Package: vsftpd
Version: 3.0.2-17
Severity: important
Dear Maintainer,
* What led up to the situation?
I started using a TLS certificate by STARTSSL instead of a self-signed one.
* What exactly did you do (or not do) that was effective (or
ineffective)?
Check the certificate's validity with openssl and using it successfully
with nginx.
* What was the outcome of this action?
Openssl correctly validates the certificate, nginx works with said
certificate but vsftpd daemon won't start and just outputs '500 OOPS: SSL:
cannot load RSA certificate.'
* What outcome did you expect instead?
Vsftpd should work with said valid TLS certificate.
-- Package-specific info:
-- System Information:
Debian Release: 8.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages vsftpd depends on:
ii adduser3.113+nmu3
pn debconf | debconf-2.0 none
ii dialog 1.2-20140911-1
ii init-system-helpers1.22
pn libc6 none
ii libcap21:2.24-8
ii libpam-modules 1.1.8-3.1
ii libpam0g 1.1.8-3.1
ii libssl1.0.01.0.1k-3+deb8u1
ii libwrap0 7.6.q-25
ii netbase5.3
Versions of packages vsftpd recommends:
ii logrotate 3.8.7-1+b1
ii ssl-cert 1.0.35
vsftpd suggests no packages.
-- Configuration Files:
listen=YES
listen_port=4
pasv_enable=YES
pasv_min_port=40222
pasv_max_port=40224
listen_address=192.168.1.150
listen_ipv6=NO
#listen_address6=
implicit_ssl=YES
ssl_enable=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=YES
ssl_ciphers=HIGH:!aNULL:!MD5:!SHA1:!EXPORT
#rsa_private_key_file=/etc/vsftpd_KEY.key;
rsa_cert_file=/etc/vsftpd_CERT.pem;
force_local_data_ssl=YES
force_local_logins_ssl=YES
strict_ssl_read_eof=YES
require_ssl_reuse=YES
async_abor_enable=YES
allow_anon_ssl=NO
use_sendfile=YES
banner_file=/etc/FTP_banner
local_max_rate=90
#--- LOGIN --
max_clients=6
accept_timeout=10
connect_timeout=10
data_connection_timeout=300
delay_failed_login=5
max_login_fails=3
#--- LOGGING -
log_ftp_protocol=YES
debug_ssl=NO
dual_log_enable=YES
syslog_enable=NO
vsftpd_log_file=/var/log/vsftpd.log
xferlog_enable=YES
setproctitle_enable=NO
#--- PERMISSIONS
write_enable=NO
hide_ids=YES
ls_recurse_enable=NO
chmod_enable=NO
file_open_mode=0666
local_umask=002
force_dot_files=YES
dirmessage_enable=NO
lock_upload_files=YES
deny_file={TEMP,lost+found,avviare}
hide_file={TEMP,lost+found,avviare}
#--- USERS --
guest_enable=NO
anonymous_enable=NO
session_support=NO
local_enable=YES
pam_service_name=ftp
user_config_dir=/etc/vsftpd_userconf
userlist_enable=NO
userlist_file=/etc/vsftpd_userconf/allowed_usrs
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd_userconf/non_chroot_users
passwd_chroot_enable=YES
local_root=/mnt/storage
-- debconf information:
vsftpd/username: ftp
vsftpd/directory: /srv/ftp
