[lftp] LFTP with SSL compilation
Hi Team, I am trying to compile LFTP with SSL options ... Getting below error :- OS :- Red Hat Enterprise Linux AS release 4 (Nahant Update 6) 64BIT COmmand :- ./configure --with-openssl=/lib libtool: link: unsupported hardcode properties libtool: link: See the libtool documentation for more information. libtool: link: Fatal configuration error. make[1]: *** [proto-http.la] Error 1 make[1]: Leaving directory `/var/tmp/lftp-sls/lftp-4.3.2/src' make: *** [all-recursive] Error 1 LFTP version :- lftp-4.3.2 [root@vcosxawa0s lftp-4.3.2]# rpm -qa | grep ssl openssl-devel-0.9.7a-43.17.el4_6.1.i386 openssl-0.9.7a-43.17.el4_6.1.i686 xmlsec1-openssl-1.2.6-3.i386 mod_ssl-2.0.52-38.ent.2.i386 openssl096b-0.9.6b-22.46.i386 [root@vcosxawa0s lftp-4.3.2]# [root@vcosxawa0s lftp-4.3.2]# /usr/bin/g++ -v Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/3.2.3/specs Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --disable-checking --with-system-zlib --enable-__cxa_atexit --enable-languages=c,c++ --disable-libgcj --host=i386-redhat-linux Thread model: posix gcc version 3.2.3 20030502 (Red Hat Linux 3.2.3-47.3) g++32: no input files [root@vcosxawa0s lftp-4.3.2] Please let me know if i am doing something wrong ... Thanks Amar ___ lftp mailing list lftp@uniyar.ac.ru http://univ.uniyar.ac.ru/mailman/listinfo/lftp
Configure LFTP with SSL
Hello Alexander and the LFTP team, I'd like to use https with the lftp client. I configured the client key and the client certificate (s. settings below). But while requesting a data I get a warning: "Certificate verification: Not trusted " and then "Access failed: 401 Unauthorized". here is an example: lftp :~> open https://door08:2880/file -d Connecting to door08 (131..xx.xx) port 2880 gnutls_certificate_set_x509_key_file(/home/myCertificate/usercert.pem,/home/myCertificate/userkey.pem): Base64 unexpected header error. Sending request... ---> HEAD /file HTTP/1.1 ---> Host: dcache-door-desy08:2880 ---> User-Agent: lftp/3.6.3 ---> Accept: */* ---> Connection: keep-alive ---> Certificate: C=DE,O=xxx,OU=xxx,CN=host/door08 Issued by: C=DE,O=xxx,CN=xxx-CA WARNING: Certificate verification: Not trusted <--- HTTP/1.1 401 Unauthorized <--- WWW-Authenticate: Basic realm="null" <--- Transfer-Encoding: chunked <--- Server: Jetty(7.0.1.v20091125) <--- cd: Access failed: 401 Unauthorized (/file) Closing idle connection Closing HTTP connection My settings in ~/.lftp/rc are: set ssl:cert-file /home/myCertificate/usercert.pem set ssl:key-file /home/myCertificate/userkey.pem set ftp:ssl-force yes set ftp:ssl-protect-data yes set ftp:ssl-allow yes set ftp:ssl-allow-anonymous no set ftp:ssl-auth TLS set ssl:check-hostname no set ssl:verify-certificate no I also tried to run ./configure --without-gnutls --with-openssl, but without any success. I had the same result:WARNING: Certificate verification: Not trusted, Closing HTTP connection get1: Access failed: 401 Unauthorized (/). How can I solve this issue? Thank you, Tanja -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
Compiling lftp with SSL
I've tried, and I've looked. I'm not a linux guru at any stretch of the imagination. But, to the best of my understanding, if you have SSL installed, then compile LFTP, it should include it. However, when I use a set ftp:ssl-force true command, I get ftp:ssl-force: no such variable. Use `set -a' to look at all variables. Which makes me wonder if I messed up someplace. Help me, please. -Dave Weiser
Re: possible bug on lftp with ssl on port 990
On Mon, Sep 17, 2007 at 09:56:38AM +0200, Andreas John wrote: > >>With GNUTLS: > >>ls: Fataler Fehler: gnutls_handshake: A TLS packet with unexpected > >>length was received. > > > >Newer versions of lftp handle this error properly too. Upgrade. > > I could swear this happend with lftp_3.5.14-1_i386 (debian unstable) Probably it is another case when this error message appears. The case which was fixed was emitting that error message on receiving eof on data connection. -- Alexander.
Re: possible bug on lftp with ssl on port 990
Dobry. Alexander V. Lukyanov wrote: On Fri, Sep 14, 2007 at 05:58:49PM +0200, Andreas John wrote: Alexander V. Lukyanov schrieb: On Fri, Sep 14, 2007 at 03:11:30PM +0200, Andreas John wrote: 2.) It does not set "PROT P": Try: set ftps:initial-prot "" Yay, that worked! Merci! (I do not really understand why, but that doesnt matter - ssl ftp is very rare ocurrance anyway). You have an old version lftp, newer ones have this setting by default. It means that initial PROT state is undefined and lftp always issues the PROT command. With GNUTLS: ls: Fataler Fehler: gnutls_handshake: A TLS packet with unexpected length was received. Newer versions of lftp handle this error properly too. Upgrade. I could swear this happend with lftp_3.5.14-1_i386 (debian unstable) which is the lastest stable lftp version. Should that be fixed in that version? If interested, I would test, if not I will not touch the working setup :) Best Regards, Andreas
Re: possible bug on lftp with ssl on port 990
On Fri, Sep 14, 2007 at 05:58:49PM +0200, Andreas John wrote: > Alexander V. Lukyanov schrieb: > > On Fri, Sep 14, 2007 at 03:11:30PM +0200, Andreas John wrote: > >> 2.) It does not set "PROT P": > > > > Try: > > set ftps:initial-prot "" > > Yay, that worked! Merci! (I do not really understand why, but that > doesnt matter - ssl ftp is very rare ocurrance anyway). You have an old version lftp, newer ones have this setting by default. It means that initial PROT state is undefined and lftp always issues the PROT command. > With GNUTLS: > ls: Fataler Fehler: gnutls_handshake: A TLS packet with unexpected > length was received. Newer versions of lftp handle this error properly too. Upgrade. -- Alexander.
Re: possible bug on lftp with ssl on port 990
On Fri, Sep 14, 2007 at 03:11:30PM +0200, Andreas John wrote: > 2.) It does not set "PROT P": Try: set ftps:initial-prot "" -- Alexander.
possible bug on lftp with ssl on port 990
Hello, If I connect via ftps://user:[EMAIL PROTECTED]:990 with "set ftp:ssl-protect-list yes" I get the following error from the server: <--- 200 Port command successful ---> LIST <--- 550 PROT P required Schließe den Daten Socket ls: Zugriff nicht möglich: 550 PROT P required Indeed the debug log says, that 1.) WARNING: Certificate verification: self signed certificate (should be not a problem) 2.) It does not set "PROT P": <--- 220 Welcome! ---> USER masked <--- 331 Password required for cssccext ---> PASS <--- 230 Logged on ---> PWD <--- 257 "/" is current directory. ---> PBSZ 0 <--- 200 PBSZ=0 ---> PORT 137,235 <--- 200 Port command successful ---> LIST <--- 550 PROT P required Schließe den Daten Socket ls: Zugriff nicht möglich: 550 PROT P required But I thought "set ftp:ssl-protect-list yes" exactly does that? Windows-based FTPS clients (with are compiled on openssl win) work fine with the server. This happens no matter if I compile with openssl or gnutls. 3.5.14 Version: LFTP | Version 3.5.14 | Copyright (c) 1996-2006 Alexander V. Lukyanov Any idea? best rgds, Andreas set -a set bmk:auto-sync yes set bmk:save-passwords no set cache:cache-empty-listings no set cache:enable yes set cache:expire 60m set cache:expire-negative 1m set cache:size 1048576 set cmd:at-exit "" set cmd:cls-completion-default -FB set cmd:cls-default -F set cmd:csh-history off set cmd:default-protocol ftps set cmd:default-title "lftp \\h:\\w" set cmd:fail-exit no set cmd:interactive no set cmd:long-running 30 set cmd:ls-default "" set cmd:move-background yes set cmd:parallel 1 set cmd:prompt "lftp \\S\\? [EMAIL PROTECTED]:\\w> " set cmd:queue-parallel 1 set cmd:remote-completion on set cmd:save-cwd-history yes set cmd:save-rl-history yes set cmd:set-term-status no set cmd:status-interval 0.8s set cmd:term-status "" set cmd:term-status/*rxvt* "\\e[11;0]\\e]2;\\T\\007\\e[11]" set cmd:term-status/*screen* \\e_\\T\\e\\ set cmd:term-status/*xterm* "\\e[11;0]\\e]2;\\T\\007\\e[11]" set cmd:time-style "%b %e %Y|%b %e %H:%M" set cmd:trace no set cmd:verbose no set cmd:verify-host no set cmd:verify-path yes set cmd:verify-path-cached no set color:dir-colors "" set color:use-color auto set dns:SRV-query no set dns:cache-enable yes set dns:cache-expire 1h set dns:cache-size 256 set dns:fatal-timeout 7d set dns:max-retries 1000 set dns:order "inet6 inet" set dns:use-fork yes set file:charset ISO-8859-15 set fish:charset "" set fish:connect-program "ssh -a -x" set fish:shell /bin/sh set ftp:abor-max-wait 15s set ftp:acct "" set ftp:anon-pass lftp@ set ftp:anon-user anonymous set ftp:auto-passive-mode yes set ftp:auto-sync-mode "icrosoft FTP Service|MadGoat" set ftp:bind-data-socket yes set ftp:charset "" set ftp:client lftp/3.5.14 set ftp:device-prefix no set ftp:fix-pasv-address yes set ftp:fxp-force no set ftp:fxp-passive-source no set ftp:fxp-passive-sscn yes set ftp:home "" set ftp:ignore-pasv-address no set ftp:lang "" set ftp:list-empty-ok no set ftp:list-options "" set ftp:nop-interval 20 set ftp:passive-mode off set ftp:port-ipv4 "" set ftp:port-range full set ftp:proxy "" set ftp:proxy-auth-joined no set ftp:rest-list no set ftp:rest-stor yes set ftp:retry-530 "too many|overloaded|try (again |back )?later|is restricted to|maximum number|number of connect|only.*session.*allowed|more connection" set ftp:retry-530-anonymous "Login incorrect" set ftp:site-group "" set ftp:skey-allow yes set ftp:skey-force no set ftp:ssl-allow yes set ftp:ssl-allow-anonymous no set ftp:ssl-auth SSL set ftp:ssl-data-use-keys yes set ftp:ssl-force no set ftp:ssl-protect-data yes set ftp:ssl-protect-fxp yes set ftp:ssl-protect-list yes set ftp:ssl-use-ccc no set ftp:stat-interval 1 set ftp:sync-mode on set ftp:sync-mode/ftp.idsoftware.com on set ftp:sync-mode/ftp.microsoft.com on set ftp:sync-mode/sunsolve.sun.com on set ftp:timezone GMT set ftp:use-abor yes set ftp:use-allo yes set ftp:use-feat off set ftp:use-fxp yes set ftp:use-hftp yes set ftp:use-mdtm yes set ftp:use-mdtm-overloaded no set ftp:use-mlsd no set ftp:use-pret yes set ftp:use-quit yes set ftp:use-site-chmod yes set ftp:use-site-idle no set ftp:use-site-utime no set ftp:use-size yes set ftp:use-stat yes set ftp:use-telnet-iac yes set ftp:verify-address no set ftp:verify-port no set ftp:web-mode off set ftps:initial-prot P set hftp:cache yes set hftp:cache-control "" set hftp:proxy "" set hftp:use-authorization yes set hftp:use-head yes set hftp:use-mkcol no set hftp:use-propfind no set hftp:use-type yes set http:accept */* set http:accept-charset "" set http:accept-language "" set http:authorization "" set http:cache yes set http:cache-control "" set http:cookie "" set http:post-content-type application/x-www-form-urlencoded set http:proxy "" set http:put-content-type "" set http:put-method PUT set http:referer "" set http:set-cookies no set http:use-mkcol yes set http:use-propfind no set http:user-agent lftp/3.5.14 set https:proxy "" set mirror:dereference n
problems compiling lftp with ssl on Tru64 Unix
Title: problems compiling lftp with ssl on Tru64 Unix I am trying to compile lftp with ssl enabled on Tru64. Here is the output from the make command: # make No suffix list. Making all in include No suffix list. make all-am No suffix list. Making all in readline-4.3 Making all in lib if gcc -DHAVE_CONFIG_H -I. -I. -I../include -I../include -I/usr/local/include -O2 -Wall -MT getopt.o -MD -MP -MF ".deps/getopt.Tpo" -c -o getopt.o getopt.c; then mv -f ".deps/getopt.Tpo" ".deps/getopt.Po"; else rm -f ".deps/getopt.Tpo"; exit 1; fi In file included from /usr/include/sys/socket.h:64, from ../include/post-config.h:86, from ../include/config.h:536, from getopt.c:31: /usr/include/sys/uio.h:177:22: macro "readv" requires 3 arguments, but only 1 given /usr/include/sys/uio.h:178:23: macro "writev" requires 3 arguments, but only 1 given *** Exit 1 Stop. *** Exit 1 Stop. # Does anyone have any suggestions on a resolution for this problem? Thanks, Dawn Urey PGI Systems and Site Support Manager (919)874-9512 PGI Internet E-mail Confidentiality Please note: This message may contain information which is privileged and confidential. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you believe you have received this message in error, please forward to [EMAIL PROTECTED] Confidencialidad de Correo Electronico de PGI Nota: Este mensaje puede contener informacion privilegiada y confidencial. Si usted no es el destinatario, esta notificado que cualquier diseminacion, distribucion o copia de esta comunicacion esta estrictamente prohibida. Si usted cree que ha recibido este mensaje por error, por favor reenvielo a [EMAIL PROTECTED] (Informacion intencionalmente sin acentos) PGI Internet E-mail Confidentiality Please note: This message may contain information which is privileged and confidential. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you believe you have received this message in error, please forward to [EMAIL PROTECTED] Confidencialidad de Correo Electronico de PGI Nota: Este mensaje puede contener informacion privilegiada y confidencial. Si usted no es el destinatario, esta notificado que cualquier diseminacion, distribucion o copia de esta comunicacion esta estrictamente prohibida. Si usted cree que ha recibido este mensaje por error, por favor reenvielo a [EMAIL PROTECTED] (Informacion intencionalmente sin acentos)
problems compiling lftp with ssl on Tru64 Unix
Title: problems compiling lftp with ssl on Tru64 Unix I am trying to compile lftp with ssl enabled on Tru64. Here is the output from the make command: # make No suffix list. Making all in include No suffix list. make all-am No suffix list. Making all in readline-4.3 Making all in lib if gcc -DHAVE_CONFIG_H -I. -I. -I../include -I../include -I/usr/local/include -O2 -Wall -MT getopt.o -MD -MP -MF ".deps/getopt.Tpo" -c -o getopt.o getopt.c; then mv -f ".deps/getopt.Tpo" ".deps/getopt.Po"; else rm -f ".deps/getopt.Tpo"; exit 1; fi In file included from /usr/include/sys/socket.h:64, from ../include/post-config.h:86, from ../include/config.h:536, from getopt.c:31: /usr/include/sys/uio.h:177:22: macro "readv" requires 3 arguments, but only 1 gi ven /usr/include/sys/uio.h:178:23: macro "writev" requires 3 arguments, but only 1 g iven *** Exit 1 Stop. *** Exit 1 Stop. # Does anyone have any suggestions on a resolution for this problem? Thanks, Dawn Urey PGI Systems and Site Support Manager (919)874-9512 PGI Internet E-mail Confidentiality Please note: This message may contain information which is privileged and confidential. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you believe you have received this message in error, please forward to [EMAIL PROTECTED] Confidencialidad de Correo Electronico de PGI Nota: Este mensaje puede contener informacion privilegiada y confidencial. Si usted no es el destinatario, esta notificado que cualquier diseminacion, distribucion o copia de esta comunicacion esta estrictamente prohibida. Si usted cree que ha recibido este mensaje por error, por favor reenvielo a [EMAIL PROTECTED] (Informacion intencionalmente sin acentos)
Installing lftp with ssl - where are the ssl librares?
Where are usually the librares of open ssl in a linux system installed? Because I don't know what path I should specify in the lftp configure: --with-ssl=/pathuse SSL at /path Should I change that path within the configure file or run it like that: ./configure --with-ssl=/path ak
Re: lftp with ssl
On Thu, Jan 16, 2003 at 04:29:10PM -0500, jpiszcz wrote: > Certificate depth: 0; subject: /CN=foo; issuer: /CN=foo > WARNING: Certificate verification: self signed certificate > Is this normal when connecting to an FTP-SSL server? Yes, this is normal when the server provides a self signed certificate. -- Alexander. | http://www.yars.free.net/~lav/
Re: lftp with ssl
Certificate depth: 0; subject: /CN=foo; issuer: /CN=foo WARNING: Certificate verification: self signed certificate Is this normal when connecting to an FTP-SSL server? Alexander V. Lukyanov wrote: On Thu, Jun 27, 2002 at 11:34:52AM -0300, Jørn wrote: Just FYI, let me show what smartftp says: Resolving host name host... Connecting to (host). Connected to (host) -> IP: x.x.x.x PORT: 990. Socket connected waiting for login sequence. 220 ftp server ready AUTH SSL 234 AUTH SSL successful Try in lftp: open ftp://x.x.x.x:990 It is not ftps protocol, because it requires AUTH command before etablishing secure connection.
Re: lftp with ssl
On Thu, Jun 27, 2002 at 11:34:52AM -0300, Jørn wrote: > Just FYI, let me show what smartftp says: > > Resolving host name host... > Connecting to (host). > Connected to (host) -> IP: x.x.x.x PORT: 990. > Socket connected waiting for login sequence. > 220 ftp server ready > AUTH SSL > 234 AUTH SSL successful Try in lftp: open ftp://x.x.x.x:990 It is not ftps protocol, because it requires AUTH command before etablishing secure connection. -- Alexander.
Re: lftp with ssl
Just FYI, let me show what smartftp says: Resolving host name host... Connecting to (host). Connected to (host) -> IP: x.x.x.x PORT: 990. Socket connected waiting for login sequence. 220 ftp server ready AUTH SSL 234 AUTH SSL successful Connected. Exchanging encryption keys... SSL encrypted session established. PBSZ 0 200 PBSZ 0 successful USER user 331 Password required for user. PASS (hidden) 230 user user logged in SYST 215 UNIX Type: L8 FEAT 500 FEAT not understood. REST 100 350 Restarting at 100. Send STORE or RETRIEVE to initiate transfer. REST 0 350 Restarting at 0. Send STORE or RETRIEVE to initiate transfer. PWD 257 "/home/user" is current directory. TYPE A 200 Type set to A. PROT P 200 Protection set to Private PASV 227 Entering Passive Mode (x,x,x,x,193,1). LIST -aL Opening data connection IP: x.x.x.x PORT: 49409. 150 Opening ASCII mode data connection for file list Connected. Exchanging encryption keys... SSL encrypted session established. 39286 bytes received successfully. (19.18 KBps) (00:00:02). 226 Transfer complete. On Thu, 27 Jun 2002 11:18:54 -0300 Jørn <[EMAIL PROTECTED]> wrote: > Mr. Lukyanov: > > (sorry for my continuous messages, hope it's ok) > > For some reason I haven't been able to get lftp to work with ftps > (ftp over ssl on port 990). > > I'm using openssl 0.9.6b, and have compiled lftp with that. > > It seems that I can connect successfully with some other ftp clients > (including smartftp for windows). > > Here's what lftp says: > > lftp :~> version > Lftp | Version 2.5.4 | Copyright (c) 1996-2002 Alexander V. Lukyanov > This is free software with ABSOLUTELY NO WARRANTY. See COPYING for details. > Send bug reports and questions to <[EMAIL PROTECTED]>. > lftp :~> open ftps://user:pass@host > Resolving host address... > 1 address found > lftp user@host:~> ls > Connecting to host (x.x.x.x) port 990 > Closing control socket > ls: Fatal error: SSL connect: error:140770FC:SSL >routines:SSL23_GET_SERVER_HELLO:unknown protocol > lftp user@host:~> > > I'm wondering if there's some kind of ssl version confusion happening > there..? > Are there some ~/.lftp/rc setup that have to be in place..? > Is it some kind of implicit vs. explicit ssl issue? > > Otherwise, I'm entirely an lftp user now; thanks for the great software; > please keep up the good work. -- J ø r n P o u l s e n <[EMAIL PROTECTED]> Nova Scotia, Canada · Jylland, Danmark
lftp with ssl
Mr. Lukyanov: (sorry for my continuous messages, hope it's ok) For some reason I haven't been able to get lftp to work with ftps (ftp over ssl on port 990). I'm using openssl 0.9.6b, and have compiled lftp with that. It seems that I can connect successfully with some other ftp clients (including smartftp for windows). Here's what lftp says: lftp :~> version Lftp | Version 2.5.4 | Copyright (c) 1996-2002 Alexander V. Lukyanov This is free software with ABSOLUTELY NO WARRANTY. See COPYING for details. Send bug reports and questions to <[EMAIL PROTECTED]>. lftp :~> open ftps://user:pass@host Resolving host address... 1 address found lftp user@host:~> ls Connecting to host (x.x.x.x) port 990 Closing control socket ls: Fatal error: SSL connect: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol lftp user@host:~> I'm wondering if there's some kind of ssl version confusion happening there..? Are there some ~/.lftp/rc setup that have to be in place..? Is it some kind of implicit vs. explicit ssl issue? Otherwise, I'm entirely an lftp user now; thanks for the great software; please keep up the good work. -- J ø r n P o u l s e n <[EMAIL PROTECTED]> Nova Scotia, Canada · Jylland, Danmark