Re: [lftp] Certificate validation confusion
Yes, that would be good. пт, 16 мар. 2018 г. в 10:08, Manfred Lotz : > On Thu, 15 Mar 2018 21:58:17 + > Alexander Lukyanov wrote: > > > I think the name of your certificate was recognized as a false value. > > The ssl:verify-certificate setting expacts a boolean value (true, > > false, yes, no, on, off, 1, 0). > > > > Yes, you are right. My fault. Actually the file name started with a > letter 'F'. > > But why doesn't ResMgr.cc check boolean values more thoroughly? > > I think values should be either the full value or a single letter, and > case-insensitive. For instance: f,F, false and any lower/upper case > combination of 'false'. Something like: ftp.certificate should give an > "Invalid boolean value". > > Then specyfing a filename would have given a warning. > > What do you think. > > > -- > Manfred > ___ > lftp mailing list > lftp@uniyar.ac.ru > http://univ.uniyar.ac.ru/mailman/listinfo/lftp > ___ lftp mailing list lftp@uniyar.ac.ru http://univ.uniyar.ac.ru/mailman/listinfo/lftp
Re: [lftp] Certificate validation confusion
On Thu, 15 Mar 2018 21:58:17 + Alexander Lukyanov wrote: > I think the name of your certificate was recognized as a false value. > The ssl:verify-certificate setting expacts a boolean value (true, > false, yes, no, on, off, 1, 0). > Yes, you are right. My fault. Actually the file name started with a letter 'F'. But why doesn't ResMgr.cc check boolean values more thoroughly? I think values should be either the full value or a single letter, and case-insensitive. For instance: f,F, false and any lower/upper case combination of 'false'. Something like: ftp.certificate should give an "Invalid boolean value". Then specyfing a filename would have given a warning. What do you think. -- Manfred ___ lftp mailing list lftp@uniyar.ac.ru http://univ.uniyar.ac.ru/mailman/listinfo/lftp
[lftp] Certificate validation confusion
Hi there, I have an ftps server on z/OS. The ftps server certificate is signed by the company's internal CA. On the client side this is a Fedora 27 system with lftp 4.8.3 First the two case which works fine (and which I understand). 1. I have set set ftp:ssl-force true set ftp:ssl_auth tls No certificate specified, no certificate installed in the Linux system and I get: ERROR: Certificate verification: Not trusted (66:7C and the connection will be closed. 2. Same as 1. but now I have copied the root certificate of the company's internal CA into /etc/pki-ca-trust-source/anchor/ directory and I have run sudo update-ca-trust This time the ftp server's certificate can be validated and things are fine. Now the case I don't understand: I have set: set ftp:ssl-force true set ftp:ssl_auth tls set ssl:verify-certificate ZOS_SELF_SIGNED where ZOS_SELF_SIGNED is just a self signed certificate in PEM format created on the z/OS system. Now I get WARNING: Certificate verification: Not trusted (66:7C and I can list files on the remote site and download files from the remote site. Question: Why do I get a warning only? I had expected to get an error here. -- Thanks, Manfred ___ lftp mailing list lftp@uniyar.ac.ru http://univ.uniyar.ac.ru/mailman/listinfo/lftp
