (I have net:max-retries =
1. I don’t want it to retry!) and does NOT issue the SITE commands that
were in the command file, prior to the put command.
This time, the FTP server does not have a problem, so lftp successfully
sends the file, but it then gets the wrong record length on the remote side
☹.

This is my command file:

set ftp:use-feat false
set dns:fatal-timeout 50
set net:max-retries 1
set cmd:fail-exit true
set ftp:sync-mode true
set ftp:use-site-utime false
set net:connection-limit 1
open 10.0.0.2
set net:socket-bind-ipv4 172.17.0.2
site SBD=(IBM-278,ISO8859-1)
site LRECL=240
site RECFM=FB
put -a /var/tmp/vidare_tmp.21077.21504tina1399629722_00b996a43ed577108682
-o \'BQY0P.QY300A10.FEFI(+1)\'



and the resulting log:


 Resolving host address...
 1 address found: 10.0.0.2
 Connecting to 10.0.0.2 (10.0.0.2) port 21
<--- 220 blaha FTP Proxy, Authorized use only, use user@host to login
---> USER US0@MVS3
<--- 331-TCPFTPD1 IBM FTP CS V1R13 at mvs3ibm.sys.bla.ha, 10:02:08 on
2014-05-09.
<--- 331-Connection will close if idle for more than 5 minutes.
<--- 331 Send password please.
<--- 230 US0 is logged on.  Working directory is "US0.".
---> PWD
<--- 257 "'US0.'" is working directory.
---> TYPE I
<--- 200 Type set to I
---> SITE SBD=(IBM-278,ISO8859-1)
200 SITE command was accepted
---> SITE LRECL=240
200 SITE command was accepted
---> SITE RECFM=FB
200-BLOCKSIZE must be a multiple of LRECL for RECFM FB
200-BLOCKSIZE being set to 6000
200 SITE command was accepted
---> TYPE A
<--- 200 Type set to A
---> PASV
<--- 227 Entering Passive Mode (10.0.0.2,201,78)
 Connecting data socket to (10.0.0.2) port 51534
 Data connection established
---> ALLO 4579
<--- 202 ALLO not necessary, you may proceed
---> STOR 'BQY0P.QY300A10.FEFI(+1)'
<--- 125-FTP Server unable to obtain EXCLUSIVE use of
BQY0P.QY300A10.FEFI.G0100V00 which is held by: UNKNOWN  UNKNOWN  UNKNOWN
 on UNKNOWN
<--- 125 Data set BQY0P.QY300A10.FEFI.G0100V00 is not available
 Closing data socket
 Peer closed connection
 Closing control socket
 Connecting to 10.0.0.2 (10.0.0.2) port 21
<--- 220 blaha FTP Proxy, Authorized use only, use user@host to login
---> USER US0@MVS3
<--- 331-TCPFTPD1 IBM FTP CS V1R13 at mvs3ibm.sys.bla.ha, 10:02:38 on
2014-05-09.
<--- 331-Connection will close if idle for more than 5 minutes.
<--- 331 Send password please.
<--- 230 US0 is logged on.  Working directory is "US0.".
---> TYPE I
<--- 200 Type set to I
---> SIZE 'BQY0P.QY300A10.FEFI(+1)'
<--- 501 command aborted -- FTP server not configured for SIZE
---> TYPE A
copy: put rolled back to 0, seeking get accordingly
<--- 200 Type set to A
---> PASV
<--- 227 Entering Passive Mode (10.0.0.2,202,240)
 Connecting data socket to (10.0.0.2) port 51952
 Data connection established
---> STOR 'BQY0P.QY300A10.FEFI(+1)'
<--- 125 Storing data set BQY0P.QY300A10.FEFI.G0100V00
 Closing data socket
<--- 250 Transfer completed successfully.
---> QUIT
 Closing control socket



As you can see, the SITE commands are not sent again after the second login
has been made after the connection loss.

Is there a way I can disable the reconnection and instead have LFTP fail
with non-zero result when the connection gets dropped? I would really
appreciate that.
It’s IBM on a mainframe I’m talking to. They are a bank. They don’t care
that they violate the RFC. We are their only customer that has issues with
this.



Thanks!

Mattias
___
lftp mailing list
lftp@uniyar.ac.ru
http://univ.uniyar.ac.ru/mailman/listinfo/lftp

Re: [lftp] lftp and patterns

2014-06-10 Thread Tilo.Muetze 
Sorry I’ve forgot to mention, that we’re mostly using SFTP and FTPS (FTP only 
in rare cases).

From: Mütze, Tilo, NMD-C4.2
Sent: Tuesday, June 10, 2014 10:41 AM
To: 'Alexander Lukyanov'
Cc: Lista LFTp
Subject: RE: [lftp] lftp and patterns

Hi Alexander,
yep, we’ve already tried cls before. But regarding the exit code, it works the 
same as ls.

Exit code are an indicator if something went wrong and with lftp you have a 
strong partner as you can use “||” and “&&” to combine commands and exit with a 
specific return code, e.g. if there is no data. So to us it makes much sense, 
to have a possibility in lftp to check for patterns and end ls command with an 
error code, if no files are found.

Thanks and regards,
Tilo

From: Alexander Lukyanov [mailto:lavv...@gmail.com]
Sent: Friday, June 06, 2014 6:00 PM
To: Mütze, Tilo, NMD-C4.2
Cc: Lista LFTp
Subject: Re: [lftp] lftp and patterns

Which backend protocol do you use? If ftp, then ls arguments are wholly passed 
to server side as LIST argument. If other protocols, then most probably you may 
only specify a directory to list.

There is another command - cls - which handles arguments locally and provides 
better functionality compared with plain "ls". Try it. Exit code may be not 
that you want though.

2014-04-15 17:27 GMT+04:00 
mailto:tilo.mue...@bertelsmann.de>>:
Hi,
is it somehow possible, to list files by using a pattern like:
ls *.csv
dir *.csv

And if no files are found, exit that ls or dir command with an exit code <> 0?

Regards,
Tilo


___
lftp mailing list
lftp@uniyar.ac.ru
http://univ.uniyar.ac.ru/mailman/listinfo/lftp



--
   Alexander.
___
lftp mailing list
lftp@uniyar.ac.ru
http://univ.uniyar.ac.ru/mailman/listinfo/lftp