On Jun 12, 2014, at 20:55, Szépe Viktor <vik...@szepe.net> wrote: > Your software is very tricky. After --with-ssl=yes openssl is not denoted (in > the bottom line) but doing some TLS operation!
Stripping symbols from the lftp binary can cause the openssl version information to go missing from the version output. > Could you test it and fix it? An example hostname is s1.tarhelydiktator.eu > With set ftp:ssl-force yes you won't reach the password prompt. It appears the server is at fault here and lftp is working properly. Only the ftp server's administrator could fix this. Possibly a necessary intermediate certificate was left out. $ openssl s_client -connect s1.tarhelydiktator.eu:21 -starttls ftp CONNECTED(00000003) depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = s1.tarhelydiktator.eu verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = s1.tarhelydiktator.eu verify error:num=27:certificate not trusted verify return:1 depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = s1.tarhelydiktator.eu verify error:num=21:unable to verify the first certificate verify return:1 Also fails with curl compiled with NSS: $ curl -v --ssl-reqd ftp://s1.tarhelydiktator.eu/ [...] > AUTH SSL < 234 AUTH SSL successful * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * Server certificate: * subject: CN=s1.tarhelydiktator.eu,OU=PositiveSSL,OU=Domain Control Validated * start date: Jun 07 00:00:00 2014 GMT * expire date: Jun 07 23:59:59 2015 GMT * common name: s1.tarhelydiktator.eu * issuer: CN=PositiveSSL CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB * NSS error -8179 (SEC_ERROR_UNKNOWN_ISSUER) * Peer's Certificate issuer is not recognized. * Closing connection 0 curl: (60) Peer's Certificate issuer is not recognized. To sum up, in my testing: cl01.webspacecontrol.com: openssl: OK gnutls: OK nss: OK eu1.solid-hosting.net openssl: OK gnutls: fails nss: OK s1.tarhelydiktator.eu openssl: fails nss: fails gnutls: fails Not a fault of lftp in either case. _______________________________________________ lftp mailing list lftp@uniyar.ac.ru http://univ.uniyar.ac.ru/mailman/listinfo/lftp
